Some malwares could not be removed

[sunshineboy00]

Hi, I have followed the instruction and please find attached two text file generated from DDS.com

Thanks in advance for any advise.

My PC browser would:

- pop up mediashifting website and not going to my original website

- Go to www.abnow.com from google search results

- some website could not be loaded, browser shows 'webpage cannot be displayed'

When scanning there are 3 items left and even after restart , they cannot be removed.

Attach.txt

DDS.txt

[Elise]

Hello and

First of all, lets do also a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[sunshineboy00]

Thanks for the reply. I will do the scanning tonight. Cheers.

[Elise]

Thank you for letting me know, if you have any trouble with the steps, just post here.

[sunshineboy00]

Hi Elise,

Please find TDSSKiller log

19:17:10.0166 6368 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

19:17:11.0003 6368 ============================================================

19:17:11.0003 6368 Current date / time: 2012/02/06 19:17:11.0003

19:17:11.0003 6368 SystemInfo:

19:17:11.0003 6368

19:17:11.0003 6368 OS Version: 6.1.7600 ServicePack: 0.0

19:17:11.0003 6368 Product type: Workstation

19:17:11.0003 6368 ComputerName: CLIFFCHAU-VAIO

19:17:11.0004 6368 UserName: Cliff Chau

19:17:11.0004 6368 Windows directory: C:\Windows

19:17:11.0004 6368 System windows directory: C:\Windows

19:17:11.0004 6368 Running under WOW64

19:17:11.0004 6368 Processor architecture: Intel x64

19:17:11.0004 6368 Number of processors: 8

19:17:11.0004 6368 Page size: 0x1000

19:17:11.0004 6368 Boot type: Normal boot

19:17:11.0004 6368 ============================================================

19:17:11.0342 6368 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:17:11.0346 6368 \Device\Harddisk0\DR0:

19:17:11.0346 6368 MBR used

19:17:11.0346 6368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2028800, BlocksNum 0x32000

19:17:11.0346 6368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x205A800, BlocksNum 0x1320EDB0

19:17:11.0358 6368 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1526A000, BlocksNum 0x5F49C000

19:17:11.0419 6368 Initialize success

19:17:11.0419 6368 ============================================================

19:17:17.0365 0276 ============================================================

19:17:17.0365 0276 Scan started

19:17:17.0365 0276 Mode: Manual;

19:17:17.0365 0276 ============================================================

19:17:17.0832 0276 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys

19:17:17.0836 0276 1394ohci - ok

19:17:17.0903 0276 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

19:17:17.0908 0276 ACPI - ok

19:17:17.0926 0276 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

19:17:17.0927 0276 AcpiPmi - ok

19:17:17.0966 0276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

19:17:17.0970 0276 adp94xx - ok

19:17:17.0997 0276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

19:17:18.0000 0276 adpahci - ok

19:17:18.0016 0276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

19:17:18.0018 0276 adpu320 - ok

19:17:18.0038 0276 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

19:17:18.0043 0276 AFD - ok

19:17:18.0065 0276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:17:18.0066 0276 agp440 - ok

19:17:18.0082 0276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:17:18.0082 0276 aliide - ok

19:17:18.0099 0276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:17:18.0100 0276 amdide - ok

19:17:18.0113 0276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

19:17:18.0114 0276 AmdK8 - ok

19:17:18.0132 0276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

19:17:18.0133 0276 AmdPPM - ok

19:17:18.0160 0276 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys

19:17:18.0163 0276 amdsata - ok

19:17:18.0198 0276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

19:17:18.0203 0276 amdsbs - ok

19:17:18.0232 0276 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys

19:17:18.0233 0276 amdxata - ok

19:17:18.0270 0276 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:17:18.0272 0276 AppID - ok

19:17:18.0295 0276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

19:17:18.0297 0276 arc - ok

19:17:18.0311 0276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

19:17:18.0313 0276 arcsas - ok

19:17:18.0337 0276 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

19:17:18.0338 0276 ArcSoftKsUFilter - ok

19:17:18.0357 0276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:17:18.0358 0276 AsyncMac - ok

19:17:18.0379 0276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:17:18.0380 0276 atapi - ok

19:17:18.0426 0276 athr (b8c8b1e2dbf2f751d9cd5f42109837ce) C:\Windows\system32\DRIVERS\athrx.sys

19:17:18.0460 0276 athr - ok

19:17:18.0498 0276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

19:17:18.0502 0276 b06bdrv - ok

19:17:18.0511 0276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:17:18.0514 0276 b57nd60a - ok

19:17:18.0544 0276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:17:18.0544 0276 Beep - ok

19:17:18.0561 0276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

19:17:18.0562 0276 blbdrive - ok

19:17:18.0576 0276 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

19:17:18.0577 0276 bowser - ok

19:17:18.0598 0276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

19:17:18.0598 0276 BrFiltLo - ok

19:17:18.0618 0276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

19:17:18.0619 0276 BrFiltUp - ok

19:17:18.0653 0276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:17:18.0657 0276 Brserid - ok

19:17:18.0676 0276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:17:18.0678 0276 BrSerWdm - ok

19:17:18.0696 0276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:17:18.0697 0276 BrUsbMdm - ok

19:17:18.0708 0276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:17:18.0708 0276 BrUsbSer - ok

19:17:18.0738 0276 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

19:17:18.0739 0276 BthEnum - ok

19:17:18.0758 0276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

19:17:18.0760 0276 BTHMODEM - ok

19:17:18.0781 0276 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:17:18.0783 0276 BthPan - ok

19:17:18.0823 0276 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

19:17:18.0830 0276 BTHPORT - ok

19:17:18.0855 0276 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

19:17:18.0856 0276 BTHUSB - ok

19:17:18.0884 0276 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys

19:17:18.0889 0276 btwampfl - ok

19:17:18.0911 0276 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys

19:17:18.0913 0276 btwaudio - ok

19:17:18.0934 0276 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys

19:17:18.0937 0276 btwavdt - ok

19:17:18.0972 0276 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:17:18.0973 0276 btwl2cap - ok

19:17:18.0989 0276 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys

19:17:18.0990 0276 btwrchid - ok

19:17:19.0046 0276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:17:19.0047 0276 cdfs - ok

19:17:19.0067 0276 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:17:19.0069 0276 cdrom - ok

19:17:19.0092 0276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

19:17:19.0093 0276 circlass - ok

19:17:19.0116 0276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:17:19.0120 0276 CLFS - ok

19:17:19.0146 0276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

19:17:19.0146 0276 CmBatt - ok

19:17:19.0166 0276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:17:19.0167 0276 cmdide - ok

19:17:19.0193 0276 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

19:17:19.0198 0276 CNG - ok

19:17:19.0219 0276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

19:17:19.0219 0276 Compbatt - ok

19:17:19.0236 0276 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

19:17:19.0237 0276 CompositeBus - ok

19:17:19.0264 0276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

19:17:19.0265 0276 crcdisk - ok

19:17:19.0319 0276 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

19:17:19.0320 0276 DfsC - ok

19:17:19.0344 0276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:17:19.0344 0276 discache - ok

19:17:19.0360 0276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

19:17:19.0361 0276 Disk - ok

19:17:19.0387 0276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:17:19.0388 0276 drmkaud - ok

19:17:19.0425 0276 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

19:17:19.0429 0276 DXGKrnl - ok

19:17:19.0452 0276 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

19:17:19.0455 0276 e1yexpress - ok

19:17:19.0512 0276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

19:17:19.0577 0276 ebdrv - ok

19:17:19.0629 0276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

19:17:19.0639 0276 elxstor - ok

19:17:19.0672 0276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:17:19.0673 0276 ErrDev - ok

19:17:19.0705 0276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:17:19.0708 0276 exfat - ok

19:17:19.0732 0276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:17:19.0734 0276 fastfat - ok

19:17:19.0751 0276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

19:17:19.0752 0276 fdc - ok

19:17:19.0775 0276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:17:19.0776 0276 FileInfo - ok

19:17:19.0791 0276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:17:19.0792 0276 Filetrace - ok

19:17:19.0823 0276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

19:17:19.0824 0276 flpydisk - ok

19:17:19.0848 0276 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:17:19.0852 0276 FltMgr - ok

19:17:19.0876 0276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:17:19.0878 0276 FsDepends - ok

19:17:19.0898 0276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:17:19.0899 0276 Fs_Rec - ok

19:17:19.0916 0276 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

19:17:19.0919 0276 fvevol - ok

19:17:19.0944 0276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

19:17:19.0945 0276 gagp30kx - ok

19:17:19.0976 0276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:17:19.0977 0276 hcw85cir - ok

19:17:19.0990 0276 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

19:17:19.0995 0276 HdAudAddService - ok

19:17:20.0014 0276 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:17:20.0015 0276 HDAudBus - ok

19:17:20.0041 0276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

19:17:20.0042 0276 HidBatt - ok

19:17:20.0064 0276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

19:17:20.0066 0276 HidBth - ok

19:17:20.0088 0276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

19:17:20.0089 0276 HidIr - ok

19:17:20.0109 0276 hidkmdf (441755465e2c484acafaa5e7bf39b1b8) C:\Windows\system32\drivers\hidkmdf.sys

19:17:20.0109 0276 hidkmdf - ok

19:17:20.0126 0276 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys

19:17:20.0127 0276 HidUsb - ok

19:17:20.0188 0276 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

19:17:20.0189 0276 HpSAMD - ok

19:17:20.0218 0276 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:17:20.0224 0276 HTTP - ok

19:17:20.0238 0276 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:17:20.0238 0276 hwpolicy - ok

19:17:20.0256 0276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:17:20.0257 0276 i8042prt - ok

19:17:20.0283 0276 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

19:17:20.0285 0276 iaStor - ok

19:17:20.0313 0276 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys

19:17:20.0317 0276 iaStorV - ok

19:17:20.0456 0276 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:17:20.0580 0276 igfx - ok

19:17:20.0604 0276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

19:17:20.0605 0276 iirsp - ok

19:17:20.0713 0276 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

19:17:20.0729 0276 IntcAzAudAddService - ok

19:17:20.0759 0276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:17:20.0760 0276 intelide - ok

19:17:20.0776 0276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

19:17:20.0778 0276 intelppm - ok

19:17:20.0820 0276 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:17:20.0822 0276 IpFilterDriver - ok

19:17:20.0845 0276 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

19:17:20.0847 0276 IPMIDRV - ok

19:17:20.0862 0276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:17:20.0864 0276 IPNAT - ok

19:17:20.0885 0276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:17:20.0886 0276 IRENUM - ok

19:17:20.0900 0276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:17:20.0901 0276 isapnp - ok

19:17:20.0920 0276 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

19:17:20.0923 0276 iScsiPrt - ok

19:17:20.0970 0276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:17:20.0970 0276 kbdclass - ok

19:17:20.0987 0276 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

19:17:20.0988 0276 kbdhid - ok

19:17:21.0013 0276 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

19:17:21.0014 0276 KSecDD - ok

19:17:21.0029 0276 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

19:17:21.0031 0276 KSecPkg - ok

19:17:21.0052 0276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:17:21.0052 0276 ksthunk - ok

19:17:21.0087 0276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:17:21.0088 0276 lltdio - ok

19:17:21.0123 0276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

19:17:21.0125 0276 LSI_FC - ok

19:17:21.0140 0276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

19:17:21.0141 0276 LSI_SAS - ok

19:17:21.0158 0276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

19:17:21.0159 0276 LSI_SAS2 - ok

19:17:21.0193 0276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

19:17:21.0196 0276 LSI_SCSI - ok

19:17:21.0231 0276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:17:21.0233 0276 luafv - ok

19:17:21.0296 0276 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

19:17:21.0297 0276 MBAMProtector - ok

19:17:21.0337 0276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

19:17:21.0338 0276 megasas - ok

19:17:21.0361 0276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

19:17:21.0363 0276 MegaSR - ok

19:17:21.0381 0276 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

19:17:21.0382 0276 MEIx64 - ok

19:17:21.0417 0276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:17:21.0418 0276 Modem - ok

19:17:21.0453 0276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:17:21.0453 0276 monitor - ok

19:17:21.0474 0276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

19:17:21.0474 0276 mouclass - ok

19:17:21.0488 0276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

19:17:21.0489 0276 mouhid - ok

19:17:21.0504 0276 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:17:21.0505 0276 mountmgr - ok

19:17:21.0525 0276 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

19:17:21.0527 0276 mpio - ok

19:17:21.0546 0276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:17:21.0547 0276 mpsdrv - ok

19:17:21.0579 0276 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:17:21.0581 0276 MRxDAV - ok

19:17:21.0607 0276 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:17:21.0609 0276 mrxsmb - ok

19:17:21.0629 0276 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:17:21.0632 0276 mrxsmb10 - ok

19:17:21.0649 0276 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:17:21.0650 0276 mrxsmb20 - ok

19:17:21.0670 0276 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys

19:17:21.0670 0276 msahci - ok

19:17:21.0698 0276 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

19:17:21.0699 0276 msdsm - ok

19:17:21.0721 0276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:17:21.0721 0276 Msfs - ok

19:17:21.0745 0276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:17:21.0745 0276 mshidkmdf - ok

19:17:21.0763 0276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:17:21.0764 0276 msisadrv - ok

19:17:21.0785 0276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:17:21.0786 0276 MSKSSRV - ok

19:17:21.0798 0276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:17:21.0798 0276 MSPCLOCK - ok

19:17:21.0813 0276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:17:21.0814 0276 MSPQM - ok

19:17:21.0834 0276 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:17:21.0861 0276 MsRPC - ok

19:17:21.0918 0276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:17:21.0920 0276 mssmbios - ok

19:17:21.0960 0276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:17:21.0961 0276 MSTEE - ok

19:17:21.0978 0276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

19:17:21.0978 0276 MTConfig - ok

19:17:22.0001 0276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:17:22.0002 0276 Mup - ok

19:17:22.0034 0276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:17:22.0037 0276 NativeWifiP - ok

19:17:22.0060 0276 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:17:22.0064 0276 NDIS - ok

19:17:22.0080 0276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:17:22.0081 0276 NdisCap - ok

19:17:22.0103 0276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:17:22.0104 0276 NdisTapi - ok

19:17:22.0118 0276 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:17:22.0120 0276 Ndisuio - ok

19:17:22.0143 0276 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:17:22.0145 0276 NdisWan - ok

19:17:22.0163 0276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:17:22.0164 0276 NDProxy - ok

19:17:22.0181 0276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:17:22.0181 0276 NetBIOS - ok

19:17:22.0202 0276 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:17:22.0205 0276 NetBT - ok

19:17:22.0304 0276 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

19:17:22.0372 0276 netw5v64 - ok

19:17:22.0398 0276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

19:17:22.0399 0276 nfrd960 - ok

19:17:22.0434 0276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:17:22.0435 0276 Npfs - ok

19:17:22.0460 0276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:17:22.0461 0276 nsiproxy - ok

19:17:22.0506 0276 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

19:17:22.0522 0276 Ntfs - ok

19:17:22.0552 0276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:17:22.0552 0276 Null - ok

19:17:22.0570 0276 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys

19:17:22.0572 0276 nusb3hub - ok

19:17:22.0592 0276 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys

19:17:22.0594 0276 nusb3xhc - ok

19:17:22.0626 0276 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys

19:17:22.0627 0276 NVHDA - ok

19:17:22.0806 0276 nvlddmkm (2f31f322c16274e12fd67404249bc233) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:17:22.0858 0276 nvlddmkm - ok

19:17:22.0892 0276 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys

19:17:22.0893 0276 nvraid - ok

19:17:22.0924 0276 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys

19:17:22.0926 0276 nvstor - ok

19:17:22.0954 0276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:17:22.0955 0276 nv_agp - ok

19:17:22.0975 0276 NWLowRider (062682c906dbb3e653994105c359a273) C:\Windows\system32\drivers\NWLowRider.sys

19:17:22.0975 0276 NWLowRider - ok

19:17:22.0993 0276 NWWakeFilterLR (daafeacb4f13a301988e390d25c2c7a7) C:\Windows\system32\drivers\NWWakeFilterLR.sys

19:17:22.0993 0276 NWWakeFilterLR - ok

19:17:23.0018 0276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:17:23.0019 0276 ohci1394 - ok

19:17:23.0093 0276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

19:17:23.0094 0276 Parport - ok

19:17:23.0116 0276 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:17:23.0117 0276 partmgr - ok

19:17:23.0156 0276 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

19:17:23.0158 0276 pci - ok

19:17:23.0178 0276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:17:23.0179 0276 pciide - ok

19:17:23.0207 0276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

19:17:23.0209 0276 pcmcia - ok

19:17:23.0224 0276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:17:23.0225 0276 pcw - ok

19:17:23.0268 0276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:17:23.0273 0276 PEAUTH - ok

19:17:23.0362 0276 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:17:23.0363 0276 PptpMiniport - ok

19:17:23.0385 0276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

19:17:23.0386 0276 Processor - ok

19:17:23.0411 0276 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:17:23.0412 0276 Psched - ok

19:17:23.0459 0276 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:17:23.0459 0276 PxHlpa64 - ok

19:17:23.0514 0276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

19:17:23.0530 0276 ql2300 - ok

19:17:23.0553 0276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

19:17:23.0555 0276 ql40xx - ok

19:17:23.0574 0276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:17:23.0575 0276 QWAVEdrv - ok

19:17:23.0594 0276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:17:23.0594 0276 RasAcd - ok

19:17:23.0619 0276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:17:23.0620 0276 RasAgileVpn - ok

19:17:23.0641 0276 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:17:23.0643 0276 Rasl2tp - ok

19:17:23.0678 0276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:17:23.0679 0276 RasPppoe - ok

19:17:23.0693 0276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:17:23.0695 0276 RasSstp - ok

19:17:23.0718 0276 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:17:23.0721 0276 rdbss - ok

19:17:23.0740 0276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

19:17:23.0741 0276 rdpbus - ok

19:17:23.0762 0276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:17:23.0762 0276 RDPCDD - ok

19:17:23.0782 0276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:17:23.0782 0276 RDPENCDD - ok

19:17:23.0796 0276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:17:23.0797 0276 RDPREFMP - ok

19:17:23.0809 0276 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:17:23.0811 0276 RDPWD - ok

19:17:23.0834 0276 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

19:17:23.0836 0276 rdyboost - ok

19:17:23.0872 0276 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

19:17:23.0872 0276 regi - ok

19:17:23.0904 0276 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:17:23.0906 0276 RFCOMM - ok

19:17:23.0920 0276 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys

19:17:23.0921 0276 rimspci - ok

19:17:23.0932 0276 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys

19:17:23.0933 0276 risdsnpe - ok

19:17:23.0995 0276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:17:23.0996 0276 rspndr - ok

19:17:24.0032 0276 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:17:24.0034 0276 RTL8167 - ok

19:17:24.0090 0276 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

19:17:24.0092 0276 sbp2port - ok

19:17:24.0121 0276 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:17:24.0122 0276 scfilter - ok

19:17:24.0155 0276 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys

19:17:24.0156 0276 sdbus - ok

19:17:24.0194 0276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:17:24.0194 0276 secdrv - ok

19:17:24.0231 0276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

19:17:24.0231 0276 Serenum - ok

19:17:24.0246 0276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

19:17:24.0247 0276 Serial - ok

19:17:24.0270 0276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

19:17:24.0271 0276 sermouse - ok

19:17:24.0316 0276 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys

19:17:24.0317 0276 SFEP - ok

19:17:24.0352 0276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:17:24.0353 0276 sffdisk - ok

19:17:24.0368 0276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:17:24.0368 0276 sffp_mmc - ok

19:17:24.0381 0276 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

19:17:24.0382 0276 sffp_sd - ok

19:17:24.0405 0276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

19:17:24.0406 0276 sfloppy - ok

19:17:24.0441 0276 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:17:24.0445 0276 Sftfs - ok

19:17:24.0472 0276 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:17:24.0473 0276 Sftplay - ok

19:17:24.0486 0276 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:17:24.0486 0276 Sftredir - ok

19:17:24.0500 0276 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:17:24.0500 0276 Sftvol - ok

19:17:24.0565 0276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

19:17:24.0566 0276 SiSRaid2 - ok

19:17:24.0585 0276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

19:17:24.0586 0276 SiSRaid4 - ok

19:17:24.0612 0276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:17:24.0614 0276 Smb - ok

19:17:24.0705 0276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:17:24.0706 0276 spldr - ok

19:17:24.0767 0276 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

19:17:24.0772 0276 srv - ok

19:17:24.0785 0276 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

19:17:24.0789 0276 srv2 - ok

19:17:24.0823 0276 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:17:24.0826 0276 SrvHsfHDA - ok

19:17:24.0857 0276 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:17:24.0870 0276 SrvHsfV92 - ok

19:17:24.0893 0276 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:17:24.0899 0276 SrvHsfWinac - ok

19:17:24.0920 0276 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

19:17:24.0922 0276 srvnet - ok

19:17:24.0968 0276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

19:17:24.0969 0276 stexstor - ok

19:17:25.0012 0276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:17:25.0012 0276 swenum - ok

19:17:25.0108 0276 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

19:17:25.0115 0276 Tcpip - ok

19:17:25.0177 0276 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

19:17:25.0190 0276 TCPIP6 - ok

19:17:25.0221 0276 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:17:25.0222 0276 tcpipreg - ok

19:17:25.0247 0276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:17:25.0248 0276 TDPIPE - ok

19:17:25.0262 0276 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:17:25.0263 0276 TDTCP - ok

19:17:25.0281 0276 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:17:25.0282 0276 tdx - ok

19:17:25.0305 0276 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

19:17:25.0306 0276 TermDD - ok

19:17:25.0366 0276 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

19:17:25.0366 0276 TPM - ok

19:17:25.0407 0276 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:17:25.0408 0276 tssecsrv - ok

19:17:25.0429 0276 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:17:25.0430 0276 tunnel - ok

19:17:25.0459 0276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

19:17:25.0460 0276 uagp35 - ok

19:17:25.0482 0276 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

19:17:25.0485 0276 udfs - ok

19:17:25.0517 0276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:17:25.0518 0276 uliagpkx - ok

19:17:25.0542 0276 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:17:25.0543 0276 umbus - ok

19:17:25.0559 0276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

19:17:25.0560 0276 UmPass - ok

19:17:25.0602 0276 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys

19:17:25.0603 0276 usbccgp - ok

19:17:25.0631 0276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:17:25.0632 0276 usbcir - ok

19:17:25.0654 0276 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys

19:17:25.0655 0276 usbehci - ok

19:17:25.0681 0276 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys

19:17:25.0684 0276 usbhub - ok

19:17:25.0708 0276 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

19:17:25.0709 0276 usbohci - ok

19:17:25.0745 0276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

19:17:25.0745 0276 usbprint - ok

19:17:25.0764 0276 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:17:25.0766 0276 USBSTOR - ok

19:17:25.0787 0276 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

19:17:25.0788 0276 usbuhci - ok

19:17:25.0819 0276 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

19:17:25.0821 0276 usbvideo - ok

19:17:25.0938 0276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:17:25.0939 0276 vdrvroot - ok

19:17:25.0968 0276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:17:25.0969 0276 vga - ok

19:17:25.0994 0276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:17:25.0995 0276 VgaSave - ok

19:17:26.0017 0276 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

19:17:26.0019 0276 vhdmp - ok

19:17:26.0037 0276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:17:26.0038 0276 viaide - ok

19:17:26.0098 0276 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

19:17:26.0099 0276 volmgr - ok

19:17:26.0121 0276 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:17:26.0124 0276 volmgrx - ok

19:17:26.0146 0276 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

19:17:26.0149 0276 volsnap - ok

19:17:26.0197 0276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

19:17:26.0199 0276 vsmraid - ok

19:17:26.0238 0276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:17:26.0239 0276 vwifibus - ok

19:17:26.0254 0276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:17:26.0255 0276 vwififlt - ok

19:17:26.0335 0276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

19:17:26.0335 0276 WacomPen - ok

19:17:26.0363 0276 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:17:26.0365 0276 WANARP - ok

19:17:26.0371 0276 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:17:26.0372 0276 Wanarpv6 - ok

19:17:26.0418 0276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

19:17:26.0419 0276 Wd - ok

19:17:26.0445 0276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:17:26.0450 0276 Wdf01000 - ok

19:17:26.0514 0276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:17:26.0515 0276 WfpLwf - ok

19:17:26.0537 0276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:17:26.0538 0276 WIMMount - ok

19:17:26.0606 0276 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

19:17:26.0607 0276 WinUsb - ok

19:17:26.0656 0276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:17:26.0657 0276 WmiAcpi - ok

19:17:26.0713 0276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:17:26.0714 0276 ws2ifsl - ok

19:17:26.0749 0276 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:17:26.0751 0276 WudfPf - ok

19:17:26.0777 0276 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:17:26.0778 0276 WUDFRd - ok

19:17:26.0909 0276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:17:26.0973 0276 \Device\Harddisk0\DR0 - ok

19:17:26.0978 0276 Boot (0x1200) (6339165664c9fc41b9b6b635492fb541) \Device\Harddisk0\DR0\Partition0

19:17:26.0980 0276 \Device\Harddisk0\DR0\Partition0 - ok

19:17:26.0993 0276 Boot (0x1200) (2dd89bca0d05e15911bb175a379a38e4) \Device\Harddisk0\DR0\Partition1

19:17:26.0994 0276 \Device\Harddisk0\DR0\Partition1 - ok

19:17:27.0014 0276 Boot (0x1200) (56835672a0d4ac3a0b68aee2435aeea0) \Device\Harddisk0\DR0\Partition2

19:17:27.0015 0276 \Device\Harddisk0\DR0\Partition2 - ok

19:17:27.0016 0276 ============================================================

19:17:27.0016 0276 Scan finished

19:17:27.0016 0276 ============================================================

19:17:27.0023 4672 Detected object count: 0

19:17:27.0023 4672 Actual detected object count: 0

19:17:41.0899 1308 ============================================================

19:17:41.0899 1308 Scan started

19:17:41.0899 1308 Mode: Manual;

19:17:41.0899 1308 ============================================================

19:17:42.0046 1308 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys

19:17:42.0047 1308 1394ohci - ok

19:17:42.0084 1308 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

19:17:42.0086 1308 ACPI - ok

19:17:42.0100 1308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

19:17:42.0100 1308 AcpiPmi - ok

19:17:42.0124 1308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

19:17:42.0126 1308 adp94xx - ok

19:17:42.0154 1308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

19:17:42.0156 1308 adpahci - ok

19:17:42.0174 1308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

19:17:42.0177 1308 adpu320 - ok

19:17:42.0214 1308 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

19:17:42.0217 1308 AFD - ok

19:17:42.0240 1308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:17:42.0240 1308 agp440 - ok

19:17:42.0264 1308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:17:42.0265 1308 aliide - ok

19:17:42.0282 1308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:17:42.0282 1308 amdide - ok

19:17:42.0296 1308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

19:17:42.0297 1308 AmdK8 - ok

19:17:42.0315 1308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

19:17:42.0315 1308 AmdPPM - ok

19:17:42.0342 1308 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys

19:17:42.0343 1308 amdsata - ok

19:17:42.0370 1308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

19:17:42.0372 1308 amdsbs - ok

19:17:42.0397 1308 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys

19:17:42.0398 1308 amdxata - ok

19:17:42.0419 1308 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:17:42.0420 1308 AppID - ok

19:17:42.0444 1308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

19:17:42.0445 1308 arc - ok

19:17:42.0460 1308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

19:17:42.0461 1308 arcsas - ok

19:17:42.0478 1308 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

19:17:42.0478 1308 ArcSoftKsUFilter - ok

19:17:42.0489 1308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:17:42.0490 1308 AsyncMac - ok

19:17:42.0497 1308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:17:42.0497 1308 atapi - ok

19:17:42.0542 1308 athr (b8c8b1e2dbf2f751d9cd5f42109837ce) C:\Windows\system32\DRIVERS\athrx.sys

19:17:42.0551 1308 athr - ok

19:17:42.0588 1308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

19:17:42.0590 1308 b06bdrv - ok

19:17:42.0601 1308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:17:42.0602 1308 b57nd60a - ok

19:17:42.0635 1308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:17:42.0635 1308 Beep - ok

19:17:42.0660 1308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

19:17:42.0661 1308 blbdrive - ok

19:17:42.0675 1308 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

19:17:42.0675 1308 bowser - ok

19:17:42.0688 1308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

19:17:42.0689 1308 BrFiltLo - ok

19:17:42.0708 1308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

19:17:42.0709 1308 BrFiltUp - ok

19:17:42.0737 1308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:17:42.0741 1308 Brserid - ok

19:17:42.0759 1308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:17:42.0760 1308 BrSerWdm - ok

19:17:42.0778 1308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:17:42.0779 1308 BrUsbMdm - ok

19:17:42.0790 1308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:17:42.0790 1308 BrUsbSer - ok

19:17:42.0821 1308 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

19:17:42.0821 1308 BthEnum - ok

19:17:42.0841 1308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

19:17:42.0842 1308 BTHMODEM - ok

19:17:42.0864 1308 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:17:42.0865 1308 BthPan - ok

19:17:42.0888 1308 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

19:17:42.0892 1308 BTHPORT - ok

19:17:42.0912 1308 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

19:17:42.0913 1308 BTHUSB - ok

19:17:42.0958 1308 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys

19:17:42.0961 1308 btwampfl - ok

19:17:42.0977 1308 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys

19:17:42.0978 1308 btwaudio - ok

19:17:43.0000 1308 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys

19:17:43.0001 1308 btwavdt - ok

19:17:43.0030 1308 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:17:43.0030 1308 btwl2cap - ok

19:17:43.0046 1308 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys

19:17:43.0047 1308 btwrchid - ok

19:17:43.0087 1308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:17:43.0088 1308 cdfs - ok

19:17:43.0108 1308 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:17:43.0109 1308 cdrom - ok

19:17:43.0133 1308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

19:17:43.0133 1308 circlass - ok

19:17:43.0158 1308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:17:43.0160 1308 CLFS - ok

19:17:43.0187 1308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

19:17:43.0187 1308 CmBatt - ok

19:17:43.0207 1308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:17:43.0208 1308 cmdide - ok

19:17:43.0235 1308 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

19:17:43.0238 1308 CNG - ok

19:17:43.0260 1308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

19:17:43.0260 1308 Compbatt - ok

19:17:43.0277 1308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

19:17:43.0277 1308 CompositeBus - ok

19:17:43.0305 1308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

19:17:43.0306 1308 crcdisk - ok

19:17:43.0360 1308 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

19:17:43.0361 1308 DfsC - ok

19:17:43.0376 1308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:17:43.0376 1308 discache - ok

19:17:43.0392 1308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

19:17:43.0393 1308 Disk - ok

19:17:43.0420 1308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:17:43.0420 1308 drmkaud - ok

19:17:43.0457 1308 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

19:17:43.0461 1308 DXGKrnl - ok

19:17:43.0484 1308 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

19:17:43.0486 1308 e1yexpress - ok

19:17:43.0544 1308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

19:17:43.0557 1308 ebdrv - ok

19:17:43.0608 1308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

19:17:43.0616 1308 elxstor - ok

19:17:43.0646 1308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:17:43.0647 1308 ErrDev - ok

19:17:43.0671 1308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:17:43.0672 1308 exfat - ok

19:17:43.0697 1308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:17:43.0698 1308 fastfat - ok

19:17:43.0717 1308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

19:17:43.0718 1308 fdc - ok

19:17:43.0741 1308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:17:43.0742 1308 FileInfo - ok

19:17:43.0757 1308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:17:43.0757 1308 Filetrace - ok

19:17:43.0781 1308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

19:17:43.0781 1308 flpydisk - ok

19:17:43.0805 1308 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:17:43.0806 1308 FltMgr - ok

19:17:43.0822 1308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:17:43.0822 1308 FsDepends - ok

19:17:43.0839 1308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:17:43.0840 1308 Fs_Rec - ok

19:17:43.0852 1308 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

19:17:43.0854 1308 fvevol - ok

19:17:43.0876 1308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

19:17:43.0877 1308 gagp30kx - ok

19:17:43.0900 1308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:17:43.0901 1308 hcw85cir - ok

19:17:43.0912 1308 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

19:17:43.0913 1308 HdAudAddService - ok

19:17:43.0929 1308 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:17:43.0930 1308 HDAudBus - ok

19:17:43.0948 1308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

19:17:43.0949 1308 HidBatt - ok

19:17:43.0963 1308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

19:17:43.0963 1308 HidBth - ok

19:17:43.0979 1308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

19:17:43.0979 1308 HidIr - ok

19:17:44.0008 1308 hidkmdf (441755465e2c484acafaa5e7bf39b1b8) C:\Windows\system32\drivers\hidkmdf.sys

19:17:44.0008 1308 hidkmdf - ok

19:17:44.0022 1308 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys

19:17:44.0022 1308 HidUsb - ok

19:17:44.0062 1308 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

19:17:44.0063 1308 HpSAMD - ok

19:17:44.0092 1308 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:17:44.0095 1308 HTTP - ok

19:17:44.0107 1308 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:17:44.0107 1308 hwpolicy - ok

19:17:44.0122 1308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:17:44.0122 1308 i8042prt - ok

19:17:44.0146 1308 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

19:17:44.0148 1308 iaStor - ok

19:17:44.0171 1308 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys

19:17:44.0173 1308 iaStorV - ok

19:17:44.0301 1308 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:17:44.0325 1308 igfx - ok

19:17:44.0345 1308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

19:17:44.0345 1308 iirsp - ok

19:17:44.0414 1308 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys

19:17:44.0424 1308 IntcAzAudAddService - ok

19:17:44.0442 1308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:17:44.0442 1308 intelide - ok

19:17:44.0458 1308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

19:17:44.0458 1308 intelppm - ok

19:17:44.0486 1308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:17:44.0486 1308 IpFilterDriver - ok

19:17:44.0511 1308 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

19:17:44.0511 1308 IPMIDRV - ok

19:17:44.0528 1308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:17:44.0529 1308 IPNAT - ok

19:17:44.0550 1308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:17:44.0551 1308 IRENUM - ok

19:17:44.0566 1308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:17:44.0566 1308 isapnp - ok

19:17:44.0585 1308 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

19:17:44.0586 1308 iScsiPrt - ok

19:17:44.0619 1308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:17:44.0619 1308 kbdclass - ok

19:17:44.0636 1308 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

19:17:44.0636 1308 kbdhid - ok

19:17:44.0663 1308 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

19:17:44.0663 1308 KSecDD - ok

19:17:44.0679 1308 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

19:17:44.0679 1308 KSecPkg - ok

19:17:44.0701 1308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:17:44.0701 1308 ksthunk - ok

19:17:44.0736 1308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:17:44.0737 1308 lltdio - ok

19:17:44.0772 1308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

19:17:44.0773 1308 LSI_FC - ok

19:17:44.0789 1308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

19:17:44.0790 1308 LSI_SAS - ok

19:17:44.0807 1308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

19:17:44.0807 1308 LSI_SAS2 - ok

19:17:44.0825 1308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

19:17:44.0825 1308 LSI_SCSI - ok

19:17:44.0846 1308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:17:44.0847 1308 luafv - ok

19:17:44.0896 1308 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

19:17:44.0896 1308 MBAMProtector - ok

19:17:44.0936 1308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

19:17:44.0937 1308 megasas - ok

19:17:44.0960 1308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

19:17:44.0961 1308 MegaSR - ok

19:17:44.0980 1308 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

19:17:44.0981 1308 MEIx64 - ok

19:17:45.0008 1308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:17:45.0008 1308 Modem - ok

19:17:45.0044 1308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:17:45.0045 1308 monitor - ok

19:17:45.0081 1308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

19:17:45.0082 1308 mouclass - ok

19:17:45.0104 1308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

19:17:45.0105 1308 mouhid - ok

19:17:45.0120 1308 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:17:45.0122 1308 mountmgr - ok

19:17:45.0141 1308 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

19:17:45.0143 1308 mpio - ok

19:17:45.0162 1308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:17:45.0163 1308 mpsdrv - ok

19:17:45.0199 1308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:17:45.0200 1308 MRxDAV - ok

19:17:45.0223 1308 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:17:45.0224 1308 mrxsmb - ok

19:17:45.0245 1308 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:17:45.0246 1308 mrxsmb10 - ok

19:17:45.0264 1308 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:17:45.0265 1308 mrxsmb20 - ok

19:17:45.0285 1308 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys

19:17:45.0286 1308 msahci - ok

19:17:45.0314 1308 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

19:17:45.0315 1308 msdsm - ok

19:17:45.0336 1308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:17:45.0337 1308 Msfs - ok

19:17:45.0360 1308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:17:45.0361 1308 mshidkmdf - ok

19:17:45.0379 1308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:17:45.0379 1308 msisadrv - ok

19:17:45.0401 1308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:17:45.0401 1308 MSKSSRV - ok

19:17:45.0413 1308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:17:45.0413 1308 MSPCLOCK - ok

19:17:45.0429 1308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:17:45.0429 1308 MSPQM - ok

19:17:45.0441 1308 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:17:45.0443 1308 MsRPC - ok

19:17:45.0458 1308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:17:45.0459 1308 mssmbios - ok

19:17:45.0477 1308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:17:45.0477 1308 MSTEE - ok

19:17:45.0494 1308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

19:17:45.0494 1308 MTConfig - ok

19:17:45.0509 1308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:17:45.0509 1308 Mup - ok

19:17:45.0542 1308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:17:45.0543 1308 NativeWifiP - ok

19:17:45.0565 1308 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:17:45.0570 1308 NDIS - ok

19:17:45.0588 1308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:17:45.0588 1308 NdisCap - ok

19:17:45.0602 1308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:17:45.0603 1308 NdisTapi - ok

19:17:45.0618 1308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:17:45.0618 1308 Ndisuio - ok

19:17:45.0643 1308 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:17:45.0643 1308 NdisWan - ok

19:17:45.0663 1308 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:17:45.0663 1308 NDProxy - ok

19:17:45.0680 1308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:17:45.0680 1308 NetBIOS - ok

19:17:45.0703 1308 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:17:45.0707 1308 NetBT - ok

19:17:45.0840 1308 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

19:17:45.0865 1308 netw5v64 - ok

19:17:45.0889 1308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

19:17:45.0889 1308 nfrd960 - ok

19:17:45.0924 1308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:17:45.0925 1308 Npfs - ok

19:17:45.0951 1308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:17:45.0952 1308 nsiproxy - ok

19:17:45.0997 1308 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

19:17:46.0004 1308 Ntfs - ok

19:17:46.0034 1308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:17:46.0034 1308 Null - ok

19:17:46.0053 1308 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys

19:17:46.0053 1308 nusb3hub - ok

19:17:46.0074 1308 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys

19:17:46.0075 1308 nusb3xhc - ok

19:17:46.0109 1308 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys

19:17:46.0110 1308 NVHDA - ok

19:17:46.0317 1308 nvlddmkm (2f31f322c16274e12fd67404249bc233) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:17:46.0367 1308 nvlddmkm - ok

19:17:46.0407 1308 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys

19:17:46.0408 1308 nvraid - ok

19:17:46.0440 1308 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys

19:17:46.0441 1308 nvstor - ok

19:17:46.0461 1308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:17:46.0462 1308 nv_agp - ok

19:17:46.0482 1308 NWLowRider (062682c906dbb3e653994105c359a273) C:\Windows\system32\drivers\NWLowRider.sys

19:17:46.0483 1308 NWLowRider - ok

19:17:46.0500 1308 NWWakeFilterLR (daafeacb4f13a301988e390d25c2c7a7) C:\Windows\system32\drivers\NWWakeFilterLR.sys

19:17:46.0500 1308 NWWakeFilterLR - ok

19:17:46.0525 1308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:17:46.0526 1308 ohci1394 - ok

19:17:46.0592 1308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

19:17:46.0593 1308 Parport - ok

19:17:46.0616 1308 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:17:46.0616 1308 partmgr - ok

19:17:46.0647 1308 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

19:17:46.0648 1308 pci - ok

19:17:46.0669 1308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:17:46.0669 1308 pciide - ok

19:17:46.0698 1308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

19:17:46.0699 1308 pcmcia - ok

19:17:46.0714 1308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:17:46.0715 1308 pcw - ok

19:17:46.0759 1308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:17:46.0762 1308 PEAUTH - ok

19:17:46.0844 1308 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:17:46.0845 1308 PptpMiniport - ok

19:17:46.0868 1308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

19:17:46.0868 1308 Processor - ok

19:17:46.0894 1308 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:17:46.0895 1308 Psched - ok

19:17:46.0941 1308 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:17:46.0942 1308 PxHlpa64 - ok

19:17:47.0010 1308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

19:17:47.0023 1308 ql2300 - ok

19:17:47.0044 1308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

19:17:47.0045 1308 ql40xx - ok

19:17:47.0067 1308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:17:47.0067 1308 QWAVEdrv - ok

19:17:47.0093 1308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:17:47.0093 1308 RasAcd - ok

19:17:47.0118 1308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:17:47.0118 1308 RasAgileVpn - ok

19:17:47.0140 1308 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:17:47.0141 1308 Rasl2tp - ok

19:17:47.0169 1308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:17:47.0170 1308 RasPppoe - ok

19:17:47.0184 1308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:17:47.0185 1308 RasSstp - ok

19:17:47.0209 1308 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:17:47.0210 1308 rdbss - ok

19:17:47.0231 1308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

19:17:47.0232 1308 rdpbus - ok

19:17:47.0252 1308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:17:47.0253 1308 RDPCDD - ok

19:17:47.0273 1308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:17:47.0273 1308 RDPENCDD - ok

19:17:47.0286 1308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:17:47.0286 1308 RDPREFMP - ok

19:17:47.0298 1308 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:17:47.0299 1308 RDPWD - ok

19:17:47.0325 1308 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

19:17:47.0326 1308 rdyboost - ok

19:17:47.0355 1308 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

19:17:47.0355 1308 regi - ok

19:17:47.0386 1308 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:17:47.0387 1308 RFCOMM - ok

19:17:47.0401 1308 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys

19:17:47.0402 1308 rimspci - ok

19:17:47.0412 1308 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys

19:17:47.0413 1308 risdsnpe - ok

19:17:47.0477 1308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:17:47.0478 1308 rspndr - ok

19:17:47.0506 1308 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:17:47.0508 1308 RTL8167 - ok

19:17:47.0565 1308 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

19:17:47.0565 1308 sbp2port - ok

19:17:47.0595 1308 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:17:47.0596 1308 scfilter - ok

19:17:47.0629 1308 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys

19:17:47.0630 1308 sdbus - ok

19:17:47.0681 1308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:17:47.0681 1308 secdrv - ok

19:17:47.0721 1308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

19:17:47.0722 1308 Serenum - ok

19:17:47.0737 1308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

19:17:47.0737 1308 Serial - ok

19:17:47.0761 1308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

19:17:47.0761 1308 sermouse - ok

19:17:47.0807 1308 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys

19:17:47.0808 1308 SFEP - ok

19:17:47.0843 1308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:17:47.0844 1308 sffdisk - ok

19:17:47.0859 1308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:17:47.0859 1308 sffp_mmc - ok

19:17:47.0872 1308 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

19:17:47.0872 1308 sffp_sd - ok

19:17:47.0888 1308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

19:17:47.0888 1308 sfloppy - ok

19:17:47.0923 1308 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:17:47.0926 1308 Sftfs - ok

19:17:47.0946 1308 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:17:47.0947 1308 Sftplay - ok

19:17:47.0960 1308 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:17:47.0960 1308 Sftredir - ok

19:17:47.0974 1308 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:17:47.0974 1308 Sftvol - ok

19:17:48.0039 1308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

19:17:48.0040 1308 SiSRaid2 - ok

19:17:48.0059 1308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

19:17:48.0060 1308 SiSRaid4 - ok

19:17:48.0086 1308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:17:48.0087 1308 Smb - ok

19:17:48.0163 1308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:17:48.0163 1308 spldr - ok

19:17:48.0217 1308 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

19:17:48.0219 1308 srv - ok

19:17:48.0233 1308 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

19:17:48.0235 1308 srv2 - ok

19:17:48.0264 1308 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:17:48.0265 1308 SrvHsfHDA - ok

19:17:48.0298 1308 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:17:48.0304 1308 SrvHsfV92 - ok

19:17:48.0321 1308 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:17:48.0324 1308 SrvHsfWinac - ok

19:17:48.0344 1308 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

19:17:48.0345 1308 srvnet - ok

19:17:48.0384 1308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

19:17:48.0385 1308 stexstor - ok

19:17:48.0428 1308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:17:48.0428 1308 swenum - ok

19:17:48.0532 1308 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

19:17:48.0551 1308 Tcpip - ok

19:17:48.0590 1308 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

19:17:48.0597 1308 TCPIP6 - ok

19:17:48.0629 1308 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:17:48.0629 1308 tcpipreg - ok

19:17:48.0654 1308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:17:48.0655 1308 TDPIPE - ok

19:17:48.0669 1308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:17:48.0670 1308 TDTCP - ok

19:17:48.0689 1308 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:17:48.0689 1308 tdx - ok

19:17:48.0713 1308 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

19:17:48.0713 1308 TermDD - ok

19:17:48.0772 1308 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

19:17:48.0772 1308 TPM - ok

19:17:48.0815 1308 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:17:48.0815 1308 tssecsrv - ok

19:17:48.0837 1308 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:17:48.0837 1308 tunnel - ok

19:17:48.0867 1308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

19:17:48.0867 1308 uagp35 - ok

19:17:48.0889 1308 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

19:17:48.0890 1308 udfs - ok

19:17:48.0925 1308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:17:48.0925 1308 uliagpkx - ok

19:17:48.0949 1308 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:17:48.0949 1308 umbus - ok

19:17:48.0967 1308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

19:17:48.0967 1308 UmPass - ok

19:17:49.0010 1308 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys

19:17:49.0010 1308 usbccgp - ok

19:17:49.0038 1308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:17:49.0039 1308 usbcir - ok

19:17:49.0062 1308 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys

19:17:49.0063 1308 usbehci - ok

19:17:49.0080 1308 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys

19:17:49.0082 1308 usbhub - ok

19:17:49.0107 1308 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

19:17:49.0108 1308 usbohci - ok

19:17:49.0144 1308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

19:17:49.0144 1308 usbprint - ok

19:17:49.0163 1308 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:17:49.0164 1308 USBSTOR - ok

19:17:49.0186 1308 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

19:17:49.0187 1308 usbuhci - ok

19:17:49.0219 1308 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

19:17:49.0220 1308 usbvideo - ok

19:17:49.0339 1308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:17:49.0339 1308 vdrvroot - ok

19:17:49.0368 1308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:17:49.0368 1308 vga - ok

19:17:49.0394 1308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:17:49.0394 1308 VgaSave - ok

19:17:49.0417 1308 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

19:17:49.0418 1308 vhdmp - ok

19:17:49.0437 1308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:17:49.0438 1308 viaide - ok

19:17:49.0499 1308 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

19:17:49.0499 1308 volmgr - ok

19:17:49.0522 1308 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:17:49.0523 1308 volmgrx - ok

19:17:49.0547 1308 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

19:17:49.0548 1308 volsnap - ok

19:17:49.0597 1308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

19:17:49.0598 1308 vsmraid - ok

19:17:49.0638 1308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:17:49.0639 1308 vwifibus - ok

19:17:49.0654 1308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:17:49.0655 1308 vwififlt - ok

19:17:49.0735 1308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

19:17:49.0735 1308 WacomPen - ok

19:17:49.0764 1308 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:17:49.0764 1308 WANARP - ok

19:17:49.0770 1308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:17:49.0771 1308 Wanarpv6 - ok

19:17:49.0819 1308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

19:17:49.0819 1308 Wd - ok

19:17:49.0845 1308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:17:49.0848 1308 Wdf01000 - ok

19:17:49.0909 1308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:17:49.0910 1308 WfpLwf - ok

19:17:49.0929 1308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:17:49.0929 1308 WIMMount - ok

19:17:49.0997 1308 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

19:17:49.0998 1308 WinUsb - ok

19:17:50.0047 1308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:17:50.0047 1308 WmiAcpi - ok

19:17:50.0105 1308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:17:50.0105 1308 ws2ifsl - ok

19:17:50.0141 1308 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:17:50.0142 1308 WudfPf - ok

19:17:50.0160 1308 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:17:50.0161 1308 WUDFRd - ok

19:17:50.0292 1308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:17:50.0348 1308 \Device\Harddisk0\DR0 - ok

19:17:50.0352 1308 Boot (0x1200) (6339165664c9fc41b9b6b635492fb541) \Device\Harddisk0\DR0\Partition0

19:17:50.0353 1308 \Device\Harddisk0\DR0\Partition0 - ok

19:17:50.0360 1308 Boot (0x1200) (2dd89bca0d05e15911bb175a379a38e4) \Device\Harddisk0\DR0\Partition1

19:17:50.0361 1308 \Device\Harddisk0\DR0\Partition1 - ok

19:17:50.0373 1308 Boot (0x1200) (56835672a0d4ac3a0b68aee2435aeea0) \Device\Harddisk0\DR0\Partition2

19:17:50.0374 1308 \Device\Harddisk0\DR0\Partition2 - ok

19:17:50.0374 1308 ============================================================

19:17:50.0374 1308 Scan finished

19:17:50.0374 1308 ============================================================

19:17:50.0380 1804 Detected object count: 0

19:17:50.0380 1804 Actual detected object count: 0

19:17:59.0224 6612 Deinitialize success

[sunshineboy00]

and please also find ComboFix log:

ComboFix 12-02-06.01 - Cliff Chau 06/02/2012 19:20:36.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.8173.6250 [GMT 8:00]

执行位置: c:\users\Cliff Chau\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Webroot Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

Error: Cfiles.dat

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Tencent\Paycenter

c:\program files (x86)\Common Files\Tencent\Paycenter\qqcert.dll

c:\program files (x86)\Common Files\Tencent\Paycenter\qqedit.dll

c:\users\Cliff Chau\AppData\Local\0f9cf699\U

c:\users\Cliff Chau\AppData\Local\0f9cf699\U\80000000.@

c:\users\Cliff Chau\AppData\Local\0f9cf699\U\800000cb.@

c:\users\Cliff Chau\AppData\Local\0f9cf699\U\800000cf.@

c:\users\Cliff Chau\AppData\Local\0f9cf699\X

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\00000001.@

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\system32\consrv.dll

c:\windows\system32\p17xfilt.dll

c:\windows\SysWow64\odbcad32.exe

.

.

((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_spsslm

.

.

((((((((((((((((((((((((( 2012-01-06 至 2012-02-06 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-02-06 11:24 . 2012-02-06 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{59A5FE0B-022B-4EA7-BD79-2600E7D79F0E}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{426F643B-7499-4EA4-8172-2580AFDBB923}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{879B3FE3-0636-4D11-BCE2-07A71E24398C}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C6E87831-75D9-4937-9917-92E588921C42}

2012-02-04 12:59 . 2012-02-04 12:59 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{1FE61014-FE40-4D1F-A627-B74AE098B355}

2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{64591CBE-35E5-46C0-9E81-FEA1F7DEBA98}

2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AB9A61BC-22B1-42B6-BB8C-E4A5E9B4281D}

2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A2A52D86-E900-4BE8-AEE6-27EE84FBA178}

2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B5665500-8D21-4931-A812-C786F569C867}

2012-01-21 07:00 . 2012-01-21 07:00 -------- d-----w- c:\users\Cliff Chau\AppData\Roaming\alipay

2012-01-21 06:59 . 2012-01-21 06:59 -------- d-----w- c:\windows\SysWow64\aliedit

2012-01-21 06:59 . 2012-02-02 14:35 -------- d-----w- c:\program files (x86)\AliWangWang

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-27 16:30 . 2011-10-23 06:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 07:24 . 2011-12-27 17:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-11-30 83344]

"PPS Accelerator"="d:\99soft~1\PPS\PPStream\ppsap.exe" [2010-02-24 214408]

"Octoshape Streaming Services"="c:\users\Cliff Chau\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"HKToolbarManager"="c:\program files (x86)\881903\IETOOLBAR\hkmgr.exe" [2011-10-18 652288]

"aliim"="c:\program files (x86)\AliWangWang\aliim.exe" [2011-12-20 222624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]

R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]

S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-27 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-10 923024]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [x]

S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

.

.

‘计划任务’ 文件夹 里的内容

.

2012-02-05 c:\windows\Tasks\AliUpdater{DB3DD48A-AE7A-4A19-AC73-2C30AA4EE87D}.job

- c:\program files (x86)\AliWangWang\AliTask.exe [2011-11-22 01:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF25893.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

spsslm

.

------- 而外的扫描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.appledaily.com.hk/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\7.00.20C\AddNewEmotion.htm

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: taobao.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Cliff Chau\AppData\Roaming\Mozilla\Firefox\Profiles\s6egiukh.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2188594118-1625532197-1227473150-1000_Classes\.*?柼扂e鷈6e剉颯憉噀鯪]

@Allowed: (Read) (RestrictedCode)

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.*?柼扂e鷈6e剉颯憉噀鯪]

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ 其他运行进程 ------------------------

.

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\SysWOW64\DllHost.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

d:\99 software download\PPS\PPStream\PPSAP.exe

c:\program files (x86)\AliWangWang\7.00.20C\miser\miser.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\Sony\VAIO Personalization Manager\VpmIfPav.exe

c:\program files\Sony\VAIO Care\listener.exe

.

**************************************************************************

.

完成时间: 2012-02-06 19:29:00 - 电脑已重新启动

ComboFix-quarantined-files.txt 2012-02-06 11:29

.

Pre-Run: 110,030,802,944 bytes free

Post-Run: 109,732,528,128 bytes free

.

- - End Of File - - D4D03102968AFB17BADAE15F175AC85F

[sunshineboy00]

ComboFix did prompt me to stop firewall (in this case McAfee) but I have actually uninstalled it already. Does it do any harm?

After the ComboFix, it seems that the PC return to normal. May I know if my PC is clean now?

Thanks so much,

[Elise]

Good to hear that!

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  
• Look for "JDK 7u2 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
    

  [*]Save it to your desktop

  [*]Close any programs you may have running - especially your web browser.

  [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

  [*]Reboot your computer once all Java components are removed.

  [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

[sunshineboy00]

Hi Elise,

I have updated the 2 software and full scan with WMB again. Below is the log file:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.06.02

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Cliff Chau :: CLIFFCHAU-VAIO [administrator]

Protection: Enabled

07/02/2012 19:38:54

mbam-log-2012-02-07 (19-38-54).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 305542

Time elapsed: 20 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[sunshineboy00]

There is one thing in my PC is that my firewall seems could not be function properly, when I try to configure the firewall (control panel > system and security > Windows Firewall > Turn Window firewall On and Off), I press the 'use recommended settings' and it prompts 'Windows Firewall can't chane some of your settings. Error code 0x80070424'

I heard this also relate to the malwarebytes. is that true?

Thanks

[Elise]

No, that has to do with the infection that was present, this often results in service corruption. In order to fix it lets first see what is missing.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

[sunshineboy00]

Hi Elise,

here is the FSS log. Thanks alot !

Farbar Service Scanner Version: 05-02-2012

Ran by Cliff Chau (administrator) on 07-02-2012 at 23:47:03

Running from "D:\99 Software Download\Malwarebytes"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll

[2009-07-14 07:21] - [2009-07-14 09:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll

[2009-07-14 08:09] - [2009-07-14 09:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-14 07:36] - [2009-07-14 09:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-14 08:36] - [2009-07-14 09:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Elise]

Hi again, let me know how things are after the following fix.

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

• Please download Erunt
  
• Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We Need to Run a Registry Script

1. Press the Windows Logo in the lower left corner of your screen.
   
2. In the box, enter notepad and press Enter.
   
3. Highlight the contents of the following codebox, and copy and paste that text into notepad.
   

   Windows Registry Editor Version 5.00
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc]
   "DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
   "Group"="NetworkProvider"
   "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
     74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
     00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
     6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
     00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
   "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
   "ObjectName"="NT Authority\\LocalService"
   "ErrorControl"=dword:00000001
   "Start"=dword:00000002
   "Type"=dword:00000020
   "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
     65,00,00,00,00,00
   "ServiceSidType"=dword:00000003
   "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
     00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
     72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
     00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
     00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
     00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
     53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
     00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
     65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
     00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
     6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
     00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
   "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
     00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters]
   "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
     00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
     6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
   "ServiceDllUnloadOnStop"=dword:00000001
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords]
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Security]
   "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
     00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
     00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
     05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
     20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
     00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
     00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
     0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
     00,00,00,05,12,00,00,00
   
   

   
   

4. Select File -> Save.
   
5. Press the Desktop button on the left side of the save dialog.
   
6. In the box, type in Fix.reg.
   
7. Press .
   
8. Close Notepad.
   
9. Double click on your desktop.
   
10. Press Yes if prompted by User Account Control.
    
11. Press Yes, and then Ok, when prompted.
    
12. Right click on and choose Delete.
    
13. Press Yes.
    

[sunshineboy00]

Hi, I already followed your instruction,

but window firewall setting still prompt that error message.

:(

[Elise]

Can you please post me a new FSS log?

[sunshineboy00]

Hi, here it is,

Farbar Service Scanner Version: 05-02-2012

Ran by Cliff Chau (administrator) on 10-02-2012 at 19:16:20

Running from "D:\99 Software Download\Malwarebytes"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll

[2009-07-14 07:21] - [2009-07-14 09:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll

[2009-07-14 08:09] - [2009-07-14 09:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-14 07:36] - [2009-07-14 09:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-14 08:36] - [2009-07-14 09:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[sunshineboy00]

Now everytime I turn on PC it saids ERUNT could not be used or something and there is a save error asking me if I want to use the next registry, I pressed 'No'

[sunshineboy00]

by the way, I am out of town from tomorrow may I know if I can continue after I come back on 21st Feb?

Thanks for your support so far!! really appreciate that ;)

[Elise]

No problem, in case this topic gets closed, please PM the one closing the topic to have it reopened.

Can you give me the exact error message you receive?

As for Erunt, click Start > Programs > Startup and look for a shortcut to Erunt there. Simply delete it.

[sunshineboy00]

Hi, I attached the sceen shots of the messages prompted when I turn on the PC. Thanks.

[Elise]

You get that error because Erunt tries to create a backup on startup. It can't do that because it needs admin permissions for that. Did you do this:

As for Erunt, click Start > Programs > Startup and look for a shortcut to Erunt there. Simply delete it.

Please rerun Combofix and post me the new log.

[sunshineboy00]

Yes i found it and delete it and error messages not pops up again.

below is the log from Combofix

ComboFix 12-02-22.01 - Cliff Chau 23/02/2012 22:26:13.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.8173.6287 [GMT 8:00]

执行位置: c:\users\Cliff Chau\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Webroot Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功创造新还原点

.

Error: Cfiles.dat

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\tmp\U

.

.

((((((((((((((((((((((((( 2012-01-23 至 2012-02-23 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-02-23 14:30 . 2012-02-23 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{59A5FE0B-022B-4EA7-BD79-2600E7D79F0E}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{426F643B-7499-4EA4-8172-2580AFDBB923}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{879B3FE3-0636-4D11-BCE2-07A71E24398C}

2012-02-05 04:34 . 2012-02-05 04:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C6E87831-75D9-4937-9917-92E588921C42}

2012-02-04 12:59 . 2012-02-04 12:59 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{1FE61014-FE40-4D1F-A627-B74AE098B355}

2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{64591CBE-35E5-46C0-9E81-FEA1F7DEBA98}

2012-02-04 12:49 . 2012-02-04 12:49 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AB9A61BC-22B1-42B6-BB8C-E4A5E9B4281D}

2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A2A52D86-E900-4BE8-AEE6-27EE84FBA178}

2012-02-04 12:46 . 2012-02-04 12:46 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B5665500-8D21-4931-A812-C786F569C867}

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-07 11:37 . 2011-02-15 08:39 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-12-27 16:30 . 2011-10-23 06:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 07:24 . 2011-12-27 17:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-11-30 83344]

"PPS Accelerator"="d:\99soft~1\PPS\PPStream\ppsap.exe" [2010-02-24 214408]

"Octoshape Streaming Services"="c:\users\Cliff Chau\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"HKToolbarManager"="c:\program files (x86)\881903\IETOOLBAR\hkmgr.exe" [2011-10-18 652288]

"aliim"="c:\program files (x86)\AliWangWang\aliim.exe" [2011-12-20 222624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 McMPFSvc;McAfee Personal Firewall Service; [x]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]

R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]

S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-27 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-10 923024]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [x]

S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

.

.

‘计划任务’ 文件夹 里的内容

.

2012-02-23 c:\windows\Tasks\AliUpdater{DB3DD48A-AE7A-4A19-AC73-2C30AA4EE87D}.job

- c:\program files (x86)\AliWangWang\AliTask.exe [2011-11-22 01:58]

.

.

--------- x86-64 -----------

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

spsslm

.

------- 而外的扫描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.appledaily.com.hk/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: 添加为阿里旺旺表情 - c:\program files (x86)\AliWangWang\7.00.20C\AddNewEmotion.htm

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: taobao.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Cliff Chau\AppData\Roaming\Mozilla\Firefox\Profiles\s6egiukh.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2188594118-1625532197-1227473150-1000_Classes\.*?柼扂e鷈6e剉颯憉噀鯪]

@Allowed: (Read) (RestrictedCode)

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.*?柼扂e鷈6e剉颯憉噀鯪]

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成时间: 2012-02-23 22:31:30

ComboFix-quarantined-files.txt 2012-02-23 14:31

ComboFix2.txt 2012-02-06 11:29

.

Pre-Run: 110,086,651,904 bytes free

Post-Run: 109,907,726,336 bytes free

.

- - End Of File - - F7E87F55BAD7041584CB1E806755E7EE

[sunshineboy00]

Also, the firewall settings is back to normal now. seems everything is ok?

[Elise]

I'm glad to hear everything is fine now.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the
      icon on your desktop.
      
      
   4. Check "YES, I accept the Terms of Use."
      
   5. Click the Start button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check "Scan Archives" and "Remove found threats"
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.