Jump to content

JoeyT

Members
  • Content Count

    32
  • Joined

  • Last visited

Posts posted by JoeyT


  1. I checked my MSE history and it found a Trojan: WinNT/Ramnit.gen!A last night. I'll run a scan now to check. But it couldn't delete it. This is the error message:

    Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.


  2. Done the restart. All looks well so far (opened this site easily). Roguekiller came back good (i think):

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Scan -- Date: 07/14/2012 10:29:35

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[26].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

    RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;

    RKreport[24].txt ; RKreport[25].txt ; RKreport[26].txt ; RKreport[2].txt ; RKreport[3].txt ;

    RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;

    RKreport[9].txt

    Just running a full scan MBAM for a final check. Also could you give me some info on how to and which antimalware programs I can uninstall and which logs etc I can get rid off. Thanks so much


  3. option are:

    • list of found threats
    • manage quaratine

    Select uninstall if you want to remove all ESET Online Scneer files from yourcomputer. The next time you run the ESET Online Scanner, they will need to be downloaded again

    • unistall application on close
    • delete quarantined files


  4. sorry for the long wait. Finally finished the scan. Found 7 infected files and cleaned 6. It is currently on the end screen which gives the option to manage quaratine (I haven't done/do know what to do). here is the log:

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner64.ocx - registred OK

    OnlineScanner.ocx - registred OK

    # version=7

    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

    # OnlineScanner.ocx=1.0.0.6583

    # api_version=3.0.2

    # EOSSerial=b7ea67d7c8fed64fa0969736b6390be1

    # end=finished

    # remove_checked=true

    # archives_checked=true

    # unwanted_checked=true

    # unsafe_checked=true

    # antistealth_checked=true

    # utc_time=2012-07-13 11:30:35

    # local_time=2012-07-14 09:30:35 (+1000, E. Australia Standard Time)

    # country="Australia"

    # lang=1033

    # osver=6.1.7601 NT Service Pack 1

    # compatibility_mode=5893 16776574 100 94 2015019 93841653 0 0

    # compatibility_mode=8192 67108863 100 0 395 395 0 0

    # scanned=255282

    # found=7

    # cleaned=6

    # scan_time=10432

    C:\Qoobox\Quarantine\C\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Users\teng\Desktop\RK_Quarantine\hovcexutiovmkrtn.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Users\teng\Desktop\RK_Quarantine\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\_OTL\MovedFiles\07142012_061712\c_users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    ${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I

    .


  5. Heres the report (I didn't reboot before running this though):

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Scan -- Date: 07/14/2012 06:23:39

    ¤¤¤ Bad processes: 1 ¤¤¤

    [sUSP PATH] OTL.exe -- C:\Users\teng\Desktop\OTL.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 3 ¤¤¤

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[23].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

    RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;

    RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;

    RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


  6. This is the one I ran after the reboot. Did you want a fresh one?

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Remove -- Date: 07/14/2012 06:02:14

    ¤¤¤ Bad processes: 2 ¤¤¤

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

    [HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[22].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

    RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[2].txt ;

    RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;

    RKreport[8].txt ; RKreport[9].txt


  7. I ran the process, had to reboot and when i did reboot I had the same problem with not being able to open this page. Once again used RogueKiller (same problem as before. here's the log for the manual deletion:

    All processes killed

    Error: Unable to interpret <:Filesc:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe:Commands[EMPTYJAVA][emptytemp]> in the current context!

    OTL by OldTimer - Version 3.2.54.0 log created on 07142012_055548


  8. heres the Combofix log (running MBAM now):

    ComboFix 12-07-13.03 - teng 14/07/2012 3:51.4.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.1881 [GMT 10:00]

    Running from: c:\users\teng\Desktop\comb\ComboFix.exe

    Command switches used :: c:\users\teng\Desktop\comb\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    FILE ::

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\teng\AppData\Local\dacdwkjw.log

    c:\users\teng\AppData\Local\fvswgmnd.log

    c:\users\teng\AppData\Local\hdjurvjw

    c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe

    c:\users\teng\AppData\Local\jhlmlsnb.log

    c:\users\teng\AppData\Local\qkbydubj.log

    c:\users\teng\AppData\Local\rbimvufg.log

    c:\users\teng\AppData\Local\sxxctcia.log

    c:\users\teng\AppData\Local\uhcjuvoo.log

    c:\users\teng\AppData\Local\vtvtfqre.log

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

    2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

    2012-07-10 23:52 . 2012-07-10 23:52 90944 --s---w- c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

    2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

    2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

    2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

    2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

    2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

    2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

    2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

    2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

    2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

    2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

    2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

    2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

    2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

    2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

    2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

    2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

    2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

    2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

    2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

    2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

    2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

    2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

    2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

    2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

    2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

    2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

    2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

    2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

    1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    + 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin

    + 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 04:46 . 2012-07-13 17:18 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

    + 2012-07-13 17:02 . 2012-07-13 18:08 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin

    + 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

    - 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

    - 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll

    - 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll

    - 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

    + 2009-07-14 02:36 . 2012-07-13 17:21 648596 c:\windows\system32\perfh009.dat

    - 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

    + 2009-07-14 02:36 . 2012-07-13 17:21 118726 c:\windows\system32\perfc009.dat

    - 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

    + 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

    + 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    - 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll

    - 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll

    + 2009-07-14 04:45 . 2012-07-13 17:18 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

    - 2009-07-14 04:45 . 2012-06-21 02:53 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

    + 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat

    + 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp

    + 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

    + 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

    "Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

    "SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

    .

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    pjbhcvsk.exe [2012-7-11 90944]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

    R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

    R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

    R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

    R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

    S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

    S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

    mStart Page = hxxp://www.google.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

    TCP: DhcpNameServer = 10.1.1.1

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - google.com

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

    84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

    "??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

    "datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

    a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

    "rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2012-07-14 04:29:15

    ComboFix-quarantined-files.txt 2012-07-13 18:29

    ComboFix2.txt 2012-07-13 17:23

    ComboFix3.txt 2012-07-13 15:34

    ComboFix4.txt 2012-07-13 14:27

    .

    Pre-Run: 49,996,918,784 bytes free

    Post-Run: 49,699,430,400 bytes free

    .

    - - End Of File - - E309C808C1C3AE1BF84B1944FC721CEB


  9. here's the Combofix log:

    ComboFix 12-07-13.03 - teng 14/07/2012 3:03.3.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2018 [GMT 10:00]

    Running from: c:\users\teng\Desktop\comb\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\teng\AppData\Local\rbimvufg.log

    c:\users\teng\AppData\Local\vtvtfqre.log

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Service_Micorsoft Windows Service

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

    2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

    2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

    2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

    2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

    2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

    2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

    2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

    2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

    2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

    2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

    2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

    2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

    2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

    2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

    2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

    2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

    2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

    2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

    2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

    2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

    2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

    2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

    2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

    2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

    2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

    2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

    2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

    2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

    2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

    1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    - 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    + 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2012-07-13 17:02 . 2012-07-13 17:13 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin

    + 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

    - 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

    + 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll

    - 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll

    - 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

    + 2009-07-14 02:36 . 2012-07-13 15:53 648596 c:\windows\system32\perfh009.dat

    - 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

    + 2009-07-14 02:36 . 2012-07-13 15:53 118726 c:\windows\system32\perfc009.dat

    - 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

    + 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

    + 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    - 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    - 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll

    + 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll

    + 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat

    + 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp

    + 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

    + 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT

    + 2012-07-13 17:01 . 2012-07-13 17:02 10698752 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

    "Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

    "PjbHcvsk"="c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe" [bU]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

    "SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

    .

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    pjbhcvsk.exe [2012-7-11 90944]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "Userinit"="c:\windows\system32\userinit.exe,,c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

    R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

    R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

    R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

    R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

    S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

    S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

    "combofix"="c:\combofix\CF9285.3XE" [2010-11-20 345088]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

    mStart Page = hxxp://www.google.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

    TCP: DhcpNameServer = 10.1.1.1

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - google.com

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

    84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

    "??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

    "datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

    a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

    "rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe

    c:\windows\SysWOW64\DllHost.exe

    c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

    c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

    .

    **************************************************************************

    .

    Completion time: 2012-07-14 03:23:03 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-13 17:23

    ComboFix2.txt 2012-07-13 15:34

    ComboFix3.txt 2012-07-13 14:27

    .

    Pre-Run: 50,782,863,360 bytes free

    Post-Run: 49,932,316,672 bytes free

    .

    - - End Of File - - 53171CAA937A737E9B3C03CC668CF650


  10. I couldn't get back onto this website jsut then so had to run Roguekiller again.. Here's the log:

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Remove -- Date: 07/14/2012 03:24:54

    ¤¤¤ Bad processes: 2 ¤¤¤

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

    [HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[20].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

    RKreport[1].txt ; RKreport[20].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;

    RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


  11. ALso before after you mentioned to quickscan with MBAM I did a full scan and it found 2 suspicious objects. Not sure if this helps.

    Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.07.13.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    teng :: VAIO [administrator]

    14/07/2012 1:55:08 AM

    mbam-log-2012-07-14 (02-48-14).txt

    Scan type: Full scan (C:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 195160

    Time elapsed: 52 minute(s), 51 second(s) [aborted]

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 1

    HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Rootkit.Agent) -> No action taken.

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys (Rootkit.Agent) -> No action taken.

    (end)


  12. Heres the TDSSKiller log, I didn't delete anything (wasn't sure what to delete):

    02:50:32.0926 3148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

    02:50:33.0999 3148 ============================================================

    02:50:33.0999 3148 Current date / time: 2012/07/14 02:50:33.0999

    02:50:33.0999 3148 SystemInfo:

    02:50:33.0999 3148

    02:50:33.0999 3148 OS Version: 6.1.7601 ServicePack: 1.0

    02:50:33.0999 3148 Product type: Workstation

    02:50:33.0999 3148 ComputerName: VAIO

    02:50:34.0000 3148 UserName: teng

    02:50:34.0000 3148 Windows directory: C:\Windows

    02:50:34.0000 3148 System windows directory: C:\Windows

    02:50:34.0000 3148 Running under WOW64

    02:50:34.0000 3148 Processor architecture: Intel x64

    02:50:34.0000 3148 Number of processors: 8

    02:50:34.0000 3148 Page size: 0x1000

    02:50:34.0000 3148 Boot type: Normal boot

    02:50:34.0000 3148 ============================================================

    02:50:34.0722 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    02:50:34.0748 3148 ============================================================

    02:50:34.0748 3148 \Device\Harddisk0\DR0:

    02:50:34.0748 3148 MBR partitions:

    02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40000, BlocksNum 0x32000

    02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72000, BlocksNum 0x38413830

    02:50:34.0749 3148 ============================================================

    02:50:34.0830 3148 C: <-> \Device\Harddisk0\DR0\Partition1

    02:50:34.0831 3148 ============================================================

    02:50:34.0831 3148 Initialize success

    02:50:34.0831 3148 ============================================================

    02:51:04.0705 2060 ============================================================

    02:51:04.0705 2060 Scan started

    02:51:04.0705 2060 Mode: Manual; SigCheck; TDLFS;

    02:51:04.0705 2060 ============================================================

    02:51:05.0379 2060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

    02:51:05.0551 2060 1394ohci - ok

    02:51:05.0682 2060 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    02:51:05.0716 2060 ACDaemon - ok

    02:51:05.0792 2060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

    02:51:05.0827 2060 ACPI - ok

    02:51:05.0880 2060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

    02:51:05.0974 2060 AcpiPmi - ok

    02:51:06.0063 2060 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

    02:51:06.0089 2060 AdobeActiveFileMonitor8.0 - ok

    02:51:06.0190 2060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

    02:51:06.0232 2060 adp94xx - ok

    02:51:06.0312 2060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

    02:51:06.0350 2060 adpahci - ok

    02:51:06.0407 2060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

    02:51:06.0438 2060 adpu320 - ok

    02:51:06.0480 2060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

    02:51:06.0688 2060 AeLookupSvc - ok

    02:51:06.0803 2060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

    02:51:06.0903 2060 AFD - ok

    02:51:06.0959 2060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

    02:51:06.0985 2060 agp440 - ok

    02:51:07.0467 2060 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll

    02:51:07.0467 2060 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22

    02:51:07.0483 2060 Akamai ( HiddenFile.Multi.Generic ) - warning

    02:51:07.0483 2060 Akamai - detected HiddenFile.Multi.Generic (1)

    02:51:07.0671 2060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

    02:51:07.0754 2060 ALG - ok

    02:51:07.0866 2060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

    02:51:07.0891 2060 aliide - ok

    02:51:07.0897 2060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

    02:51:07.0921 2060 amdide - ok

    02:51:07.0987 2060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

    02:51:08.0054 2060 AmdK8 - ok

    02:51:08.0083 2060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

    02:51:08.0143 2060 AmdPPM - ok

    02:51:08.0205 2060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

    02:51:08.0232 2060 amdsata - ok

    02:51:08.0276 2060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

    02:51:08.0306 2060 amdsbs - ok

    02:51:08.0358 2060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

    02:51:08.0384 2060 amdxata - ok

    02:51:08.0470 2060 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys

    02:51:08.0499 2060 ApfiltrService - ok

    02:51:08.0555 2060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

    02:51:08.0770 2060 AppID - ok

    02:51:08.0835 2060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

    02:51:08.0939 2060 AppIDSvc - ok

    02:51:09.0001 2060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

    02:51:09.0096 2060 Appinfo - ok

    02:51:09.0248 2060 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    02:51:09.0269 2060 Apple Mobile Device - ok

    02:51:09.0358 2060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

    02:51:09.0384 2060 arc - ok

    02:51:09.0426 2060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

    02:51:09.0452 2060 arcsas - ok

    02:51:09.0508 2060 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

    02:51:09.0526 2060 ArcSoftKsUFilter - ok

    02:51:09.0619 2060 aspnet_state - ok

    02:51:09.0674 2060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

    02:51:09.0769 2060 AsyncMac - ok

    02:51:09.0818 2060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

    02:51:09.0844 2060 atapi - ok

    02:51:10.0000 2060 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

    02:51:10.0106 2060 athr - ok

    02:51:10.0303 2060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    02:51:10.0431 2060 AudioEndpointBuilder - ok

    02:51:10.0443 2060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    02:51:10.0529 2060 AudioSrv - ok

    02:51:10.0606 2060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

    02:51:10.0697 2060 AxInstSV - ok

    02:51:10.0800 2060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

    02:51:10.0872 2060 b06bdrv - ok

    02:51:10.0945 2060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

    02:51:11.0017 2060 b57nd60a - ok

    02:51:11.0082 2060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

    02:51:11.0150 2060 BDESVC - ok

    02:51:11.0210 2060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

    02:51:11.0307 2060 Beep - ok

    02:51:11.0459 2060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

    02:51:11.0580 2060 BFE - ok

    02:51:11.0672 2060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

    02:51:11.0854 2060 BITS - ok

    02:51:11.0937 2060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

    02:51:11.0964 2060 blbdrive - ok

    02:51:12.0121 2060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

    02:51:12.0153 2060 Bonjour Service - ok

    02:51:12.0232 2060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

    02:51:12.0298 2060 bowser - ok

    02:51:12.0354 2060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

    02:51:12.0438 2060 BrFiltLo - ok

    02:51:12.0456 2060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

    02:51:12.0489 2060 BrFiltUp - ok

    02:51:12.0556 2060 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

    02:51:12.0637 2060 BridgeMP - ok

    02:51:12.0707 2060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

    02:51:12.0825 2060 Browser - ok

    02:51:12.0902 2060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

    02:51:12.0965 2060 Brserid - ok

    02:51:13.0032 2060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

    02:51:13.0080 2060 BrSerWdm - ok

    02:51:13.0112 2060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

    02:51:13.0196 2060 BrUsbMdm - ok

    02:51:13.0243 2060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

    02:51:13.0285 2060 BrUsbSer - ok

    02:51:13.0343 2060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

    02:51:13.0426 2060 BthEnum - ok

    02:51:13.0488 2060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

    02:51:13.0538 2060 BTHMODEM - ok

    02:51:13.0587 2060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

    02:51:13.0629 2060 BthPan - ok

    02:51:13.0736 2060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

    02:51:13.0803 2060 BTHPORT - ok

    02:51:13.0858 2060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

    02:51:13.0947 2060 bthserv - ok

    02:51:14.0008 2060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

    02:51:14.0049 2060 BTHUSB - ok

    02:51:14.0107 2060 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

    02:51:14.0128 2060 btusbflt - ok

    02:51:14.0196 2060 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

    02:51:14.0219 2060 btwaudio - ok

    02:51:14.0325 2060 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

    02:51:14.0348 2060 btwavdt - ok

    02:51:14.0568 2060 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    02:51:14.0615 2060 btwdins - ok

    02:51:14.0629 2060 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

    02:51:14.0645 2060 btwl2cap - ok

    02:51:14.0693 2060 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

    02:51:14.0712 2060 btwrchid - ok

    02:51:14.0771 2060 catchme - ok

    02:51:14.0827 2060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

    02:51:14.0916 2060 cdfs - ok

    02:51:14.0978 2060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

    02:51:15.0022 2060 cdrom - ok

    02:51:15.0070 2060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    02:51:15.0172 2060 CertPropSvc - ok

    02:51:15.0229 2060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

    02:51:15.0285 2060 circlass - ok

    02:51:15.0352 2060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

    02:51:15.0388 2060 CLFS - ok

    02:51:15.0486 2060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    02:51:15.0509 2060 clr_optimization_v2.0.50727_32 - ok

    02:51:15.0576 2060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    02:51:15.0599 2060 clr_optimization_v2.0.50727_64 - ok

    02:51:15.0726 2060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    02:51:15.0751 2060 clr_optimization_v4.0.30319_32 - ok

    02:51:15.0827 2060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    02:51:15.0849 2060 clr_optimization_v4.0.30319_64 - ok

    02:51:15.0902 2060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

    02:51:15.0947 2060 CmBatt - ok

    02:51:15.0987 2060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

    02:51:16.0011 2060 cmdide - ok

    02:51:16.0098 2060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

    02:51:16.0156 2060 CNG - ok

    02:51:16.0222 2060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

    02:51:16.0248 2060 Compbatt - ok

    02:51:16.0303 2060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

    02:51:16.0356 2060 CompositeBus - ok

    02:51:16.0375 2060 COMSysApp - ok

    02:51:16.0414 2060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

    02:51:16.0438 2060 crcdisk - ok

    02:51:16.0513 2060 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

    02:51:16.0563 2060 CryptSvc - ok

    02:51:16.0630 2060 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

    02:51:16.0650 2060 CVirtA - ok

    02:51:16.0826 2060 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

    02:51:16.0891 2060 CVPND - ok

    02:51:17.0088 2060 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys

    02:51:17.0117 2060 CVPNDRVA - ok

    02:51:17.0223 2060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    02:51:17.0311 2060 DcomLaunch - ok

    02:51:17.0367 2060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

    02:51:17.0462 2060 defragsvc - ok

    02:51:17.0544 2060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

    02:51:17.0648 2060 DfsC - ok

    02:51:17.0725 2060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

    02:51:17.0816 2060 Dhcp - ok

    02:51:17.0876 2060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

    02:51:17.0952 2060 discache - ok

    02:51:18.0006 2060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

    02:51:18.0033 2060 Disk - ok

    02:51:18.0100 2060 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

    02:51:18.0122 2060 DNE - ok

    02:51:18.0188 2060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

    02:51:18.0264 2060 Dnscache - ok

    02:51:18.0325 2060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

    02:51:18.0425 2060 dot3svc - ok

    02:51:18.0448 2060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

    02:51:18.0531 2060 DPS - ok

    02:51:18.0587 2060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

    02:51:18.0627 2060 drmkaud - ok

    02:51:18.0737 2060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

    02:51:18.0796 2060 DXGKrnl - ok

    02:51:18.0863 2060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

    02:51:18.0963 2060 EapHost - ok

    02:51:19.0298 2060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

    02:51:19.0480 2060 ebdrv - ok

    02:51:19.0634 2060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

    02:51:19.0704 2060 EFS - ok

    02:51:19.0842 2060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

    02:51:19.0936 2060 ehRecvr - ok

    02:51:19.0972 2060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

    02:51:20.0017 2060 ehSched - ok

    02:51:20.0126 2060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

    02:51:20.0168 2060 elxstor - ok

    02:51:20.0202 2060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

    02:51:20.0228 2060 ErrDev - ok

    02:51:20.0293 2060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

    02:51:20.0399 2060 EventSystem - ok

    02:51:20.0589 2060 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    02:51:20.0659 2060 EvtEng - ok

    02:51:20.0818 2060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

    02:51:20.0914 2060 exfat - ok

    02:51:20.0942 2060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

    02:51:21.0035 2060 fastfat - ok

    02:51:21.0125 2060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

    02:51:21.0210 2060 Fax - ok

    02:51:21.0264 2060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

    02:51:21.0298 2060 fdc - ok

    02:51:21.0353 2060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

    02:51:21.0474 2060 fdPHost - ok

    02:51:21.0508 2060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

    02:51:21.0585 2060 FDResPub - ok

    02:51:21.0652 2060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

    02:51:21.0678 2060 FileInfo - ok

    02:51:21.0690 2060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

    02:51:21.0786 2060 Filetrace - ok

    02:51:21.0907 2060 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    02:51:21.0958 2060 FLEXnet Licensing Service - ok

    02:51:22.0012 2060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

    02:51:22.0037 2060 flpydisk - ok

    02:51:22.0098 2060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

    02:51:22.0132 2060 FltMgr - ok

    02:51:22.0244 2060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

    02:51:22.0321 2060 FontCache - ok

    02:51:22.0396 2060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    02:51:22.0416 2060 FontCache3.0.0.0 - ok

    02:51:22.0470 2060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

    02:51:22.0496 2060 FsDepends - ok

    02:51:22.0548 2060 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

    02:51:22.0568 2060 fssfltr - ok

    02:51:22.0704 2060 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    02:51:22.0748 2060 fsssvc - ok

    02:51:22.0793 2060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

    02:51:22.0818 2060 Fs_Rec - ok

    02:51:22.0960 2060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

    02:51:23.0000 2060 fvevol - ok

    02:51:23.0050 2060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

    02:51:23.0076 2060 gagp30kx - ok

    02:51:23.0146 2060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    02:51:23.0163 2060 GEARAspiWDM - ok

    02:51:23.0275 2060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

    02:51:23.0379 2060 gpsvc - ok

    02:51:23.0430 2060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

    02:51:23.0503 2060 hcw85cir - ok

    02:51:23.0580 2060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

    02:51:23.0621 2060 HdAudAddService - ok

    02:51:23.0662 2060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

    02:51:23.0696 2060 HDAudBus - ok

    02:51:23.0731 2060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

    02:51:23.0778 2060 HidBatt - ok

    02:51:23.0812 2060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

    02:51:23.0869 2060 HidBth - ok

    02:51:23.0927 2060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

    02:51:23.0969 2060 HidIr - ok

    02:51:24.0008 2060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

    02:51:24.0113 2060 hidserv - ok

    02:51:24.0173 2060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

    02:51:24.0200 2060 HidUsb - ok

    02:51:24.0249 2060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

    02:51:24.0346 2060 hkmsvc - ok

    02:51:24.0428 2060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

    02:51:24.0496 2060 HomeGroupListener - ok

    02:51:24.0545 2060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

    02:51:24.0592 2060 HomeGroupProvider - ok

    02:51:24.0634 2060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

    02:51:24.0659 2060 HpSAMD - ok

    02:51:24.0759 2060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

    02:51:24.0872 2060 HTTP - ok

    02:51:24.0899 2060 hwdatacard - ok

    02:51:24.0931 2060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

    02:51:24.0956 2060 hwpolicy - ok

    02:51:25.0055 2060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

    02:51:25.0082 2060 i8042prt - ok

    02:51:25.0281 2060 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    02:51:25.0310 2060 IAANTMON - ok

    02:51:25.0367 2060 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys

    02:51:25.0398 2060 iaStor - ok

    02:51:25.0488 2060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

    02:51:25.0525 2060 iaStorV - ok

    02:51:25.0684 2060 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    02:51:25.0707 2060 IDriverT ( UnsignedFile.Multi.Generic ) - warning

    02:51:25.0707 2060 IDriverT - detected UnsignedFile.Multi.Generic (1)

    02:51:25.0835 2060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    02:51:25.0883 2060 idsvc - ok

    02:51:25.0996 2060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

    02:51:26.0022 2060 iirsp - ok

    02:51:26.0120 2060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

    02:51:26.0215 2060 IKEEXT - ok

    02:51:26.0288 2060 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys

    02:51:26.0326 2060 Impcd - ok

    02:51:26.0534 2060 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys

    02:51:26.0640 2060 IntcAzAudAddService - ok

    02:51:26.0790 2060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

    02:51:26.0813 2060 intelide - ok

    02:51:26.0870 2060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

    02:51:26.0908 2060 intelppm - ok

    02:51:26.0959 2060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

    02:51:27.0055 2060 IPBusEnum - ok

    02:51:27.0114 2060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    02:51:27.0209 2060 IpFilterDriver - ok

    02:51:27.0285 2060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

    02:51:27.0381 2060 iphlpsvc - ok

    02:51:27.0423 2060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

    02:51:27.0468 2060 IPMIDRV - ok

    02:51:27.0509 2060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

    02:51:27.0604 2060 IPNAT - ok

    02:51:27.0728 2060 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe

    02:51:27.0777 2060 iPod Service - ok

    02:51:27.0831 2060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

    02:51:27.0904 2060 IRENUM - ok

    02:51:27.0971 2060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

    02:51:27.0998 2060 isapnp - ok

    02:51:28.0154 2060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

    02:51:28.0194 2060 iScsiPrt - ok

    02:51:28.0299 2060 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    02:51:28.0320 2060 IviRegMgr - ok

    02:51:28.0375 2060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

    02:51:28.0400 2060 kbdclass - ok

    02:51:28.0460 2060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

    02:51:28.0505 2060 kbdhid - ok

    02:51:28.0568 2060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:51:28.0594 2060 KeyIso - ok

    02:51:28.0618 2060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

    02:51:28.0645 2060 KSecDD - ok

    02:51:28.0672 2060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

    02:51:28.0700 2060 KSecPkg - ok

    02:51:28.0757 2060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

    02:51:28.0842 2060 ksthunk - ok

    02:51:28.0890 2060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

    02:51:28.0986 2060 KtmRm - ok

    02:51:29.0059 2060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

    02:51:29.0180 2060 LanmanServer - ok

    02:51:29.0272 2060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

    02:51:29.0361 2060 LanmanWorkstation - ok

    02:51:29.0424 2060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

    02:51:29.0521 2060 lltdio - ok

    02:51:29.0580 2060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

    02:51:29.0680 2060 lltdsvc - ok

    02:51:29.0720 2060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

    02:51:29.0796 2060 lmhosts - ok

    02:51:29.0865 2060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

    02:51:29.0892 2060 LSI_FC - ok

    02:51:29.0917 2060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

    02:51:29.0944 2060 LSI_SAS - ok

    02:51:29.0993 2060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

    02:51:30.0020 2060 LSI_SAS2 - ok

    02:51:30.0060 2060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

    02:51:30.0089 2060 LSI_SCSI - ok

    02:51:30.0145 2060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

    02:51:30.0234 2060 luafv - ok

    02:51:30.0283 2060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

    02:51:30.0322 2060 Mcx2Svc - ok

    02:51:30.0341 2060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

    02:51:30.0365 2060 megasas - ok

    02:51:30.0438 2060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

    02:51:30.0471 2060 MegaSR - ok

    02:51:30.0662 2060 Micorsoft Windows Service (a6d351093f75d16c574db31cdf736153) C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys

    02:51:30.0670 2060 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - warning

    02:51:30.0670 2060 Micorsoft Windows Service - detected UnsignedFile.Multi.Generic (1)

    02:51:30.0703 2060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    02:51:30.0791 2060 MMCSS - ok

    02:51:30.0825 2060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

    02:51:30.0910 2060 Modem - ok

    02:51:30.0958 2060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

    02:51:30.0989 2060 monitor - ok

    02:51:31.0045 2060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

    02:51:31.0070 2060 mouclass - ok

    02:51:31.0133 2060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

    02:51:31.0174 2060 mouhid - ok

    02:51:31.0231 2060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

    02:51:31.0258 2060 mountmgr - ok

    02:51:31.0319 2060 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

    02:51:31.0359 2060 MpFilter - ok

    02:51:31.0410 2060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

    02:51:31.0441 2060 mpio - ok

    02:51:31.0477 2060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

    02:51:31.0553 2060 mpsdrv - ok

    02:51:31.0650 2060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

    02:51:31.0778 2060 MpsSvc - ok

    02:51:31.0842 2060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

    02:51:31.0910 2060 MRxDAV - ok

    02:51:31.0960 2060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

    02:51:32.0011 2060 mrxsmb - ok

    02:51:32.0066 2060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    02:51:32.0113 2060 mrxsmb10 - ok

    02:51:32.0168 2060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    02:51:32.0196 2060 mrxsmb20 - ok

    02:51:32.0247 2060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

    02:51:32.0272 2060 msahci - ok

    02:51:32.0314 2060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

    02:51:32.0342 2060 msdsm - ok

    02:51:32.0382 2060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

    02:51:32.0428 2060 MSDTC - ok

    02:51:32.0478 2060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

    02:51:32.0569 2060 Msfs - ok

    02:51:32.0621 2060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

    02:51:32.0696 2060 mshidkmdf - ok

    02:51:32.0741 2060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

    02:51:32.0766 2060 msisadrv - ok

    02:51:32.0797 2060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

    02:51:32.0891 2060 MSiSCSI - ok

    02:51:32.0896 2060 msiserver - ok

    02:51:32.0946 2060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

    02:51:33.0024 2060 MSKSSRV - ok

    02:51:33.0210 2060 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

    02:51:33.0235 2060 MsMpSvc - ok

    02:51:33.0290 2060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

    02:51:33.0375 2060 MSPCLOCK - ok

    02:51:33.0398 2060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

    02:51:33.0484 2060 MSPQM - ok

    02:51:33.0597 2060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

    02:51:33.0674 2060 MsRPC - ok

    02:51:33.0745 2060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

    02:51:33.0771 2060 mssmbios - ok

    02:51:33.0822 2060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

    02:51:33.0910 2060 MSTEE - ok

    02:51:33.0944 2060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

    02:51:33.0983 2060 MTConfig - ok

    02:51:34.0049 2060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

    02:51:34.0075 2060 Mup - ok

    02:51:34.0150 2060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

    02:51:34.0257 2060 napagent - ok

    02:51:34.0339 2060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

    02:51:34.0391 2060 NativeWifiP - ok

    02:51:34.0610 2060 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

    02:51:34.0638 2060 NBService ( UnsignedFile.Multi.Generic ) - warning

    02:51:34.0638 2060 NBService - detected UnsignedFile.Multi.Generic (1)

    02:51:34.0747 2060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

    02:51:34.0808 2060 NDIS - ok

    02:51:34.0863 2060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

    02:51:34.0947 2060 NdisCap - ok

    02:51:35.0003 2060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

    02:51:35.0102 2060 NdisTapi - ok

    02:51:35.0154 2060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

    02:51:35.0235 2060 Ndisuio - ok

    02:51:35.0280 2060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

    02:51:35.0374 2060 NdisWan - ok

    02:51:35.0419 2060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

    02:51:35.0495 2060 NDProxy - ok

    02:51:35.0544 2060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

    02:51:35.0644 2060 NetBIOS - ok

    02:51:35.0693 2060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

    02:51:35.0775 2060 NetBT - ok

    02:51:35.0824 2060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:51:35.0850 2060 Netlogon - ok

    02:51:35.0926 2060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

    02:51:36.0020 2060 Netman - ok

    02:51:36.0133 2060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

    02:51:36.0221 2060 netprofm - ok

    02:51:36.0305 2060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    02:51:36.0326 2060 NetTcpPortSharing - ok

    02:51:36.0796 2060 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

    02:51:37.0117 2060 NETw5s64 - ok

    02:51:37.0269 2060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

    02:51:37.0294 2060 nfrd960 - ok

    02:51:37.0336 2060 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    02:51:37.0359 2060 NisDrv - ok

    02:51:37.0539 2060 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

    02:51:37.0573 2060 NisSrv - ok

    02:51:37.0637 2060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

    02:51:37.0732 2060 NlaSvc - ok

    02:51:37.0893 2060 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

    02:51:37.0922 2060 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

    02:51:37.0922 2060 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

    02:51:37.0945 2060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

    02:51:38.0014 2060 Npfs - ok

    02:51:38.0034 2060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

    02:51:38.0100 2060 nsi - ok

    02:51:38.0117 2060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

    02:51:38.0205 2060 nsiproxy - ok

    02:51:38.0366 2060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

    02:51:38.0451 2060 Ntfs - ok

    02:51:38.0566 2060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

    02:51:38.0661 2060 Null - ok

    02:51:38.0727 2060 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

    02:51:38.0753 2060 NVHDA - ok

    02:51:39.0704 2060 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

    02:51:40.0309 2060 nvlddmkm - ok

    02:51:40.0500 2060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

    02:51:40.0524 2060 nvraid - ok

    02:51:40.0543 2060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

    02:51:40.0570 2060 nvstor - ok

    02:51:40.0698 2060 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

    02:51:40.0769 2060 nvsvc - ok

    02:51:41.0049 2060 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    02:51:41.0139 2060 nvUpdatusService - ok

    02:51:41.0346 2060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

    02:51:41.0373 2060 nv_agp - ok

    02:51:41.0570 2060 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    02:51:41.0607 2060 odserv - ok

    02:51:41.0651 2060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

    02:51:41.0689 2060 ohci1394 - ok

    02:51:41.0761 2060 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    02:51:41.0784 2060 ose - ok

    02:51:41.0832 2060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    02:51:41.0886 2060 p2pimsvc - ok

    02:51:41.0941 2060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

    02:51:41.0977 2060 p2psvc - ok

    02:51:42.0014 2060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

    02:51:42.0042 2060 Parport - ok

    02:51:42.0081 2060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

    02:51:42.0108 2060 partmgr - ok

    02:51:42.0147 2060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

    02:51:42.0199 2060 PcaSvc - ok

    02:51:42.0259 2060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

    02:51:42.0290 2060 pci - ok

    02:51:42.0337 2060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

    02:51:42.0361 2060 pciide - ok

    02:51:42.0411 2060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

    02:51:42.0442 2060 pcmcia - ok

    02:51:42.0483 2060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

    02:51:42.0510 2060 pcw - ok

    02:51:42.0571 2060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

    02:51:42.0679 2060 PEAUTH - ok

    02:51:42.0761 2060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

    02:51:42.0803 2060 PerfHost - ok

    02:51:42.0941 2060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

    02:51:43.0051 2060 pla - ok

    02:51:43.0180 2060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

    02:51:43.0256 2060 PlugPlay - ok

    02:51:43.0448 2060 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

    02:51:43.0474 2060 PMBDeviceInfoProvider - ok

    02:51:43.0510 2060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

    02:51:43.0559 2060 PNRPAutoReg - ok

    02:51:43.0604 2060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    02:51:43.0635 2060 PNRPsvc - ok

    02:51:43.0726 2060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

    02:51:43.0836 2060 PolicyAgent - ok

    02:51:43.0909 2060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

    02:51:44.0023 2060 Power - ok

    02:51:44.0187 2060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

    02:51:44.0277 2060 PptpMiniport - ok

    02:51:44.0316 2060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

    02:51:44.0367 2060 Processor - ok

    02:51:44.0432 2060 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

    02:51:44.0496 2060 ProfSvc - ok

    02:51:44.0536 2060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:51:44.0563 2060 ProtectedStorage - ok

    02:51:44.0624 2060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

    02:51:44.0714 2060 Psched - ok

    02:51:44.0824 2060 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    02:51:44.0845 2060 PSI_SVC_2 - ok

    02:51:44.0908 2060 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

    02:51:44.0930 2060 PxHlpa64 - ok

    02:51:45.0107 2060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

    02:51:45.0203 2060 ql2300 - ok

    02:51:45.0364 2060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

    02:51:45.0391 2060 ql40xx - ok

    02:51:45.0479 2060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

    02:51:45.0521 2060 QWAVE - ok

    02:51:45.0577 2060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

    02:51:45.0621 2060 QWAVEdrv - ok

    02:51:45.0644 2060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

    02:51:45.0732 2060 RasAcd - ok

    02:51:45.0793 2060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

    02:51:45.0867 2060 RasAgileVpn - ok

    02:51:45.0940 2060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

    02:51:46.0044 2060 RasAuto - ok

    02:51:46.0105 2060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

    02:51:46.0196 2060 Rasl2tp - ok

    02:51:46.0288 2060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

    02:51:46.0390 2060 RasMan - ok

    02:51:46.0450 2060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

    02:51:46.0547 2060 RasPppoe - ok

    02:51:46.0641 2060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

    02:51:46.0754 2060 RasSstp - ok

    02:51:46.0843 2060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

    02:51:46.0945 2060 rdbss - ok

    02:51:46.0986 2060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

    02:51:47.0041 2060 rdpbus - ok

    02:51:47.0095 2060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

    02:51:47.0189 2060 RDPCDD - ok

    02:51:47.0235 2060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

    02:51:47.0328 2060 RDPENCDD - ok

    02:51:47.0371 2060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

    02:51:47.0445 2060 RDPREFMP - ok

    02:51:47.0507 2060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

    02:51:47.0563 2060 RDPWD - ok

    02:51:47.0624 2060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

    02:51:47.0669 2060 rdyboost - ok

    02:51:47.0733 2060 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

    02:51:47.0755 2060 regi - ok

    02:51:48.0019 2060 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    02:51:48.0080 2060 RegSrvc - ok

    02:51:48.0139 2060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

    02:51:48.0216 2060 RemoteAccess - ok

    02:51:48.0275 2060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

    02:51:48.0368 2060 RemoteRegistry - ok

    02:51:48.0429 2060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

    02:51:48.0479 2060 RFCOMM - ok

    02:51:48.0552 2060 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys

    02:51:48.0597 2060 rimspci - ok

    02:51:48.0678 2060 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys

    02:51:48.0735 2060 risdsnpe - ok

    02:51:48.0867 2060 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    02:51:48.0895 2060 Roxio UPnP Renderer 10 - ok

    02:51:48.0949 2060 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    02:51:48.0982 2060 Roxio Upnp Server 10 - ok

    02:51:49.0005 2060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

    02:51:49.0108 2060 RpcEptMapper - ok

    02:51:49.0137 2060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

    02:51:49.0188 2060 RpcLocator - ok

    02:51:49.0311 2060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    02:51:49.0396 2060 RpcSs - ok

    02:51:49.0465 2060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

    02:51:49.0564 2060 rspndr - ok

    02:51:49.0741 2060 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\SONY\VAIO Care\collsvc.exe

    02:51:49.0764 2060 SampleCollector ( UnsignedFile.Multi.Generic ) - warning

    02:51:49.0764 2060 SampleCollector - detected UnsignedFile.Multi.Generic (1)

    02:51:49.0814 2060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:51:49.0839 2060 SamSs - ok

    02:51:49.0883 2060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

    02:51:49.0911 2060 sbp2port - ok

    02:51:49.0985 2060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

    02:51:50.0065 2060 SCardSvr - ok

    02:51:50.0114 2060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

    02:51:50.0193 2060 scfilter - ok

    02:51:50.0402 2060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

    02:51:50.0541 2060 Schedule - ok

    02:51:50.0607 2060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    02:51:50.0679 2060 SCPolicySvc - ok

    02:51:50.0761 2060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

    02:51:50.0796 2060 sdbus - ok

    02:51:50.0857 2060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

    02:51:50.0931 2060 SDRSVC - ok

    02:51:51.0062 2060 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    02:51:51.0093 2060 SeaPort - ok

    02:51:51.0152 2060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

    02:51:51.0226 2060 secdrv - ok

    02:51:51.0274 2060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

    02:51:51.0378 2060 seclogon - ok

    02:51:51.0433 2060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

    02:51:51.0523 2060 SENS - ok

    02:51:51.0547 2060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

    02:51:51.0609 2060 SensrSvc - ok

    02:51:51.0665 2060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

    02:51:51.0707 2060 Serenum - ok

    02:51:51.0761 2060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

    02:51:51.0813 2060 Serial - ok

    02:51:51.0873 2060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

    02:51:51.0899 2060 sermouse - ok

    02:51:51.0959 2060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

    02:51:52.0060 2060 SessionEnv - ok

    02:51:52.0140 2060 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

    02:51:52.0188 2060 SFEP - ok

    02:51:52.0223 2060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

    02:51:52.0280 2060 sffdisk - ok

    02:51:52.0325 2060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

    02:51:52.0382 2060 sffp_mmc - ok

    02:51:52.0428 2060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

    02:51:52.0482 2060 sffp_sd - ok

    02:51:52.0545 2060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

    02:51:52.0570 2060 sfloppy - ok

    02:51:52.0645 2060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

    02:51:52.0749 2060 SharedAccess - ok

    02:51:52.0861 2060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

    02:51:52.0990 2060 ShellHWDetection - ok

    02:51:53.0046 2060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

    02:51:53.0072 2060 SiSRaid2 - ok

    02:51:53.0131 2060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

    02:51:53.0158 2060 SiSRaid4 - ok

    02:51:53.0207 2060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

    02:51:53.0283 2060 Smb - ok

    02:51:53.0365 2060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

    02:51:53.0435 2060 SNMPTRAP - ok

    02:51:53.0608 2060 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

    02:51:53.0627 2060 SOHCImp - ok

    02:51:53.0664 2060 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

    02:51:53.0680 2060 SOHDBSvr - ok

    02:51:53.0728 2060 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

    02:51:53.0758 2060 SOHDms - ok

    02:51:53.0787 2060 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

    02:51:53.0804 2060 SOHDs - ok

    02:51:53.0860 2060 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

    02:51:53.0905 2060 SOHPlMgr - ok

    02:51:53.0937 2060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

    02:51:53.0961 2060 spldr - ok

    02:51:54.0042 2060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

    02:51:54.0131 2060 Spooler - ok

    02:51:54.0757 2060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

    02:51:55.0009 2060 sppsvc - ok

    02:51:55.0306 2060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

    02:51:55.0402 2060 sppuinotify - ok

    02:51:55.0681 2060 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys

    02:51:55.0681 2060 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2

    02:51:55.0706 2060 sptd ( LockedFile.Multi.Generic ) - warning

    02:51:55.0706 2060 sptd - detected LockedFile.Multi.Generic (1)

    02:51:55.0771 2060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

    02:51:55.0847 2060 srv - ok

    02:51:55.0925 2060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

    02:51:55.0983 2060 srv2 - ok

    02:51:56.0034 2060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

    02:51:56.0075 2060 srvnet - ok

    02:51:56.0187 2060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

    02:51:56.0269 2060 SSDPSRV - ok

    02:51:56.0362 2060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

    02:51:56.0440 2060 SstpSvc - ok

    02:51:56.0668 2060 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    02:51:56.0702 2060 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

    02:51:56.0702 2060 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

    02:51:56.0800 2060 Steam Client Service - ok

    02:51:57.0016 2060 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    02:51:57.0049 2060 Stereo Service - ok

    02:51:57.0118 2060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

    02:51:57.0142 2060 stexstor - ok

    02:51:57.0222 2060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

    02:51:57.0295 2060 stisvc - ok

    02:51:57.0335 2060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

    02:51:57.0359 2060 swenum - ok

    02:51:57.0468 2060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

    02:51:57.0583 2060 swprv - ok

    02:51:57.0989 2060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

    02:51:58.0121 2060 SysMain - ok

    02:51:58.0334 2060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

    02:51:58.0395 2060 TabletInputService - ok

    02:51:58.0465 2060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

    02:51:58.0579 2060 TapiSrv - ok

    02:51:58.0628 2060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

    02:51:58.0710 2060 TBS - ok

    02:51:58.0984 2060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

    02:51:59.0109 2060 Tcpip - ok

    02:51:59.0715 2060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

    02:51:59.0800 2060 TCPIP6 - ok

    02:52:00.0121 2060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

    02:52:00.0221 2060 tcpipreg - ok

    02:52:00.0272 2060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

    02:52:00.0336 2060 TDPIPE - ok

    02:52:00.0401 2060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

    02:52:00.0452 2060 TDTCP - ok

    02:52:00.0499 2060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

    02:52:00.0575 2060 tdx - ok

    02:52:00.0649 2060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

    02:52:00.0674 2060 TermDD - ok

    02:52:00.0837 2060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

    02:52:00.0965 2060 TermService - ok

    02:52:01.0001 2060 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

    02:52:01.0037 2060 Themes - ok

    02:52:01.0117 2060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    02:52:01.0220 2060 THREADORDER - ok

    02:52:01.0262 2060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

    02:52:01.0352 2060 TrkWks - ok

    02:52:01.0490 2060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

    02:52:01.0588 2060 TrustedInstaller - ok

    02:52:01.0658 2060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

    02:52:01.0729 2060 tssecsrv - ok

    02:52:01.0815 2060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

    02:52:01.0881 2060 TsUsbFlt - ok

    02:52:01.0936 2060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

    02:52:02.0039 2060 tunnel - ok

    02:52:02.0157 2060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

    02:52:02.0200 2060 uagp35 - ok

    02:52:02.0276 2060 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

    02:52:02.0298 2060 uCamMonitor - ok

    02:52:02.0366 2060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

    02:52:02.0454 2060 udfs - ok

    02:52:02.0486 2060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

    02:52:02.0518 2060 UI0Detect - ok

    02:52:02.0573 2060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

    02:52:02.0601 2060 uliagpkx - ok

    02:52:02.0646 2060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

    02:52:02.0684 2060 umbus - ok

    02:52:02.0743 2060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

    02:52:02.0780 2060 UmPass - ok

    02:52:02.0854 2060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

    02:52:02.0974 2060 upnphost - ok

    02:52:03.0032 2060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

    02:52:03.0070 2060 USBAAPL64 - ok

    02:52:03.0118 2060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

    02:52:03.0168 2060 usbccgp - ok

    02:52:03.0225 2060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

    02:52:03.0257 2060 usbcir - ok

    02:52:03.0345 2060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

    02:52:03.0398 2060 usbehci - ok

    02:52:03.0468 2060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

    02:52:03.0515 2060 usbhub - ok

    02:52:03.0571 2060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

    02:52:03.0623 2060 usbohci - ok

    02:52:03.0655 2060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

    02:52:03.0695 2060 usbprint - ok

    02:52:03.0748 2060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

    02:52:03.0801 2060 USBSTOR - ok

    02:52:03.0825 2060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

    02:52:03.0860 2060 usbuhci - ok

    02:52:03.0928 2060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

    02:52:03.0965 2060 usbvideo - ok

    02:52:04.0015 2060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

    02:52:04.0112 2060 UxSms - ok

    02:52:04.0252 2060 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

    02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

    02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

    02:52:04.0357 2060 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

    02:52:04.0378 2060 VAIO Event Service - ok

    02:52:04.0584 2060 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

    02:52:04.0638 2060 VAIO Power Management - ok

    02:52:04.0694 2060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:52:04.0720 2060 VaultSvc - ok

    02:52:04.0878 2060 VCFw (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

    02:52:04.0917 2060 VCFw - ok

    02:52:05.0107 2060 VcmIAlzMgr (fd03ac6cd1571aa8b2ff56d3c600e26e) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

    02:52:05.0170 2060 VcmIAlzMgr - ok

    02:52:05.0234 2060 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

    02:52:05.0264 2060 VcmINSMgr - ok

    02:52:05.0340 2060 VcmXmlIfHelper (dfe10c68ef4684f7754fcca39a4cc6ba) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

    02:52:05.0360 2060 VcmXmlIfHelper - ok

    02:52:05.0602 2060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

    02:52:05.0628 2060 vdrvroot - ok

    02:52:05.0710 2060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

    02:52:05.0797 2060 vds - ok

    02:52:05.0864 2060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

    02:52:05.0895 2060 vga - ok

    02:52:05.0912 2060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

    02:52:06.0003 2060 VgaSave - ok

    02:52:06.0061 2060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

    02:52:06.0092 2060 vhdmp - ok

    02:52:06.0141 2060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

    02:52:06.0165 2060 viaide - ok

    02:52:06.0206 2060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

    02:52:06.0232 2060 volmgr - ok

    02:52:06.0293 2060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

    02:52:06.0329 2060 volmgrx - ok

    02:52:06.0394 2060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

    02:52:06.0427 2060 volsnap - ok

    02:52:06.0493 2060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

    02:52:06.0523 2060 vsmraid - ok

    02:52:06.0682 2060 VSNService (27cc4003da9ea10e3cd412a398bf04e6) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe

    02:52:06.0725 2060 VSNService ( UnsignedFile.Multi.Generic ) - warning

    02:52:06.0725 2060 VSNService - detected UnsignedFile.Multi.Generic (1)

    02:52:06.0867 2060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

    02:52:07.0005 2060 VSS - ok

    02:52:07.0240 2060 VUAgent (77e034d8d8dfa4039b45aca2f0d3ac13) C:\Program Files\SONY\VAIO Update 5\VUAgent.exe

    02:52:07.0317 2060 VUAgent - ok

    02:52:07.0456 2060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

    02:52:07.0490 2060 vwifibus - ok

    02:52:07.0540 2060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

    02:52:07.0581 2060 vwififlt - ok

    02:52:07.0615 2060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

    02:52:07.0643 2060 vwifimp - ok

    02:52:07.0763 2060 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    02:52:07.0785 2060 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

    02:52:07.0785 2060 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

    02:52:07.0886 2060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

    02:52:07.0960 2060 W32Time - ok

    02:52:08.0003 2060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

    02:52:08.0033 2060 WacomPen - ok

    02:52:08.0094 2060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    02:52:08.0166 2060 WANARP - ok

    02:52:08.0193 2060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    02:52:08.0250 2060 Wanarpv6 - ok

    02:52:08.0369 2060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

    02:52:08.0425 2060 WatAdminSvc - ok

    02:52:08.0557 2060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

    02:52:08.0669 2060 wbengine - ok

    02:52:08.0844 2060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

    02:52:08.0885 2060 WbioSrvc - ok

    02:52:08.0998 2060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

    02:52:09.0092 2060 wcncsvc - ok

    02:52:09.0124 2060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

    02:52:09.0165 2060 WcsPlugInService - ok

    02:52:09.0226 2060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

    02:52:09.0252 2060 Wd - ok

    02:52:09.0321 2060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

    02:52:09.0367 2060 Wdf01000 - ok

    02:52:09.0390 2060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    02:52:09.0489 2060 WdiServiceHost - ok

    02:52:09.0494 2060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    02:52:09.0528 2060 WdiSystemHost - ok

    02:52:09.0593 2060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

    02:52:09.0656 2060 WebClient - ok

    02:52:09.0726 2060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

    02:52:09.0819 2060 Wecsvc - ok

    02:52:09.0879 2060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

    02:52:09.0955 2060 wercplsupport - ok

    02:52:10.0016 2060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

    02:52:10.0110 2060 WerSvc - ok

    02:52:10.0176 2060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

    02:52:10.0243 2060 WfpLwf - ok

    02:52:10.0258 2060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

    02:52:10.0278 2060 WIMMount - ok

    02:52:10.0358 2060 WinDefend - ok

    02:52:10.0366 2060 WinHttpAutoProxySvc - ok

    02:52:10.0426 2060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

    02:52:10.0496 2060 Winmgmt - ok

    02:52:10.0645 2060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

    02:52:10.0749 2060 WinRM - ok

    02:52:10.0947 2060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

    02:52:10.0998 2060 WinUsb - ok

    02:52:11.0159 2060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

    02:52:11.0251 2060 Wlansvc - ok

    02:52:11.0493 2060 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    02:52:11.0587 2060 wlidsvc - ok

    02:52:11.0749 2060 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

    02:52:11.0768 2060 WmBEnum - ok

    02:52:11.0832 2060 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

    02:52:11.0848 2060 WmFilter - ok

    02:52:11.0888 2060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

    02:52:11.0918 2060 WmiAcpi - ok

    02:52:11.0975 2060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

    02:52:12.0026 2060 wmiApSrv - ok

    02:52:12.0053 2060 WMPNetworkSvc - ok

    02:52:12.0120 2060 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

    02:52:12.0137 2060 WmVirHid - ok

    02:52:12.0181 2060 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

    02:52:12.0200 2060 WmXlCore - ok

    02:52:12.0263 2060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

    02:52:12.0308 2060 WPCSvc - ok

    02:52:12.0367 2060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

    02:52:12.0415 2060 WPDBusEnum - ok

    02:52:12.0440 2060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

    02:52:12.0507 2060 ws2ifsl - ok

    02:52:12.0579 2060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

    02:52:12.0623 2060 wscsvc - ok

    02:52:12.0628 2060 WSearch - ok

    02:52:12.0824 2060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

    02:52:12.0939 2060 wuauserv - ok

    02:52:13.0122 2060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

    02:52:13.0216 2060 WudfPf - ok

    02:52:13.0324 2060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

    02:52:13.0399 2060 WUDFRd - ok

    02:52:13.0447 2060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

    02:52:13.0522 2060 wudfsvc - ok

    02:52:13.0568 2060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

    02:52:13.0625 2060 WwanSvc - ok

    02:52:13.0678 2060 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

    02:52:13.0736 2060 xusb21 - ok

    02:52:13.0815 2060 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys

    02:52:13.0892 2060 yukonw7 - ok

    02:52:13.0953 2060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

    02:52:14.0452 2060 \Device\Harddisk0\DR0 - ok

    02:52:14.0480 2060 Boot (0x1200) (f5336d2cb112c43983b6151d3d188297) \Device\Harddisk0\DR0\Partition0

    02:52:14.0484 2060 \Device\Harddisk0\DR0\Partition0 - ok

    02:52:14.0499 2060 Boot (0x1200) (c42a05656d02b644057c60a40be8ccbd) \Device\Harddisk0\DR0\Partition1

    02:52:14.0502 2060 \Device\Harddisk0\DR0\Partition1 - ok

    02:52:14.0503 2060 ============================================================

    02:52:14.0503 2060 Scan finished

    02:52:14.0503 2060 ============================================================

    02:52:14.0520 5960 Detected object count: 11

    02:52:14.0520 5960 Actual detected object count: 11

    02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

    02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

    02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - skipped by user

    02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

    02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip


  13. heres the RogueKiller log:

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Remove -- Date: 07/14/2012 02:47:01

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 6 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

    [sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> DELETED

    [HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[18].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[1].txt ;

    RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;

    RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


  14. heres the RogueKiller log:

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Scan -- Date: 07/14/2012 01:50:08

    ¤¤¤ Bad processes: 3 ¤¤¤

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    [sUSP PATH] hovcexutiovmkrtn.exe -- C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 7 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

    [sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

    [sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[15].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[15].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;

    RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.