Jump to content

JoeyT

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Posts posted by JoeyT

  1. heres the scan result:

    ComboFix 12-07-13.02 - teng 14/07/2012 1:19.2.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2135 [GMT 10:00]

    Running from: c:\users\teng\Desktop\ComboFix.exe

    Command switches used :: c:\users\teng\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    FILE ::

    "c:\programdata\cple.exe"

    "c:\programdata\dvxe.exe"

    "c:\programdata\dwsv.exe"

    "c:\programdata\eodx.exe"

    "c:\programdata\fedh.exe"

    "c:\programdata\inis.exe"

    "c:\programdata\lsll.exe"

    "c:\programdata\ntul.exe"

    "c:\programdata\oxck.exe"

    "c:\programdata\tmia.exe"

    "c:\programdata\vhbr.exe"

    "c:\programdata\wcgg.exe"

    "c:\users\All Users\dvxe.exe"

    "c:\users\All Users\dwsv.exe"

    "c:\users\All Users\eodx.exe"

    "c:\users\All Users\fedh.exe"

    "c:\users\All Users\inis.exe"

    "c:\users\All Users\lsll.exe"

    "c:\users\All Users\ntul.exe"

    "c:\users\All Users\oxck.exe"

    "c:\users\All Users\tmia.exe"

    "c:\users\All Users\vhbr.exe"

    "c:\users\All Users\wcgg.exe"

    "c:\users\teng\AppData\Local\amri.exe"

    "c:\users\teng\AppData\Local\bdwg.exe"

    "c:\users\teng\AppData\Local\inlb.exe"

    "c:\users\teng\AppData\Local\ixos.exe"

    "c:\users\teng\AppData\Local\jqxw.exe"

    "c:\users\teng\AppData\Local\jume.exe"

    "c:\users\teng\AppData\Local\lfbj.exe"

    "c:\users\teng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\teng\Desktop\0.9476905325084528.exe"

    "c:\users\teng\AppData\Local\ucmu.exe"

    "c:\users\teng\AppData\Local\ukvp.exe"

    "c:\users\teng\AppData\Local\upfy.exe"

    "c:\users\teng\AppData\Local\uwdj.exe"

    "c:\users\teng\AppData\Local\yslk.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ahyx.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bvoc.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bxch.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cdma.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cfeo.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\clci.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ffrp.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\hqyb.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\kyxe.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lfru.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lqbq.exe"

    "c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\oumf.exe"

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\teng\AppData\Local\dacdwkjw.log

    c:\users\teng\AppData\Local\fvswgmnd.log

    c:\users\teng\AppData\Local\jhlmlsnb.log

    c:\users\teng\AppData\Local\qkbydubj.log

    c:\users\teng\AppData\Local\rbimvufg.log

    c:\users\teng\AppData\Local\sxxctcia.log

    c:\users\teng\AppData\Local\uhcjuvoo.log

    c:\users\teng\AppData\Local\vtvtfqre.log

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-13 15:31 . 2012-07-13 15:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2012-07-13 15:31 . 2012-07-13 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

    2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

    2012-07-10 23:52 . 2012-07-10 23:52 90944 --s---w- c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

    2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

    2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

    2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

    2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

    2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

    2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

    2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

    2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

    2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

    2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

    2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

    2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

    2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

    2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

    2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

    2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

    2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

    2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

    2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

    2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

    2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

    2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

    2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

    2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

    2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

    2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

    2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

    2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

    1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-12-27 11:45 . 2012-07-13 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-12-27 11:45 . 2012-07-13 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-13 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 02:36 . 2012-07-13 14:25 648596 c:\windows\system32\perfh009.dat

    - 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

    + 2009-07-14 02:36 . 2012-07-13 14:25 118726 c:\windows\system32\perfc009.dat

    - 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

    "Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

    "SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

    .

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    pjbhcvsk.exe [2012-7-11 90944]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

    R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

    R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

    R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

    R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

    S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

    S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

    mStart Page = hxxp://www.google.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

    TCP: DhcpNameServer = 10.1.1.1

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - google.com

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

    84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

    "??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

    "datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

    a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

    "rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2012-07-14 01:34:47

    ComboFix-quarantined-files.txt 2012-07-13 15:34

    ComboFix2.txt 2012-07-13 14:27

    .

    Pre-Run: 52,084,174,848 bytes free

    Post-Run: 51,674,939,392 bytes free

    .

    - - End Of File - - 5582A984270AA8252DD39E7A156DC961

  2. Heres the MBAM scan report:

    Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.07.13.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    teng :: VAIO [administrator]

    14/07/2012 12:55:20 AM

    mbam-log-2012-07-14 (00-55-20).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 241048

    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

  3. Just as an added note, I wasn't able to open this site so I had to run the Roguekiller scan and delete the files you mentioned before again. As I ran it in safe mode last time it only showed bad registry files. This time it had to close a few process first. heres the scan log (sorry this didn't come up sooner):

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: teng [Admin rights]

    Mode: Remove -- Date: 07/14/2012 00:31:27

    ¤¤¤ Bad processes: 2 ¤¤¤

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 6 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

    [sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> NOT SELECTED

    [HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[14].txt >>

    RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

    RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

  4. I ran combofix. here are the scan results

    ComboFix 12-07-13.01 - teng 14/07/2012 0:05.1.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2324 [GMT 10:00]

    Running from: c:\users\teng\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files (x86)\INSTALL.LOG

    c:\program files (x86)\UNWISE.EXE

    c:\users\teng\AppData\Local\amri.exe

    c:\users\teng\AppData\Local\bdwg.exe

    c:\users\teng\AppData\Local\dacdwkjw.log

    c:\users\teng\AppData\Local\fvswgmnd.log

    c:\users\teng\AppData\Local\inlb.exe

    c:\users\teng\AppData\Local\ixos.exe

    c:\users\teng\AppData\Local\jhlmlsnb.log

    c:\users\teng\AppData\Local\jqxw.exe

    c:\users\teng\AppData\Local\jume.exe

    c:\users\teng\AppData\Local\lfbj.exe

    c:\users\teng\AppData\Local\rbimvufg.log

    c:\users\teng\AppData\Local\sxxctcia.log

    c:\users\teng\AppData\Local\ucmu.exe

    c:\users\teng\AppData\Local\uhcjuvoo.log

    c:\users\teng\AppData\Local\ukvp.exe

    c:\users\teng\AppData\Local\upfy.exe

    c:\users\teng\AppData\Local\uwdj.exe

    c:\users\teng\AppData\Local\vtvtfqre.log

    c:\users\teng\AppData\Local\yslk.exe

    c:\users\teng\AppData\Roaming\Ophen

    c:\users\teng\AppData\Roaming\Ophen\inolc.afe

    c:\windows\system32\fxsst.dll . . . . Failed to delete

    c:\windows\SysWow64\agent.exe

    .

    ----- File Replicators -----

    .

    c:\programdata\Adobe\Reader\9.2\ARM\10207\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\10207\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\10207\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\10784\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\10784\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\10784\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\16245\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\16245\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\16245\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\18064\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\18064\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\18064\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\26270\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\26270\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\26270\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31101\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31101\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31101\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31182\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31182\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\31182\ReaderUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\8908\AcrobatUpdater.exe

    c:\programdata\Adobe\Reader\9.2\ARM\8908\AdobeARMHelper.exe

    c:\programdata\Adobe\Reader\9.2\ARM\8908\ReaderUpdater.exe

    c:\programdata\cple.exe

    c:\programdata\dvxe.exe

    c:\programdata\dwsv.exe

    c:\programdata\eodx.exe

    c:\programdata\fedh.exe

    c:\programdata\inis.exe

    c:\programdata\lsll.exe

    c:\programdata\ntul.exe

    c:\programdata\oxck.exe

    c:\programdata\tmia.exe

    c:\programdata\vhbr.exe

    c:\programdata\wcgg.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10207\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10207\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10207\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10784\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10784\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\10784\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\16245\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\16245\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\16245\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\18064\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\18064\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\18064\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\26270\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\26270\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\26270\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31101\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31101\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31101\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31182\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31182\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\31182\ReaderUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\8908\AcrobatUpdater.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\8908\AdobeARMHelper.exe

    c:\users\All Users\Adobe\Reader\9.2\ARM\8908\ReaderUpdater.exe

    c:\users\All Users\cple.exe

    c:\users\All Users\dvxe.exe

    c:\users\All Users\dwsv.exe

    c:\users\All Users\eodx.exe

    c:\users\All Users\fedh.exe

    c:\users\All Users\inis.exe

    c:\users\All Users\lsll.exe

    c:\users\All Users\ntul.exe

    c:\users\All Users\oxck.exe

    c:\users\All Users\tmia.exe

    c:\users\All Users\vhbr.exe

    c:\users\All Users\wcgg.exe

    c:\users\teng\AppData\Local\amri.exe

    c:\users\teng\AppData\Local\bdwg.exe

    c:\users\teng\AppData\Local\inlb.exe

    c:\users\teng\AppData\Local\ixos.exe

    c:\users\teng\AppData\Local\jqxw.exe

    c:\users\teng\AppData\Local\jume.exe

    c:\users\teng\AppData\Local\lfbj.exe

    c:\users\teng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\teng\Desktop\0.9476905325084528.exe

    c:\users\teng\AppData\Local\ucmu.exe

    c:\users\teng\AppData\Local\ukvp.exe

    c:\users\teng\AppData\Local\upfy.exe

    c:\users\teng\AppData\Local\uwdj.exe

    c:\users\teng\AppData\Local\yslk.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ahyx.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bvoc.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bxch.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cdma.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cfeo.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\clci.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ffrp.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\hqyb.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\kyxe.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lfru.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lqbq.exe

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\oumf.exe

    .

    Infected copy of c:\windows\system32\Services.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Service_Micorsoft Windows Service

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-13 14:16 . 2012-07-13 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2012-07-13 14:16 . 2012-07-13 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63DC2876-B22A-4EB2-B022-0ED06827299F}\mpengine.dll

    2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

    2012-07-10 05:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

    2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

    2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

    2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

    2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

    2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

    2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

    2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

    2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

    2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

    2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

    2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

    2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

    2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

    2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

    2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

    2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

    2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

    2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

    2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

    2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

    2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

    2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

    2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

    2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

    2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

    2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

    2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

    2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

    2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

    2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

    1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

    "Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

    "SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

    .

    c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    pjbhcvsk.exe [2012-7-11 90944]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "Userinit"="c:\windows\system32\userinit.exe,,c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

    R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

    R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

    R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

    R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

    S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

    S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

    "combofix"="c:\combofix\CF6794.3XE" [2010-11-20 345088]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

    mStart Page = hxxp://www.google.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

    TCP: DhcpNameServer = 10.1.1.1

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - google.com

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKCU-Run-PjbHcvsk - c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe

    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

    AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

    AddRemove-USB Human Interface Device - c:\progra~2\UNWISE.EXE

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

    84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

    "??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

    .

    [HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

    "datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

    a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

    "rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe

    c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    c:\windows\SysWOW64\DllHost.exe

    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

    c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe

    c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

    .

    **************************************************************************

    .

    Completion time: 2012-07-14 00:27:57 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-13 14:27

    .

    Pre-Run: 52,566,511,616 bytes free

    Post-Run: 52,337,942,528 bytes free

    .

    - - End Of File - - 6175BA8BFD095840AB67195CD934F055

  5. Ran a scan. Wasn't too sure what was to be deleted sorry. Also I'm having to do this in safe mode as I cannot open this website in normal startup (would that imapct anything)

    Heres the scan report

    23:21:30.0054 0356 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

    23:21:31.0435 0356 ============================================================

    23:21:31.0435 0356 Current date / time: 2012/07/13 23:21:31.0435

    23:21:31.0435 0356 SystemInfo:

    23:21:31.0435 0356

    23:21:31.0435 0356 OS Version: 6.1.7601 ServicePack: 1.0

    23:21:31.0435 0356 Product type: Workstation

    23:21:31.0435 0356 ComputerName: VAIO

    23:21:31.0435 0356 UserName: teng

    23:21:31.0435 0356 Windows directory: C:\Windows

    23:21:31.0435 0356 System windows directory: C:\Windows

    23:21:31.0435 0356 Running under WOW64

    23:21:31.0435 0356 Processor architecture: Intel x64

    23:21:31.0435 0356 Number of processors: 8

    23:21:31.0435 0356 Page size: 0x1000

    23:21:31.0435 0356 Boot type: Safe boot with network

    23:21:31.0435 0356 ============================================================

    23:21:33.0435 0356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    23:21:33.0435 0356 ============================================================

    23:21:33.0435 0356 \Device\Harddisk0\DR0:

    23:21:33.0435 0356 MBR partitions:

    23:21:33.0435 0356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40000, BlocksNum 0x32000

    23:21:33.0435 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72000, BlocksNum 0x38413830

    23:21:33.0435 0356 ============================================================

    23:21:33.0525 0356 C: <-> \Device\Harddisk0\DR0\Partition1

    23:21:33.0525 0356 ============================================================

    23:21:33.0525 0356 Initialize success

    23:21:33.0525 0356 ============================================================

    23:22:09.0007 1488 ============================================================

    23:22:09.0007 1488 Scan started

    23:22:09.0007 1488 Mode: Manual; SigCheck; TDLFS;

    23:22:09.0007 1488 ============================================================

    23:22:12.0192 1488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

    23:22:12.0332 1488 1394ohci - ok

    23:22:12.0472 1488 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    23:22:12.0492 1488 ACDaemon - ok

    23:22:12.0562 1488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

    23:22:12.0582 1488 ACPI - ok

    23:22:12.0648 1488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

    23:22:12.0726 1488 AcpiPmi - ok

    23:22:12.0835 1488 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

    23:22:12.0851 1488 AdobeActiveFileMonitor8.0 - ok

    23:22:12.0929 1488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

    23:22:12.0960 1488 adp94xx - ok

    23:22:12.0991 1488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

    23:22:13.0022 1488 adpahci - ok

    23:22:13.0054 1488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

    23:22:13.0069 1488 adpu320 - ok

    23:22:13.0100 1488 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

    23:22:13.0210 1488 AeLookupSvc - ok

    23:22:13.0288 1488 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

    23:22:13.0350 1488 AFD - ok

    23:22:13.0412 1488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

    23:22:13.0412 1488 agp440 - ok

    23:22:13.0740 1488 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll

    23:22:13.0740 1488 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22

    23:22:13.0740 1488 Akamai ( HiddenFile.Multi.Generic ) - warning

    23:22:13.0740 1488 Akamai - detected HiddenFile.Multi.Generic (1)

    23:22:13.0880 1488 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

    23:22:13.0943 1488 ALG - ok

    23:22:14.0005 1488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

    23:22:14.0021 1488 aliide - ok

    23:22:14.0021 1488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

    23:22:14.0036 1488 amdide - ok

    23:22:14.0052 1488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

    23:22:14.0114 1488 AmdK8 - ok

    23:22:14.0130 1488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

    23:22:14.0177 1488 AmdPPM - ok

    23:22:14.0255 1488 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

    23:22:14.0270 1488 amdsata - ok

    23:22:14.0302 1488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

    23:22:14.0317 1488 amdsbs - ok

    23:22:14.0364 1488 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

    23:22:14.0380 1488 amdxata - ok

    23:22:14.0426 1488 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys

    23:22:14.0442 1488 ApfiltrService - ok

    23:22:14.0504 1488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

    23:22:14.0646 1488 AppID - ok

    23:22:14.0666 1488 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

    23:22:14.0726 1488 AppIDSvc - ok

    23:22:14.0796 1488 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

    23:22:14.0856 1488 Appinfo - ok

    23:22:14.0956 1488 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    23:22:14.0966 1488 Apple Mobile Device - ok

    23:22:14.0996 1488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

    23:22:15.0006 1488 arc - ok

    23:22:15.0046 1488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

    23:22:15.0056 1488 arcsas - ok

    23:22:15.0086 1488 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

    23:22:15.0096 1488 ArcSoftKsUFilter - ok

    23:22:15.0146 1488 aspnet_state - ok

    23:22:15.0186 1488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

    23:22:15.0236 1488 AsyncMac - ok

    23:22:15.0296 1488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

    23:22:15.0306 1488 atapi - ok

    23:22:15.0396 1488 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

    23:22:15.0466 1488 athr - ok

    23:22:15.0596 1488 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    23:22:15.0666 1488 AudioEndpointBuilder - ok

    23:22:15.0676 1488 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    23:22:15.0716 1488 AudioSrv - ok

    23:22:15.0776 1488 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

    23:22:15.0846 1488 AxInstSV - ok

    23:22:15.0926 1488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

    23:22:15.0976 1488 b06bdrv - ok

    23:22:16.0016 1488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

    23:22:16.0066 1488 b57nd60a - ok

    23:22:16.0106 1488 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

    23:22:16.0166 1488 BDESVC - ok

    23:22:16.0186 1488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

    23:22:16.0256 1488 Beep - ok

    23:22:16.0346 1488 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

    23:22:16.0406 1488 BFE - ok

    23:22:16.0476 1488 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

    23:22:16.0546 1488 BITS - ok

    23:22:16.0576 1488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

    23:22:16.0586 1488 blbdrive - ok

    23:22:16.0686 1488 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

    23:22:16.0701 1488 Bonjour Service - ok

    23:22:16.0764 1488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

    23:22:16.0810 1488 bowser - ok

    23:22:16.0842 1488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

    23:22:16.0904 1488 BrFiltLo - ok

    23:22:16.0920 1488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

    23:22:16.0951 1488 BrFiltUp - ok

    23:22:16.0998 1488 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

    23:22:17.0076 1488 Browser - ok

    23:22:17.0122 1488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

    23:22:17.0169 1488 Brserid - ok

    23:22:17.0185 1488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

    23:22:17.0216 1488 BrSerWdm - ok

    23:22:17.0247 1488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

    23:22:17.0294 1488 BrUsbMdm - ok

    23:22:17.0341 1488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

    23:22:17.0356 1488 BrUsbSer - ok

    23:22:17.0419 1488 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

    23:22:17.0476 1488 BthEnum - ok

    23:22:17.0507 1488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

    23:22:17.0522 1488 BTHMODEM - ok

    23:22:17.0538 1488 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

    23:22:17.0569 1488 BthPan - ok

    23:22:17.0632 1488 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

    23:22:17.0678 1488 BTHPORT - ok

    23:22:17.0725 1488 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

    23:22:17.0772 1488 bthserv - ok

    23:22:17.0850 1488 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

    23:22:17.0866 1488 BTHUSB - ok

    23:22:17.0912 1488 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

    23:22:17.0912 1488 btusbflt - ok

    23:22:17.0959 1488 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

    23:22:17.0959 1488 btwaudio - ok

    23:22:18.0022 1488 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

    23:22:18.0022 1488 btwavdt - ok

    23:22:18.0131 1488 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    23:22:18.0162 1488 btwdins - ok

    23:22:18.0193 1488 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

    23:22:18.0193 1488 btwl2cap - ok

    23:22:18.0224 1488 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

    23:22:18.0224 1488 btwrchid - ok

    23:22:18.0256 1488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

    23:22:18.0318 1488 cdfs - ok

    23:22:18.0380 1488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

    23:22:18.0412 1488 cdrom - ok

    23:22:18.0458 1488 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    23:22:18.0521 1488 CertPropSvc - ok

    23:22:18.0552 1488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

    23:22:18.0583 1488 circlass - ok

    23:22:18.0630 1488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

    23:22:18.0646 1488 CLFS - ok

    23:22:18.0708 1488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    23:22:18.0724 1488 clr_optimization_v2.0.50727_32 - ok

    23:22:18.0770 1488 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    23:22:18.0786 1488 clr_optimization_v2.0.50727_64 - ok

    23:22:18.0911 1488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    23:22:18.0926 1488 clr_optimization_v4.0.30319_32 - ok

    23:22:18.0973 1488 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    23:22:18.0989 1488 clr_optimization_v4.0.30319_64 - ok

    23:22:19.0004 1488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

    23:22:19.0051 1488 CmBatt - ok

    23:22:19.0082 1488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

    23:22:19.0098 1488 cmdide - ok

    23:22:19.0160 1488 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

    23:22:19.0192 1488 CNG - ok

    23:22:19.0238 1488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

    23:22:19.0254 1488 Compbatt - ok

    23:22:19.0301 1488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

    23:22:19.0332 1488 CompositeBus - ok

    23:22:19.0348 1488 COMSysApp - ok

    23:22:19.0379 1488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

    23:22:19.0394 1488 crcdisk - ok

    23:22:19.0441 1488 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

    23:22:19.0472 1488 CryptSvc - ok

    23:22:19.0550 1488 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

    23:22:19.0550 1488 CVirtA - ok

    23:22:19.0722 1488 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

    23:22:19.0784 1488 CVPND - ok

    23:22:19.0940 1488 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys

    23:22:19.0956 1488 CVPNDRVA - ok

    23:22:20.0018 1488 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    23:22:20.0065 1488 DcomLaunch - ok

    23:22:20.0112 1488 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

    23:22:20.0174 1488 defragsvc - ok

    23:22:20.0237 1488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

    23:22:20.0284 1488 DfsC - ok

    23:22:20.0346 1488 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

    23:22:20.0408 1488 Dhcp - ok

    23:22:20.0424 1488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

    23:22:20.0471 1488 discache - ok

    23:22:20.0502 1488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

    23:22:20.0518 1488 Disk - ok

    23:22:20.0564 1488 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

    23:22:20.0564 1488 DNE - ok

    23:22:20.0627 1488 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

    23:22:20.0689 1488 Dnscache - ok

    23:22:20.0752 1488 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

    23:22:20.0814 1488 dot3svc - ok

    23:22:20.0830 1488 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

    23:22:20.0876 1488 DPS - ok

    23:22:20.0908 1488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

    23:22:20.0939 1488 drmkaud - ok

    23:22:21.0032 1488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

    23:22:21.0048 1488 DXGKrnl - ok

    23:22:21.0095 1488 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

    23:22:21.0142 1488 EapHost - ok

    23:22:21.0282 1488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

    23:22:21.0376 1488 ebdrv - ok

    23:22:21.0500 1488 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

    23:22:21.0563 1488 EFS - ok

    23:22:21.0641 1488 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

    23:22:21.0703 1488 ehRecvr - ok

    23:22:21.0734 1488 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

    23:22:21.0766 1488 ehSched - ok

    23:22:21.0828 1488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

    23:22:21.0844 1488 elxstor - ok

    23:22:21.0890 1488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

    23:22:21.0906 1488 ErrDev - ok

    23:22:21.0937 1488 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

    23:22:22.0000 1488 EventSystem - ok

    23:22:22.0124 1488 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    23:22:22.0156 1488 EvtEng - ok

    23:22:22.0265 1488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

    23:22:22.0312 1488 exfat - ok

    23:22:22.0327 1488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

    23:22:22.0390 1488 fastfat - ok

    23:22:22.0468 1488 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

    23:22:22.0530 1488 Fax - ok

    23:22:22.0577 1488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

    23:22:22.0592 1488 fdc - ok

    23:22:22.0608 1488 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

    23:22:22.0686 1488 fdPHost - ok

    23:22:22.0702 1488 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

    23:22:22.0733 1488 FDResPub - ok

    23:22:22.0748 1488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

    23:22:22.0764 1488 FileInfo - ok

    23:22:22.0780 1488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

    23:22:22.0842 1488 Filetrace - ok

    23:22:22.0936 1488 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    23:22:22.0951 1488 FLEXnet Licensing Service - ok

    23:22:22.0998 1488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

    23:22:23.0014 1488 flpydisk - ok

    23:22:23.0076 1488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

    23:22:23.0092 1488 FltMgr - ok

    23:22:23.0170 1488 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

    23:22:23.0216 1488 FontCache - ok

    23:22:23.0294 1488 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    23:22:23.0294 1488 FontCache3.0.0.0 - ok

    23:22:23.0341 1488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

    23:22:23.0357 1488 FsDepends - ok

    23:22:23.0404 1488 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

    23:22:23.0404 1488 fssfltr - ok

    23:22:23.0513 1488 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    23:22:23.0528 1488 fsssvc - ok

    23:22:23.0560 1488 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

    23:22:23.0575 1488 Fs_Rec - ok

    23:22:23.0638 1488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

    23:22:23.0653 1488 fvevol - ok

    23:22:23.0700 1488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

    23:22:23.0716 1488 gagp30kx - ok

    23:22:23.0762 1488 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    23:22:23.0762 1488 GEARAspiWDM - ok

    23:22:23.0825 1488 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

    23:22:23.0903 1488 gpsvc - ok

    23:22:23.0934 1488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

    23:22:23.0996 1488 hcw85cir - ok

    23:22:24.0059 1488 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

    23:22:24.0074 1488 HdAudAddService - ok

    23:22:24.0137 1488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

    23:22:24.0152 1488 HDAudBus - ok

    23:22:24.0168 1488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

    23:22:24.0199 1488 HidBatt - ok

    23:22:24.0230 1488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

    23:22:24.0277 1488 HidBth - ok

    23:22:24.0313 1488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

    23:22:24.0333 1488 HidIr - ok

    23:22:24.0373 1488 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

    23:22:24.0423 1488 hidserv - ok

    23:22:24.0493 1488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

    23:22:24.0503 1488 HidUsb - ok

    23:22:24.0543 1488 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

    23:22:24.0603 1488 hkmsvc - ok

    23:22:24.0653 1488 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

    23:22:24.0693 1488 HomeGroupListener - ok

    23:22:24.0733 1488 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

    23:22:24.0763 1488 HomeGroupProvider - ok

    23:22:24.0793 1488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

    23:22:24.0813 1488 HpSAMD - ok

    23:22:24.0883 1488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

    23:22:24.0943 1488 HTTP - ok

    23:22:24.0953 1488 hwdatacard - ok

    23:22:24.0993 1488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

    23:22:25.0003 1488 hwpolicy - ok

    23:22:25.0063 1488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

    23:22:25.0073 1488 i8042prt - ok

    23:22:25.0143 1488 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    23:22:25.0153 1488 IAANTMON - ok

    23:22:25.0193 1488 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys

    23:22:25.0203 1488 iaStor - ok

    23:22:25.0283 1488 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

    23:22:25.0303 1488 iaStorV - ok

    23:22:25.0423 1488 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    23:22:25.0433 1488 IDriverT ( UnsignedFile.Multi.Generic ) - warning

    23:22:25.0433 1488 IDriverT - detected UnsignedFile.Multi.Generic (1)

    23:22:25.0533 1488 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    23:22:25.0553 1488 idsvc - ok

    23:22:25.0633 1488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

    23:22:25.0653 1488 iirsp - ok

    23:22:25.0713 1488 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

    23:22:25.0763 1488 IKEEXT - ok

    23:22:25.0813 1488 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys

    23:22:25.0843 1488 Impcd - ok

    23:22:25.0933 1488 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys

    23:22:25.0983 1488 IntcAzAudAddService - ok

    23:22:26.0103 1488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

    23:22:26.0113 1488 intelide - ok

    23:22:26.0153 1488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

    23:22:26.0173 1488 intelppm - ok

    23:22:26.0193 1488 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

    23:22:26.0253 1488 IPBusEnum - ok

    23:22:26.0313 1488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    23:22:26.0363 1488 IpFilterDriver - ok

    23:22:26.0398 1488 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

    23:22:26.0461 1488 iphlpsvc - ok

    23:22:26.0492 1488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

    23:22:26.0523 1488 IPMIDRV - ok

    23:22:26.0554 1488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

    23:22:26.0601 1488 IPNAT - ok

    23:22:26.0695 1488 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe

    23:22:26.0726 1488 iPod Service - ok

    23:22:26.0742 1488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

    23:22:26.0804 1488 IRENUM - ok

    23:22:26.0835 1488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

    23:22:26.0851 1488 isapnp - ok

    23:22:26.0898 1488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

    23:22:26.0913 1488 iScsiPrt - ok

    23:22:26.0991 1488 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    23:22:27.0007 1488 IviRegMgr - ok

    23:22:27.0054 1488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

    23:22:27.0069 1488 kbdclass - ok

    23:22:27.0147 1488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

    23:22:27.0163 1488 kbdhid - ok

    23:22:27.0210 1488 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    23:22:27.0225 1488 KeyIso - ok

    23:22:27.0225 1488 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

    23:22:27.0241 1488 KSecDD - ok

    23:22:27.0256 1488 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

    23:22:27.0288 1488 KSecPkg - ok

    23:22:27.0334 1488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

    23:22:27.0397 1488 ksthunk - ok

    23:22:27.0428 1488 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

    23:22:27.0475 1488 KtmRm - ok

    23:22:27.0568 1488 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

    23:22:27.0631 1488 LanmanServer - ok

    23:22:27.0678 1488 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

    23:22:27.0724 1488 LanmanWorkstation - ok

    23:22:27.0787 1488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

    23:22:27.0849 1488 lltdio - ok

    23:22:27.0880 1488 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

    23:22:27.0943 1488 lltdsvc - ok

    23:22:27.0958 1488 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

    23:22:28.0005 1488 lmhosts - ok

    23:22:28.0036 1488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

    23:22:28.0052 1488 LSI_FC - ok

    23:22:28.0068 1488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

    23:22:28.0083 1488 LSI_SAS - ok

    23:22:28.0114 1488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

    23:22:28.0114 1488 LSI_SAS2 - ok

    23:22:28.0161 1488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

    23:22:28.0177 1488 LSI_SCSI - ok

    23:22:28.0208 1488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

    23:22:28.0270 1488 luafv - ok

    23:22:28.0380 1488 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

    23:22:28.0395 1488 McAfee SiteAdvisor Service - ok

    23:22:28.0442 1488 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

    23:22:28.0458 1488 Mcx2Svc - ok

    23:22:28.0473 1488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

    23:22:28.0489 1488 megasas - ok

    23:22:28.0520 1488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

    23:22:28.0551 1488 MegaSR - ok

    23:22:28.0582 1488 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    23:22:28.0629 1488 MMCSS - ok

    23:22:28.0660 1488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

    23:22:28.0707 1488 Modem - ok

    23:22:28.0770 1488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

    23:22:28.0785 1488 monitor - ok

    23:22:28.0832 1488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

    23:22:28.0848 1488 mouclass - ok

    23:22:28.0879 1488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

    23:22:28.0910 1488 mouhid - ok

    23:22:28.0957 1488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

    23:22:28.0972 1488 mountmgr - ok

    23:22:29.0035 1488 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

    23:22:29.0050 1488 MpFilter - ok

    23:22:29.0097 1488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

    23:22:29.0097 1488 mpio - ok

    23:22:29.0128 1488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

    23:22:29.0175 1488 mpsdrv - ok

    23:22:29.0253 1488 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

    23:22:29.0300 1488 MpsSvc - ok

    23:22:29.0347 1488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

    23:22:29.0394 1488 MRxDAV - ok

    23:22:29.0425 1488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

    23:22:29.0472 1488 mrxsmb - ok

    23:22:29.0503 1488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    23:22:29.0550 1488 mrxsmb10 - ok

    23:22:29.0596 1488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    23:22:29.0596 1488 mrxsmb20 - ok

    23:22:29.0659 1488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

    23:22:29.0659 1488 msahci - ok

    23:22:29.0706 1488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

    23:22:29.0721 1488 msdsm - ok

    23:22:29.0752 1488 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

    23:22:29.0784 1488 MSDTC - ok

    23:22:29.0815 1488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

    23:22:29.0862 1488 Msfs - ok

    23:22:29.0877 1488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

    23:22:29.0923 1488 mshidkmdf - ok

    23:22:29.0973 1488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

    23:22:29.0983 1488 msisadrv - ok

    23:22:30.0023 1488 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

    23:22:30.0073 1488 MSiSCSI - ok

    23:22:30.0083 1488 msiserver - ok

    23:22:30.0123 1488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

    23:22:30.0163 1488 MSKSSRV - ok

    23:22:30.0303 1488 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

    23:22:30.0323 1488 MsMpSvc - ok

    23:22:30.0353 1488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

    23:22:30.0403 1488 MSPCLOCK - ok

    23:22:30.0423 1488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

    23:22:30.0473 1488 MSPQM - ok

    23:22:30.0513 1488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

    23:22:30.0533 1488 MsRPC - ok

    23:22:30.0573 1488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

    23:22:30.0583 1488 mssmbios - ok

    23:22:30.0623 1488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

    23:22:30.0663 1488 MSTEE - ok

    23:22:30.0683 1488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

    23:22:30.0713 1488 MTConfig - ok

    23:22:30.0743 1488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

    23:22:30.0763 1488 Mup - ok

    23:22:30.0813 1488 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

    23:22:30.0873 1488 napagent - ok

    23:22:30.0943 1488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

    23:22:30.0973 1488 NativeWifiP - ok

    23:22:31.0093 1488 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

    23:22:31.0103 1488 NBService ( UnsignedFile.Multi.Generic ) - warning

    23:22:31.0103 1488 NBService - detected UnsignedFile.Multi.Generic (1)

    23:22:31.0183 1488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

    23:22:31.0213 1488 NDIS - ok

    23:22:31.0233 1488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

    23:22:31.0293 1488 NdisCap - ok

    23:22:31.0313 1488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

    23:22:31.0363 1488 NdisTapi - ok

    23:22:31.0433 1488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

    23:22:31.0473 1488 Ndisuio - ok

    23:22:31.0523 1488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

    23:22:31.0563 1488 NdisWan - ok

    23:22:31.0603 1488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

    23:22:31.0643 1488 NDProxy - ok

    23:22:31.0673 1488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

    23:22:31.0733 1488 NetBIOS - ok

    23:22:31.0773 1488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

    23:22:31.0813 1488 NetBT - ok

    23:22:31.0853 1488 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    23:22:31.0863 1488 Netlogon - ok

    23:22:31.0903 1488 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

    23:22:31.0963 1488 Netman - ok

    23:22:31.0993 1488 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

    23:22:32.0033 1488 netprofm - ok

    23:22:32.0083 1488 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    23:22:32.0093 1488 NetTcpPortSharing - ok

    23:22:32.0398 1488 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

    23:22:32.0601 1488 NETw5s64 - ok

    23:22:32.0710 1488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

    23:22:32.0726 1488 nfrd960 - ok

    23:22:32.0773 1488 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    23:22:32.0788 1488 NisDrv - ok

    23:22:32.0929 1488 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

    23:22:32.0944 1488 NisSrv - ok

    23:22:33.0007 1488 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

    23:22:33.0054 1488 NlaSvc - ok

    23:22:33.0163 1488 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

    23:22:33.0178 1488 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

    23:22:33.0178 1488 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

    23:22:33.0194 1488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

    23:22:33.0225 1488 Npfs - ok

    23:22:33.0256 1488 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

    23:22:33.0288 1488 nsi - ok

    23:22:33.0303 1488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

    23:22:33.0366 1488 nsiproxy - ok

    23:22:33.0475 1488 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

    23:22:33.0506 1488 Ntfs - ok

    23:22:33.0600 1488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

    23:22:33.0662 1488 Null - ok

    23:22:33.0724 1488 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

    23:22:33.0740 1488 NVHDA - ok

    23:22:34.0192 1488 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

    23:22:34.0598 1488 nvlddmkm - ok

    23:22:34.0707 1488 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

    23:22:34.0723 1488 nvraid - ok

    23:22:34.0738 1488 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

    23:22:34.0754 1488 nvstor - ok

    23:22:34.0848 1488 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

    23:22:34.0894 1488 nvsvc - ok

    23:22:35.0097 1488 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    23:22:35.0144 1488 nvUpdatusService - ok

    23:22:35.0269 1488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

    23:22:35.0284 1488 nv_agp - ok

    23:22:35.0378 1488 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    23:22:35.0394 1488 odserv - ok

    23:22:35.0440 1488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

    23:22:35.0456 1488 ohci1394 - ok

    23:22:35.0503 1488 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    23:22:35.0518 1488 ose - ok

    23:22:35.0550 1488 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    23:22:35.0581 1488 p2pimsvc - ok

    23:22:35.0628 1488 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

    23:22:35.0643 1488 p2psvc - ok

    23:22:35.0674 1488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

    23:22:35.0690 1488 Parport - ok

    23:22:35.0721 1488 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

    23:22:35.0737 1488 partmgr - ok

    23:22:35.0768 1488 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

    23:22:35.0799 1488 PcaSvc - ok

    23:22:35.0846 1488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

    23:22:35.0862 1488 pci - ok

    23:22:35.0908 1488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

    23:22:35.0924 1488 pciide - ok

    23:22:35.0955 1488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

    23:22:35.0971 1488 pcmcia - ok

    23:22:36.0002 1488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

    23:22:36.0018 1488 pcw - ok

    23:22:36.0049 1488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

    23:22:36.0111 1488 PEAUTH - ok

    23:22:36.0174 1488 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

    23:22:36.0189 1488 PerfHost - ok

    23:22:36.0267 1488 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

    23:22:36.0324 1488 pla - ok

    23:22:36.0394 1488 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

    23:22:36.0434 1488 PlugPlay - ok

    23:22:36.0514 1488 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

    23:22:36.0554 1488 PMBDeviceInfoProvider - ok

    23:22:36.0574 1488 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

    23:22:36.0604 1488 PNRPAutoReg - ok

    23:22:36.0644 1488 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    23:22:36.0664 1488 PNRPsvc - ok

    23:22:36.0714 1488 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

    23:22:36.0774 1488 PolicyAgent - ok

    23:22:36.0804 1488 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

    23:22:36.0854 1488 Power - ok

    23:22:36.0944 1488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

    23:22:36.0994 1488 PptpMiniport - ok

    23:22:37.0034 1488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

    23:22:37.0054 1488 Processor - ok

    23:22:37.0104 1488 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

    23:22:37.0154 1488 ProfSvc - ok

    23:22:37.0224 1488 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    23:22:37.0234 1488 ProtectedStorage - ok

    23:22:37.0284 1488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

    23:22:37.0334 1488 Psched - ok

    23:22:37.0414 1488 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    23:22:37.0424 1488 PSI_SVC_2 - ok

    23:22:37.0474 1488 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

    23:22:37.0474 1488 PxHlpa64 - ok

    23:22:37.0584 1488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

    23:22:37.0634 1488 ql2300 - ok

    23:22:37.0734 1488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

    23:22:37.0744 1488 ql40xx - ok

    23:22:37.0794 1488 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

    23:22:37.0814 1488 QWAVE - ok

    23:22:37.0844 1488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

    23:22:37.0884 1488 QWAVEdrv - ok

    23:22:37.0894 1488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

    23:22:37.0944 1488 RasAcd - ok

    23:22:37.0984 1488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

    23:22:38.0024 1488 RasAgileVpn - ok

    23:22:38.0044 1488 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

    23:22:38.0094 1488 RasAuto - ok

    23:22:38.0144 1488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

    23:22:38.0194 1488 Rasl2tp - ok

    23:22:38.0254 1488 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

    23:22:38.0314 1488 RasMan - ok

    23:22:38.0344 1488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

    23:22:38.0384 1488 RasPppoe - ok

    23:22:38.0414 1488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

    23:22:38.0454 1488 RasSstp - ok

    23:22:38.0514 1488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

    23:22:38.0564 1488 rdbss - ok

    23:22:38.0594 1488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

    23:22:38.0614 1488 rdpbus - ok

    23:22:38.0634 1488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

    23:22:38.0684 1488 RDPCDD - ok

    23:22:38.0724 1488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

    23:22:38.0784 1488 RDPENCDD - ok

    23:22:38.0804 1488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

    23:22:38.0844 1488 RDPREFMP - ok

    23:22:38.0884 1488 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

    23:22:38.0934 1488 RDPWD - ok

    23:22:38.0984 1488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

    23:22:38.0994 1488 rdyboost - ok

    23:22:39.0034 1488 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

    23:22:39.0034 1488 regi - ok

    23:22:39.0144 1488 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    23:22:39.0164 1488 RegSrvc - ok

    23:22:39.0194 1488 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

    23:22:39.0234 1488 RemoteAccess - ok

    23:22:39.0264 1488 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

    23:22:39.0324 1488 RemoteRegistry - ok

    23:22:39.0364 1488 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

    23:22:39.0394 1488 RFCOMM - ok

    23:22:39.0434 1488 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys

    23:22:39.0464 1488 rimspci - ok

    23:22:39.0514 1488 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys

    23:22:39.0564 1488 risdsnpe - ok

    23:22:39.0634 1488 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    23:22:39.0644 1488 Roxio UPnP Renderer 10 - ok

    23:22:39.0694 1488 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    23:22:39.0704 1488 Roxio Upnp Server 10 - ok

    23:22:39.0734 1488 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

    23:22:39.0794 1488 RpcEptMapper - ok

    23:22:39.0824 1488 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

    23:22:39.0834 1488 RpcLocator - ok

    23:22:39.0884 1488 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    23:22:39.0934 1488 RpcSs - ok

    23:22:39.0994 1488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

    23:22:40.0044 1488 rspndr - ok

    23:22:40.0144 1488 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\SONY\VAIO Care\collsvc.exe

    23:22:40.0164 1488 SampleCollector ( UnsignedFile.Multi.Generic ) - warning

    23:22:40.0164 1488 SampleCollector - detected UnsignedFile.Multi.Generic (1)

    23:22:40.0204 1488 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    23:22:40.0214 1488 SamSs - ok

    23:22:40.0254 1488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

    23:22:40.0264 1488 sbp2port - ok

    23:22:40.0304 1488 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

    23:22:40.0354 1488 SCardSvr - ok

    23:22:40.0384 1488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

    23:22:40.0434 1488 scfilter - ok

    23:22:40.0514 1488 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

    23:22:40.0584 1488 Schedule - ok

    23:22:40.0624 1488 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    23:22:40.0654 1488 SCPolicySvc - ok

    23:22:40.0734 1488 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

    23:22:40.0744 1488 sdbus - ok

    23:22:40.0794 1488 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

    23:22:40.0824 1488 SDRSVC - ok

    23:22:40.0904 1488 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    23:22:40.0924 1488 SeaPort - ok

    23:22:40.0974 1488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

    23:22:41.0014 1488 secdrv - ok

    23:22:41.0054 1488 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

    23:22:41.0104 1488 seclogon - ok

    23:22:41.0144 1488 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

    23:22:41.0184 1488 SENS - ok

    23:22:41.0224 1488 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

    23:22:41.0254 1488 SensrSvc - ok

    23:22:41.0274 1488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

    23:22:41.0294 1488 Serenum - ok

    23:22:41.0334 1488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

    23:22:41.0354 1488 Serial - ok

    23:22:41.0394 1488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

    23:22:41.0404 1488 sermouse - ok

    23:22:41.0454 1488 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

    23:22:41.0504 1488 SessionEnv - ok

    23:22:41.0554 1488 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

    23:22:41.0564 1488 SFEP - ok

    23:22:41.0600 1488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

    23:22:41.0631 1488 sffdisk - ok

    23:22:41.0678 1488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

    23:22:41.0709 1488 sffp_mmc - ok

    23:22:41.0740 1488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

    23:22:41.0787 1488 sffp_sd - ok

    23:22:41.0802 1488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

    23:22:41.0818 1488 sfloppy - ok

    23:22:41.0880 1488 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

    23:22:41.0943 1488 SharedAccess - ok

    23:22:41.0990 1488 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

    23:22:42.0036 1488 ShellHWDetection - ok

    23:22:42.0068 1488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

    23:22:42.0083 1488 SiSRaid2 - ok

    23:22:42.0114 1488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

    23:22:42.0130 1488 SiSRaid4 - ok

    23:22:42.0161 1488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

    23:22:42.0208 1488 Smb - ok

    23:22:42.0255 1488 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

    23:22:42.0270 1488 SNMPTRAP - ok

    23:22:42.0364 1488 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

    23:22:42.0364 1488 SOHCImp - ok

    23:22:42.0395 1488 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

    23:22:42.0395 1488 SOHDBSvr - ok

    23:22:42.0426 1488 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

    23:22:42.0442 1488 SOHDms - ok

    23:22:42.0473 1488 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

    23:22:42.0473 1488 SOHDs - ok

    23:22:42.0489 1488 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

    23:22:42.0504 1488 SOHPlMgr - ok

    23:22:42.0536 1488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

    23:22:42.0536 1488 spldr - ok

    23:22:42.0598 1488 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

    23:22:42.0645 1488 Spooler - ok

    23:22:42.0801 1488 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

    23:22:42.0910 1488 sppsvc - ok

    23:22:43.0004 1488 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

    23:22:43.0050 1488 sppuinotify - ok

    23:22:43.0160 1488 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys

    23:22:43.0175 1488 sptd - ok

    23:22:43.0238 1488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

    23:22:43.0284 1488 srv - ok

    23:22:43.0316 1488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

    23:22:43.0331 1488 srv2 - ok

    23:22:43.0378 1488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

    23:22:43.0409 1488 srvnet - ok

    23:22:43.0440 1488 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

    23:22:43.0487 1488 SSDPSRV - ok

    23:22:43.0503 1488 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

    23:22:43.0534 1488 SstpSvc - ok

    23:22:43.0659 1488 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    23:22:43.0690 1488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

    23:22:43.0690 1488 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

    23:22:43.0768 1488 Steam Client Service - ok

    23:22:43.0893 1488 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    23:22:43.0908 1488 Stereo Service - ok

    23:22:43.0940 1488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

    23:22:43.0955 1488 stexstor - ok

    23:22:44.0033 1488 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

    23:22:44.0049 1488 stisvc - ok

    23:22:44.0096 1488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

    23:22:44.0111 1488 swenum - ok

    23:22:44.0142 1488 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

    23:22:44.0205 1488 swprv - ok

    23:22:44.0298 1488 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

    23:22:44.0361 1488 SysMain - ok

    23:22:44.0454 1488 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

    23:22:44.0501 1488 TabletInputService - ok

    23:22:44.0517 1488 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

    23:22:44.0579 1488 TapiSrv - ok

    23:22:44.0626 1488 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

    23:22:44.0657 1488 TBS - ok

    23:22:44.0829 1488 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

    23:22:44.0876 1488 Tcpip - ok

    23:22:45.0032 1488 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

    23:22:45.0078 1488 TCPIP6 - ok

    23:22:45.0188 1488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

    23:22:45.0234 1488 tcpipreg - ok

    23:22:45.0266 1488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

    23:22:45.0297 1488 TDPIPE - ok

    23:22:45.0354 1488 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

    23:22:45.0374 1488 TDTCP - ok

    23:22:45.0424 1488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

    23:22:45.0464 1488 tdx - ok

    23:22:45.0514 1488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

    23:22:45.0524 1488 TermDD - ok

    23:22:45.0584 1488 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

    23:22:45.0654 1488 TermService - ok

    23:22:45.0674 1488 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

    23:22:45.0694 1488 Themes - ok

    23:22:45.0714 1488 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    23:22:45.0754 1488 THREADORDER - ok

    23:22:45.0764 1488 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

    23:22:45.0814 1488 TrkWks - ok

    23:22:45.0874 1488 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

    23:22:45.0934 1488 TrustedInstaller - ok

    23:22:45.0974 1488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

    23:22:46.0014 1488 tssecsrv - ok

    23:22:46.0094 1488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

    23:22:46.0134 1488 TsUsbFlt - ok

    23:22:46.0194 1488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

    23:22:46.0254 1488 tunnel - ok

    23:22:46.0284 1488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

    23:22:46.0294 1488 uagp35 - ok

    23:22:46.0354 1488 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

    23:22:46.0364 1488 uCamMonitor - ok

    23:22:46.0424 1488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

    23:22:46.0474 1488 udfs - ok

    23:22:46.0524 1488 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

    23:22:46.0544 1488 UI0Detect - ok

    23:22:46.0604 1488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

    23:22:46.0614 1488 uliagpkx - ok

    23:22:46.0664 1488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

    23:22:46.0684 1488 umbus - ok

    23:22:46.0704 1488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

    23:22:46.0734 1488 UmPass - ok

    23:22:46.0774 1488 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

    23:22:46.0834 1488 upnphost - ok

    23:22:46.0884 1488 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

    23:22:46.0914 1488 USBAAPL64 - ok

    23:22:46.0954 1488 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

    23:22:46.0994 1488 usbccgp - ok

    23:22:47.0044 1488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

    23:22:47.0054 1488 usbcir - ok

    23:22:47.0094 1488 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

    23:22:47.0124 1488 usbehci - ok

    23:22:47.0184 1488 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

    23:22:47.0214 1488 usbhub - ok

    23:22:47.0254 1488 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

    23:22:47.0284 1488 usbohci - ok

    23:22:47.0314 1488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

    23:22:47.0344 1488 usbprint - ok

    23:22:47.0394 1488 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

    23:22:47.0434 1488 USBSTOR - ok

    23:22:47.0444 1488 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

    23:22:47.0494 1488 usbuhci - ok

    23:22:47.0544 1488 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

    23:22:47.0554 1488 usbvideo - ok

    23:22:47.0584 1488 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

    23:22:47.0644 1488 UxSms - ok

    23:22:47.0754 1488 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

    23:22:47.0764 1488 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

    23:22:47.0764 1488 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

    23:22:47.0814 1488 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

    23:22:47.0834 1488 VAIO Event Service - ok

    23:22:47.0924 1488 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

    23:22:47.0944 1488 VAIO Power Management - ok

    23:22:47.0994 1488 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    23:22:48.0004 1488 VaultSvc - ok

    23:22:48.0064 1488 VCFw (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

    23:22:48.0084 1488 VCFw - ok

    23:22:48.0134 1488 VcmIAlzMgr (fd03ac6cd1571aa8b2ff56d3c600e26e) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

    23:22:48.0144 1488 VcmIAlzMgr - ok

    23:22:48.0184 1488 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

    23:22:48.0194 1488 VcmINSMgr - ok

    23:22:48.0254 1488 VcmXmlIfHelper (dfe10c68ef4684f7754fcca39a4cc6ba) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

    23:22:48.0264 1488 VcmXmlIfHelper - ok

    23:22:48.0384 1488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

    23:22:48.0404 1488 vdrvroot - ok

    23:22:48.0454 1488 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

    23:22:48.0494 1488 vds - ok

    23:22:48.0544 1488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

    23:22:48.0564 1488 vga - ok

    23:22:48.0574 1488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

    23:22:48.0624 1488 VgaSave - ok

    23:22:48.0674 1488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

    23:22:48.0684 1488 vhdmp - ok

    23:22:48.0724 1488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

    23:22:48.0734 1488 viaide - ok

    23:22:48.0774 1488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

    23:22:48.0794 1488 volmgr - ok

    23:22:48.0844 1488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

    23:22:48.0864 1488 volmgrx - ok

    23:22:48.0924 1488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

    23:22:48.0944 1488 volsnap - ok

    23:22:48.0994 1488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

    23:22:49.0014 1488 vsmraid - ok

    23:22:49.0124 1488 VSNService (27cc4003da9ea10e3cd412a398bf04e6) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe

    23:22:49.0144 1488 VSNService ( UnsignedFile.Multi.Generic ) - warning

    23:22:49.0144 1488 VSNService - detected UnsignedFile.Multi.Generic (1)

    23:22:49.0224 1488 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

    23:22:49.0294 1488 VSS - ok

    23:22:49.0414 1488 VUAgent (77e034d8d8dfa4039b45aca2f0d3ac13) C:\Program Files\SONY\VAIO Update 5\VUAgent.exe

    23:22:49.0444 1488 VUAgent - ok

    23:22:49.0534 1488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

    23:22:49.0554 1488 vwifibus - ok

    23:22:49.0584 1488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

    23:22:49.0614 1488 vwififlt - ok

    23:22:49.0644 1488 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

    23:22:49.0664 1488 vwifimp - ok

    23:22:49.0754 1488 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    23:22:49.0774 1488 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

    23:22:49.0774 1488 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

    23:22:49.0814 1488 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

    23:22:49.0864 1488 W32Time - ok

    23:22:49.0904 1488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

    23:22:49.0924 1488 WacomPen - ok

    23:22:49.0984 1488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    23:22:50.0034 1488 WANARP - ok

    23:22:50.0054 1488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    23:22:50.0084 1488 Wanarpv6 - ok

    23:22:50.0154 1488 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

    23:22:50.0194 1488 WatAdminSvc - ok

    23:22:50.0284 1488 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

    23:22:50.0364 1488 wbengine - ok

    23:22:50.0534 1488 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

    23:22:50.0594 1488 WbioSrvc - ok

    23:22:50.0724 1488 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

    23:22:50.0854 1488 wcncsvc - ok

    23:22:50.0894 1488 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

    23:22:50.0944 1488 WcsPlugInService - ok

    23:22:51.0034 1488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

    23:22:51.0044 1488 Wd - ok

    23:22:51.0124 1488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

    23:22:51.0164 1488 Wdf01000 - ok

    23:22:51.0204 1488 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    23:22:51.0414 1488 WdiServiceHost - ok

    23:22:51.0414 1488 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    23:22:51.0434 1488 WdiSystemHost - ok

    23:22:51.0494 1488 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

    23:22:51.0544 1488 WebClient - ok

    23:22:51.0604 1488 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

    23:22:51.0664 1488 Wecsvc - ok

    23:22:51.0694 1488 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

    23:22:51.0754 1488 wercplsupport - ok

    23:22:51.0804 1488 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

    23:22:51.0844 1488 WerSvc - ok

    23:22:51.0974 1488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

    23:22:52.0054 1488 WfpLwf - ok

    23:22:52.0084 1488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

    23:22:52.0104 1488 WIMMount - ok

    23:22:52.0104 1488 WinHttpAutoProxySvc - ok

    23:22:52.0194 1488 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

    23:22:52.0304 1488 Winmgmt - ok

    23:22:52.0504 1488 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

    23:22:52.0614 1488 WinRM - ok

    23:22:52.0744 1488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

    23:22:52.0774 1488 WinUsb - ok

    23:22:52.0834 1488 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

    23:22:52.0864 1488 Wlansvc - ok

    23:22:53.0014 1488 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    23:22:53.0064 1488 wlidsvc - ok

    23:22:53.0164 1488 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

    23:22:53.0174 1488 WmBEnum - ok

    23:22:53.0224 1488 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

    23:22:53.0234 1488 WmFilter - ok

    23:22:53.0274 1488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

    23:22:53.0294 1488 WmiAcpi - ok

    23:22:53.0344 1488 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

    23:22:53.0374 1488 wmiApSrv - ok

    23:22:53.0394 1488 WMPNetworkSvc - ok

    23:22:53.0454 1488 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

    23:22:53.0454 1488 WmVirHid - ok

    23:22:53.0494 1488 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

    23:22:53.0504 1488 WmXlCore - ok

    23:22:53.0534 1488 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

    23:22:53.0564 1488 WPCSvc - ok

    23:22:53.0614 1488 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

    23:22:53.0634 1488 WPDBusEnum - ok

    23:22:53.0654 1488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

    23:22:53.0694 1488 ws2ifsl - ok

    23:22:53.0704 1488 WSearch - ok

    23:22:53.0814 1488 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

    23:22:53.0874 1488 wuauserv - ok

    23:22:53.0984 1488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

    23:22:54.0044 1488 WudfPf - ok

    23:22:54.0114 1488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

    23:22:54.0154 1488 WUDFRd - ok

    23:22:54.0194 1488 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

    23:22:54.0234 1488 wudfsvc - ok

    23:22:54.0274 1488 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

    23:22:54.0304 1488 WwanSvc - ok

    23:22:54.0394 1488 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

    23:22:54.0434 1488 xusb21 - ok

    23:22:54.0484 1488 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys

    23:22:54.0544 1488 yukonw7 - ok

    23:22:54.0594 1488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

    23:22:55.0304 1488 \Device\Harddisk0\DR0 - ok

    23:22:55.0344 1488 Boot (0x1200) (f5336d2cb112c43983b6151d3d188297) \Device\Harddisk0\DR0\Partition0

    23:22:55.0344 1488 \Device\Harddisk0\DR0\Partition0 - ok

    23:22:55.0364 1488 Boot (0x1200) (c42a05656d02b644057c60a40be8ccbd) \Device\Harddisk0\DR0\Partition1

    23:22:55.0364 1488 \Device\Harddisk0\DR0\Partition1 - ok

    23:22:55.0364 1488 ============================================================

    23:22:55.0364 1488 Scan finished

    23:22:55.0364 1488 ============================================================

    23:22:55.0394 0392 Detected object count: 9

    23:22:55.0394 0392 Actual detected object count: 9

    23:23:11.0711 0392 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

    23:23:11.0711 0392 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

    23:23:11.0731 0392 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0731 0392 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0746 0392 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0746 0392 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0762 0392 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0762 0392 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0777 0392 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0777 0392 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0793 0392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0793 0392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0809 0392 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0809 0392 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0809 0392 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0809 0392 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    23:23:11.0809 0392 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

    23:23:11.0809 0392 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

  6. Thanks for helping.

    Here's the scan report

    RogueKiller V7.6.3 [07/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Safe mode with network support

    User: teng [Admin rights]

    Mode: Scan -- Date: 07/13/2012 22:27:12

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 7 ¤¤¤

    [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

    [sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

    [bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

    [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe,) -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

    --- User ---

    [MBR] b920a0ccdea031bc9d9ac6253324ac86

    [bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>

    RKreport[1].txt ; RKreport[2].txt

  7. Hi. My Windows 7 laptop keeps having Windows command prompt pop up. I've scanned with Malwarebytes and MSE. They both come back showing Trojans, but even when I use the remove processes it still doesn't seem to work. Malwarebytes keeps finding the trojan and MSE just tells me that the program could not find the malware. Hope someone can help me. Cheers

    Attach.txt

    DDS.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.