Jump to content

Help with infection

JoeyT

By JoeyT
in Resolved Malware Removal Logs

 Share

Recommended Posts

JoeyT

JoeyT

Posted
Posted

Hi. My Windows 7 laptop keeps having Windows command prompt pop up. I've scanned with Malwarebytes and MSE. They both come back showing Trojans, but even when I use the remove processes it still doesn't seem to work. Malwarebytes keeps finding the trojan and MSE just tells me that the program could not find the malware. Hope someone can help me. Cheers

Attach.txt

DDS.txt

Link to post
Share on other sites
  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

Thanks for helping.

Here's the scan report

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: teng [Admin rights]

Mode: Scan -- Date: 07/13/2012 22:27:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe,) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, run RogueKiller again and click Scan

When the scan completes > click the Registry tab and put a check next to these > uncheck the rest.

Now hit Delete on the right hand column.

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe,) -> FOUND

-------------------------------------

Then.........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

Ran a scan. Wasn't too sure what was to be deleted sorry. Also I'm having to do this in safe mode as I cannot open this website in normal startup (would that imapct anything)

Heres the scan report

23:21:30.0054 0356 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

23:21:31.0435 0356 ============================================================

23:21:31.0435 0356 Current date / time: 2012/07/13 23:21:31.0435

23:21:31.0435 0356 SystemInfo:

23:21:31.0435 0356

23:21:31.0435 0356 OS Version: 6.1.7601 ServicePack: 1.0

23:21:31.0435 0356 Product type: Workstation

23:21:31.0435 0356 ComputerName: VAIO

23:21:31.0435 0356 UserName: teng

23:21:31.0435 0356 Windows directory: C:\Windows

23:21:31.0435 0356 System windows directory: C:\Windows

23:21:31.0435 0356 Running under WOW64

23:21:31.0435 0356 Processor architecture: Intel x64

23:21:31.0435 0356 Number of processors: 8

23:21:31.0435 0356 Page size: 0x1000

23:21:31.0435 0356 Boot type: Safe boot with network

23:21:31.0435 0356 ============================================================

23:21:33.0435 0356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:21:33.0435 0356 ============================================================

23:21:33.0435 0356 \Device\Harddisk0\DR0:

23:21:33.0435 0356 MBR partitions:

23:21:33.0435 0356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40000, BlocksNum 0x32000

23:21:33.0435 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72000, BlocksNum 0x38413830

23:21:33.0435 0356 ============================================================

23:21:33.0525 0356 C: <-> \Device\Harddisk0\DR0\Partition1

23:21:33.0525 0356 ============================================================

23:21:33.0525 0356 Initialize success

23:21:33.0525 0356 ============================================================

23:22:09.0007 1488 ============================================================

23:22:09.0007 1488 Scan started

23:22:09.0007 1488 Mode: Manual; SigCheck; TDLFS;

23:22:09.0007 1488 ============================================================

23:22:12.0192 1488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:22:12.0332 1488 1394ohci - ok

23:22:12.0472 1488 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

23:22:12.0492 1488 ACDaemon - ok

23:22:12.0562 1488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:22:12.0582 1488 ACPI - ok

23:22:12.0648 1488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:22:12.0726 1488 AcpiPmi - ok

23:22:12.0835 1488 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

23:22:12.0851 1488 AdobeActiveFileMonitor8.0 - ok

23:22:12.0929 1488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:22:12.0960 1488 adp94xx - ok

23:22:12.0991 1488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:22:13.0022 1488 adpahci - ok

23:22:13.0054 1488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:22:13.0069 1488 adpu320 - ok

23:22:13.0100 1488 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:22:13.0210 1488 AeLookupSvc - ok

23:22:13.0288 1488 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:22:13.0350 1488 AFD - ok

23:22:13.0412 1488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:22:13.0412 1488 agp440 - ok

23:22:13.0740 1488 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll

23:22:13.0740 1488 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22

23:22:13.0740 1488 Akamai ( HiddenFile.Multi.Generic ) - warning

23:22:13.0740 1488 Akamai - detected HiddenFile.Multi.Generic (1)

23:22:13.0880 1488 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:22:13.0943 1488 ALG - ok

23:22:14.0005 1488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:22:14.0021 1488 aliide - ok

23:22:14.0021 1488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:22:14.0036 1488 amdide - ok

23:22:14.0052 1488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:22:14.0114 1488 AmdK8 - ok

23:22:14.0130 1488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:22:14.0177 1488 AmdPPM - ok

23:22:14.0255 1488 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:22:14.0270 1488 amdsata - ok

23:22:14.0302 1488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:22:14.0317 1488 amdsbs - ok

23:22:14.0364 1488 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:22:14.0380 1488 amdxata - ok

23:22:14.0426 1488 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys

23:22:14.0442 1488 ApfiltrService - ok

23:22:14.0504 1488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:22:14.0646 1488 AppID - ok

23:22:14.0666 1488 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:22:14.0726 1488 AppIDSvc - ok

23:22:14.0796 1488 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:22:14.0856 1488 Appinfo - ok

23:22:14.0956 1488 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:22:14.0966 1488 Apple Mobile Device - ok

23:22:14.0996 1488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:22:15.0006 1488 arc - ok

23:22:15.0046 1488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:22:15.0056 1488 arcsas - ok

23:22:15.0086 1488 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

23:22:15.0096 1488 ArcSoftKsUFilter - ok

23:22:15.0146 1488 aspnet_state - ok

23:22:15.0186 1488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:22:15.0236 1488 AsyncMac - ok

23:22:15.0296 1488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:22:15.0306 1488 atapi - ok

23:22:15.0396 1488 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

23:22:15.0466 1488 athr - ok

23:22:15.0596 1488 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:22:15.0666 1488 AudioEndpointBuilder - ok

23:22:15.0676 1488 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:22:15.0716 1488 AudioSrv - ok

23:22:15.0776 1488 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:22:15.0846 1488 AxInstSV - ok

23:22:15.0926 1488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:22:15.0976 1488 b06bdrv - ok

23:22:16.0016 1488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:22:16.0066 1488 b57nd60a - ok

23:22:16.0106 1488 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:22:16.0166 1488 BDESVC - ok

23:22:16.0186 1488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:22:16.0256 1488 Beep - ok

23:22:16.0346 1488 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

23:22:16.0406 1488 BFE - ok

23:22:16.0476 1488 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

23:22:16.0546 1488 BITS - ok

23:22:16.0576 1488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

23:22:16.0586 1488 blbdrive - ok

23:22:16.0686 1488 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

23:22:16.0701 1488 Bonjour Service - ok

23:22:16.0764 1488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:22:16.0810 1488 bowser - ok

23:22:16.0842 1488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:22:16.0904 1488 BrFiltLo - ok

23:22:16.0920 1488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:22:16.0951 1488 BrFiltUp - ok

23:22:16.0998 1488 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:22:17.0076 1488 Browser - ok

23:22:17.0122 1488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:22:17.0169 1488 Brserid - ok

23:22:17.0185 1488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:22:17.0216 1488 BrSerWdm - ok

23:22:17.0247 1488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:22:17.0294 1488 BrUsbMdm - ok

23:22:17.0341 1488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:22:17.0356 1488 BrUsbSer - ok

23:22:17.0419 1488 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

23:22:17.0476 1488 BthEnum - ok

23:22:17.0507 1488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:22:17.0522 1488 BTHMODEM - ok

23:22:17.0538 1488 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:22:17.0569 1488 BthPan - ok

23:22:17.0632 1488 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

23:22:17.0678 1488 BTHPORT - ok

23:22:17.0725 1488 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:22:17.0772 1488 bthserv - ok

23:22:17.0850 1488 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

23:22:17.0866 1488 BTHUSB - ok

23:22:17.0912 1488 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

23:22:17.0912 1488 btusbflt - ok

23:22:17.0959 1488 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

23:22:17.0959 1488 btwaudio - ok

23:22:18.0022 1488 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

23:22:18.0022 1488 btwavdt - ok

23:22:18.0131 1488 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

23:22:18.0162 1488 btwdins - ok

23:22:18.0193 1488 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

23:22:18.0193 1488 btwl2cap - ok

23:22:18.0224 1488 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

23:22:18.0224 1488 btwrchid - ok

23:22:18.0256 1488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:22:18.0318 1488 cdfs - ok

23:22:18.0380 1488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

23:22:18.0412 1488 cdrom - ok

23:22:18.0458 1488 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:22:18.0521 1488 CertPropSvc - ok

23:22:18.0552 1488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:22:18.0583 1488 circlass - ok

23:22:18.0630 1488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:22:18.0646 1488 CLFS - ok

23:22:18.0708 1488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:22:18.0724 1488 clr_optimization_v2.0.50727_32 - ok

23:22:18.0770 1488 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:22:18.0786 1488 clr_optimization_v2.0.50727_64 - ok

23:22:18.0911 1488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:22:18.0926 1488 clr_optimization_v4.0.30319_32 - ok

23:22:18.0973 1488 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:22:18.0989 1488 clr_optimization_v4.0.30319_64 - ok

23:22:19.0004 1488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:22:19.0051 1488 CmBatt - ok

23:22:19.0082 1488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:22:19.0098 1488 cmdide - ok

23:22:19.0160 1488 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:22:19.0192 1488 CNG - ok

23:22:19.0238 1488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:22:19.0254 1488 Compbatt - ok

23:22:19.0301 1488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

23:22:19.0332 1488 CompositeBus - ok

23:22:19.0348 1488 COMSysApp - ok

23:22:19.0379 1488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:22:19.0394 1488 crcdisk - ok

23:22:19.0441 1488 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

23:22:19.0472 1488 CryptSvc - ok

23:22:19.0550 1488 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

23:22:19.0550 1488 CVirtA - ok

23:22:19.0722 1488 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

23:22:19.0784 1488 CVPND - ok

23:22:19.0940 1488 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys

23:22:19.0956 1488 CVPNDRVA - ok

23:22:20.0018 1488 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:22:20.0065 1488 DcomLaunch - ok

23:22:20.0112 1488 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:22:20.0174 1488 defragsvc - ok

23:22:20.0237 1488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:22:20.0284 1488 DfsC - ok

23:22:20.0346 1488 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:22:20.0408 1488 Dhcp - ok

23:22:20.0424 1488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:22:20.0471 1488 discache - ok

23:22:20.0502 1488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:22:20.0518 1488 Disk - ok

23:22:20.0564 1488 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

23:22:20.0564 1488 DNE - ok

23:22:20.0627 1488 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:22:20.0689 1488 Dnscache - ok

23:22:20.0752 1488 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:22:20.0814 1488 dot3svc - ok

23:22:20.0830 1488 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:22:20.0876 1488 DPS - ok

23:22:20.0908 1488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:22:20.0939 1488 drmkaud - ok

23:22:21.0032 1488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:22:21.0048 1488 DXGKrnl - ok

23:22:21.0095 1488 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:22:21.0142 1488 EapHost - ok

23:22:21.0282 1488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:22:21.0376 1488 ebdrv - ok

23:22:21.0500 1488 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:22:21.0563 1488 EFS - ok

23:22:21.0641 1488 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:22:21.0703 1488 ehRecvr - ok

23:22:21.0734 1488 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:22:21.0766 1488 ehSched - ok

23:22:21.0828 1488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:22:21.0844 1488 elxstor - ok

23:22:21.0890 1488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:22:21.0906 1488 ErrDev - ok

23:22:21.0937 1488 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:22:22.0000 1488 EventSystem - ok

23:22:22.0124 1488 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

23:22:22.0156 1488 EvtEng - ok

23:22:22.0265 1488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:22:22.0312 1488 exfat - ok

23:22:22.0327 1488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:22:22.0390 1488 fastfat - ok

23:22:22.0468 1488 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:22:22.0530 1488 Fax - ok

23:22:22.0577 1488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:22:22.0592 1488 fdc - ok

23:22:22.0608 1488 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:22:22.0686 1488 fdPHost - ok

23:22:22.0702 1488 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:22:22.0733 1488 FDResPub - ok

23:22:22.0748 1488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:22:22.0764 1488 FileInfo - ok

23:22:22.0780 1488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:22:22.0842 1488 Filetrace - ok

23:22:22.0936 1488 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:22:22.0951 1488 FLEXnet Licensing Service - ok

23:22:22.0998 1488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:22:23.0014 1488 flpydisk - ok

23:22:23.0076 1488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:22:23.0092 1488 FltMgr - ok

23:22:23.0170 1488 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:22:23.0216 1488 FontCache - ok

23:22:23.0294 1488 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:22:23.0294 1488 FontCache3.0.0.0 - ok

23:22:23.0341 1488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:22:23.0357 1488 FsDepends - ok

23:22:23.0404 1488 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

23:22:23.0404 1488 fssfltr - ok

23:22:23.0513 1488 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

23:22:23.0528 1488 fsssvc - ok

23:22:23.0560 1488 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:22:23.0575 1488 Fs_Rec - ok

23:22:23.0638 1488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:22:23.0653 1488 fvevol - ok

23:22:23.0700 1488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:22:23.0716 1488 gagp30kx - ok

23:22:23.0762 1488 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:22:23.0762 1488 GEARAspiWDM - ok

23:22:23.0825 1488 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:22:23.0903 1488 gpsvc - ok

23:22:23.0934 1488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:22:23.0996 1488 hcw85cir - ok

23:22:24.0059 1488 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:22:24.0074 1488 HdAudAddService - ok

23:22:24.0137 1488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

23:22:24.0152 1488 HDAudBus - ok

23:22:24.0168 1488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:22:24.0199 1488 HidBatt - ok

23:22:24.0230 1488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:22:24.0277 1488 HidBth - ok

23:22:24.0313 1488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:22:24.0333 1488 HidIr - ok

23:22:24.0373 1488 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

23:22:24.0423 1488 hidserv - ok

23:22:24.0493 1488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

23:22:24.0503 1488 HidUsb - ok

23:22:24.0543 1488 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:22:24.0603 1488 hkmsvc - ok

23:22:24.0653 1488 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:22:24.0693 1488 HomeGroupListener - ok

23:22:24.0733 1488 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:22:24.0763 1488 HomeGroupProvider - ok

23:22:24.0793 1488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:22:24.0813 1488 HpSAMD - ok

23:22:24.0883 1488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:22:24.0943 1488 HTTP - ok

23:22:24.0953 1488 hwdatacard - ok

23:22:24.0993 1488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:22:25.0003 1488 hwpolicy - ok

23:22:25.0063 1488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:22:25.0073 1488 i8042prt - ok

23:22:25.0143 1488 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

23:22:25.0153 1488 IAANTMON - ok

23:22:25.0193 1488 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys

23:22:25.0203 1488 iaStor - ok

23:22:25.0283 1488 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:22:25.0303 1488 iaStorV - ok

23:22:25.0423 1488 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

23:22:25.0433 1488 IDriverT ( UnsignedFile.Multi.Generic ) - warning

23:22:25.0433 1488 IDriverT - detected UnsignedFile.Multi.Generic (1)

23:22:25.0533 1488 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:22:25.0553 1488 idsvc - ok

23:22:25.0633 1488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:22:25.0653 1488 iirsp - ok

23:22:25.0713 1488 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:22:25.0763 1488 IKEEXT - ok

23:22:25.0813 1488 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys

23:22:25.0843 1488 Impcd - ok

23:22:25.0933 1488 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys

23:22:25.0983 1488 IntcAzAudAddService - ok

23:22:26.0103 1488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:22:26.0113 1488 intelide - ok

23:22:26.0153 1488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

23:22:26.0173 1488 intelppm - ok

23:22:26.0193 1488 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:22:26.0253 1488 IPBusEnum - ok

23:22:26.0313 1488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:22:26.0363 1488 IpFilterDriver - ok

23:22:26.0398 1488 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

23:22:26.0461 1488 iphlpsvc - ok

23:22:26.0492 1488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:22:26.0523 1488 IPMIDRV - ok

23:22:26.0554 1488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:22:26.0601 1488 IPNAT - ok

23:22:26.0695 1488 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe

23:22:26.0726 1488 iPod Service - ok

23:22:26.0742 1488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:22:26.0804 1488 IRENUM - ok

23:22:26.0835 1488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:22:26.0851 1488 isapnp - ok

23:22:26.0898 1488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:22:26.0913 1488 iScsiPrt - ok

23:22:26.0991 1488 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

23:22:27.0007 1488 IviRegMgr - ok

23:22:27.0054 1488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

23:22:27.0069 1488 kbdclass - ok

23:22:27.0147 1488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

23:22:27.0163 1488 kbdhid - ok

23:22:27.0210 1488 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:22:27.0225 1488 KeyIso - ok

23:22:27.0225 1488 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:22:27.0241 1488 KSecDD - ok

23:22:27.0256 1488 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:22:27.0288 1488 KSecPkg - ok

23:22:27.0334 1488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:22:27.0397 1488 ksthunk - ok

23:22:27.0428 1488 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:22:27.0475 1488 KtmRm - ok

23:22:27.0568 1488 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

23:22:27.0631 1488 LanmanServer - ok

23:22:27.0678 1488 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:22:27.0724 1488 LanmanWorkstation - ok

23:22:27.0787 1488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:22:27.0849 1488 lltdio - ok

23:22:27.0880 1488 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:22:27.0943 1488 lltdsvc - ok

23:22:27.0958 1488 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:22:28.0005 1488 lmhosts - ok

23:22:28.0036 1488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:22:28.0052 1488 LSI_FC - ok

23:22:28.0068 1488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:22:28.0083 1488 LSI_SAS - ok

23:22:28.0114 1488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:22:28.0114 1488 LSI_SAS2 - ok

23:22:28.0161 1488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:22:28.0177 1488 LSI_SCSI - ok

23:22:28.0208 1488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:22:28.0270 1488 luafv - ok

23:22:28.0380 1488 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

23:22:28.0395 1488 McAfee SiteAdvisor Service - ok

23:22:28.0442 1488 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:22:28.0458 1488 Mcx2Svc - ok

23:22:28.0473 1488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:22:28.0489 1488 megasas - ok

23:22:28.0520 1488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:22:28.0551 1488 MegaSR - ok

23:22:28.0582 1488 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:22:28.0629 1488 MMCSS - ok

23:22:28.0660 1488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:22:28.0707 1488 Modem - ok

23:22:28.0770 1488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:22:28.0785 1488 monitor - ok

23:22:28.0832 1488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

23:22:28.0848 1488 mouclass - ok

23:22:28.0879 1488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:22:28.0910 1488 mouhid - ok

23:22:28.0957 1488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:22:28.0972 1488 mountmgr - ok

23:22:29.0035 1488 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

23:22:29.0050 1488 MpFilter - ok

23:22:29.0097 1488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:22:29.0097 1488 mpio - ok

23:22:29.0128 1488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:22:29.0175 1488 mpsdrv - ok

23:22:29.0253 1488 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

23:22:29.0300 1488 MpsSvc - ok

23:22:29.0347 1488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:22:29.0394 1488 MRxDAV - ok

23:22:29.0425 1488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:22:29.0472 1488 mrxsmb - ok

23:22:29.0503 1488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:22:29.0550 1488 mrxsmb10 - ok

23:22:29.0596 1488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:22:29.0596 1488 mrxsmb20 - ok

23:22:29.0659 1488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:22:29.0659 1488 msahci - ok

23:22:29.0706 1488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:22:29.0721 1488 msdsm - ok

23:22:29.0752 1488 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:22:29.0784 1488 MSDTC - ok

23:22:29.0815 1488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:22:29.0862 1488 Msfs - ok

23:22:29.0877 1488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:22:29.0923 1488 mshidkmdf - ok

23:22:29.0973 1488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:22:29.0983 1488 msisadrv - ok

23:22:30.0023 1488 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:22:30.0073 1488 MSiSCSI - ok

23:22:30.0083 1488 msiserver - ok

23:22:30.0123 1488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:22:30.0163 1488 MSKSSRV - ok

23:22:30.0303 1488 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

23:22:30.0323 1488 MsMpSvc - ok

23:22:30.0353 1488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:22:30.0403 1488 MSPCLOCK - ok

23:22:30.0423 1488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:22:30.0473 1488 MSPQM - ok

23:22:30.0513 1488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:22:30.0533 1488 MsRPC - ok

23:22:30.0573 1488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

23:22:30.0583 1488 mssmbios - ok

23:22:30.0623 1488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:22:30.0663 1488 MSTEE - ok

23:22:30.0683 1488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:22:30.0713 1488 MTConfig - ok

23:22:30.0743 1488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:22:30.0763 1488 Mup - ok

23:22:30.0813 1488 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:22:30.0873 1488 napagent - ok

23:22:30.0943 1488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:22:30.0973 1488 NativeWifiP - ok

23:22:31.0093 1488 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

23:22:31.0103 1488 NBService ( UnsignedFile.Multi.Generic ) - warning

23:22:31.0103 1488 NBService - detected UnsignedFile.Multi.Generic (1)

23:22:31.0183 1488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:22:31.0213 1488 NDIS - ok

23:22:31.0233 1488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:22:31.0293 1488 NdisCap - ok

23:22:31.0313 1488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:22:31.0363 1488 NdisTapi - ok

23:22:31.0433 1488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:22:31.0473 1488 Ndisuio - ok

23:22:31.0523 1488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:22:31.0563 1488 NdisWan - ok

23:22:31.0603 1488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:22:31.0643 1488 NDProxy - ok

23:22:31.0673 1488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:22:31.0733 1488 NetBIOS - ok

23:22:31.0773 1488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:22:31.0813 1488 NetBT - ok

23:22:31.0853 1488 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:22:31.0863 1488 Netlogon - ok

23:22:31.0903 1488 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:22:31.0963 1488 Netman - ok

23:22:31.0993 1488 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:22:32.0033 1488 netprofm - ok

23:22:32.0083 1488 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:22:32.0093 1488 NetTcpPortSharing - ok

23:22:32.0398 1488 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

23:22:32.0601 1488 NETw5s64 - ok

23:22:32.0710 1488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:22:32.0726 1488 nfrd960 - ok

23:22:32.0773 1488 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:22:32.0788 1488 NisDrv - ok

23:22:32.0929 1488 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

23:22:32.0944 1488 NisSrv - ok

23:22:33.0007 1488 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:22:33.0054 1488 NlaSvc - ok

23:22:33.0163 1488 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

23:22:33.0178 1488 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

23:22:33.0178 1488 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

23:22:33.0194 1488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:22:33.0225 1488 Npfs - ok

23:22:33.0256 1488 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:22:33.0288 1488 nsi - ok

23:22:33.0303 1488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:22:33.0366 1488 nsiproxy - ok

23:22:33.0475 1488 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:22:33.0506 1488 Ntfs - ok

23:22:33.0600 1488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:22:33.0662 1488 Null - ok

23:22:33.0724 1488 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

23:22:33.0740 1488 NVHDA - ok

23:22:34.0192 1488 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:22:34.0598 1488 nvlddmkm - ok

23:22:34.0707 1488 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:22:34.0723 1488 nvraid - ok

23:22:34.0738 1488 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:22:34.0754 1488 nvstor - ok

23:22:34.0848 1488 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

23:22:34.0894 1488 nvsvc - ok

23:22:35.0097 1488 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

23:22:35.0144 1488 nvUpdatusService - ok

23:22:35.0269 1488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:22:35.0284 1488 nv_agp - ok

23:22:35.0378 1488 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:22:35.0394 1488 odserv - ok

23:22:35.0440 1488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:22:35.0456 1488 ohci1394 - ok

23:22:35.0503 1488 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:22:35.0518 1488 ose - ok

23:22:35.0550 1488 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:22:35.0581 1488 p2pimsvc - ok

23:22:35.0628 1488 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:22:35.0643 1488 p2psvc - ok

23:22:35.0674 1488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:22:35.0690 1488 Parport - ok

23:22:35.0721 1488 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

23:22:35.0737 1488 partmgr - ok

23:22:35.0768 1488 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:22:35.0799 1488 PcaSvc - ok

23:22:35.0846 1488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:22:35.0862 1488 pci - ok

23:22:35.0908 1488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:22:35.0924 1488 pciide - ok

23:22:35.0955 1488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:22:35.0971 1488 pcmcia - ok

23:22:36.0002 1488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:22:36.0018 1488 pcw - ok

23:22:36.0049 1488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:22:36.0111 1488 PEAUTH - ok

23:22:36.0174 1488 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:22:36.0189 1488 PerfHost - ok

23:22:36.0267 1488 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:22:36.0324 1488 pla - ok

23:22:36.0394 1488 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:22:36.0434 1488 PlugPlay - ok

23:22:36.0514 1488 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

23:22:36.0554 1488 PMBDeviceInfoProvider - ok

23:22:36.0574 1488 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:22:36.0604 1488 PNRPAutoReg - ok

23:22:36.0644 1488 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:22:36.0664 1488 PNRPsvc - ok

23:22:36.0714 1488 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:22:36.0774 1488 PolicyAgent - ok

23:22:36.0804 1488 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

23:22:36.0854 1488 Power - ok

23:22:36.0944 1488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:22:36.0994 1488 PptpMiniport - ok

23:22:37.0034 1488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:22:37.0054 1488 Processor - ok

23:22:37.0104 1488 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

23:22:37.0154 1488 ProfSvc - ok

23:22:37.0224 1488 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:22:37.0234 1488 ProtectedStorage - ok

23:22:37.0284 1488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:22:37.0334 1488 Psched - ok

23:22:37.0414 1488 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

23:22:37.0424 1488 PSI_SVC_2 - ok

23:22:37.0474 1488 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

23:22:37.0474 1488 PxHlpa64 - ok

23:22:37.0584 1488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:22:37.0634 1488 ql2300 - ok

23:22:37.0734 1488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:22:37.0744 1488 ql40xx - ok

23:22:37.0794 1488 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:22:37.0814 1488 QWAVE - ok

23:22:37.0844 1488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:22:37.0884 1488 QWAVEdrv - ok

23:22:37.0894 1488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:22:37.0944 1488 RasAcd - ok

23:22:37.0984 1488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:22:38.0024 1488 RasAgileVpn - ok

23:22:38.0044 1488 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:22:38.0094 1488 RasAuto - ok

23:22:38.0144 1488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:22:38.0194 1488 Rasl2tp - ok

23:22:38.0254 1488 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:22:38.0314 1488 RasMan - ok

23:22:38.0344 1488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:22:38.0384 1488 RasPppoe - ok

23:22:38.0414 1488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:22:38.0454 1488 RasSstp - ok

23:22:38.0514 1488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:22:38.0564 1488 rdbss - ok

23:22:38.0594 1488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

23:22:38.0614 1488 rdpbus - ok

23:22:38.0634 1488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:22:38.0684 1488 RDPCDD - ok

23:22:38.0724 1488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:22:38.0784 1488 RDPENCDD - ok

23:22:38.0804 1488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:22:38.0844 1488 RDPREFMP - ok

23:22:38.0884 1488 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

23:22:38.0934 1488 RDPWD - ok

23:22:38.0984 1488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:22:38.0994 1488 rdyboost - ok

23:22:39.0034 1488 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

23:22:39.0034 1488 regi - ok

23:22:39.0144 1488 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

23:22:39.0164 1488 RegSrvc - ok

23:22:39.0194 1488 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:22:39.0234 1488 RemoteAccess - ok

23:22:39.0264 1488 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:22:39.0324 1488 RemoteRegistry - ok

23:22:39.0364 1488 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:22:39.0394 1488 RFCOMM - ok

23:22:39.0434 1488 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys

23:22:39.0464 1488 rimspci - ok

23:22:39.0514 1488 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys

23:22:39.0564 1488 risdsnpe - ok

23:22:39.0634 1488 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

23:22:39.0644 1488 Roxio UPnP Renderer 10 - ok

23:22:39.0694 1488 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

23:22:39.0704 1488 Roxio Upnp Server 10 - ok

23:22:39.0734 1488 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:22:39.0794 1488 RpcEptMapper - ok

23:22:39.0824 1488 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:22:39.0834 1488 RpcLocator - ok

23:22:39.0884 1488 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:22:39.0934 1488 RpcSs - ok

23:22:39.0994 1488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:22:40.0044 1488 rspndr - ok

23:22:40.0144 1488 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\SONY\VAIO Care\collsvc.exe

23:22:40.0164 1488 SampleCollector ( UnsignedFile.Multi.Generic ) - warning

23:22:40.0164 1488 SampleCollector - detected UnsignedFile.Multi.Generic (1)

23:22:40.0204 1488 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:22:40.0214 1488 SamSs - ok

23:22:40.0254 1488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:22:40.0264 1488 sbp2port - ok

23:22:40.0304 1488 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:22:40.0354 1488 SCardSvr - ok

23:22:40.0384 1488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:22:40.0434 1488 scfilter - ok

23:22:40.0514 1488 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:22:40.0584 1488 Schedule - ok

23:22:40.0624 1488 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:22:40.0654 1488 SCPolicySvc - ok

23:22:40.0734 1488 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

23:22:40.0744 1488 sdbus - ok

23:22:40.0794 1488 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:22:40.0824 1488 SDRSVC - ok

23:22:40.0904 1488 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

23:22:40.0924 1488 SeaPort - ok

23:22:40.0974 1488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:22:41.0014 1488 secdrv - ok

23:22:41.0054 1488 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:22:41.0104 1488 seclogon - ok

23:22:41.0144 1488 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

23:22:41.0184 1488 SENS - ok

23:22:41.0224 1488 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:22:41.0254 1488 SensrSvc - ok

23:22:41.0274 1488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:22:41.0294 1488 Serenum - ok

23:22:41.0334 1488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:22:41.0354 1488 Serial - ok

23:22:41.0394 1488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:22:41.0404 1488 sermouse - ok

23:22:41.0454 1488 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:22:41.0504 1488 SessionEnv - ok

23:22:41.0554 1488 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

23:22:41.0564 1488 SFEP - ok

23:22:41.0600 1488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:22:41.0631 1488 sffdisk - ok

23:22:41.0678 1488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:22:41.0709 1488 sffp_mmc - ok

23:22:41.0740 1488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:22:41.0787 1488 sffp_sd - ok

23:22:41.0802 1488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:22:41.0818 1488 sfloppy - ok

23:22:41.0880 1488 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

23:22:41.0943 1488 SharedAccess - ok

23:22:41.0990 1488 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:22:42.0036 1488 ShellHWDetection - ok

23:22:42.0068 1488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:22:42.0083 1488 SiSRaid2 - ok

23:22:42.0114 1488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:22:42.0130 1488 SiSRaid4 - ok

23:22:42.0161 1488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:22:42.0208 1488 Smb - ok

23:22:42.0255 1488 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:22:42.0270 1488 SNMPTRAP - ok

23:22:42.0364 1488 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

23:22:42.0364 1488 SOHCImp - ok

23:22:42.0395 1488 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

23:22:42.0395 1488 SOHDBSvr - ok

23:22:42.0426 1488 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

23:22:42.0442 1488 SOHDms - ok

23:22:42.0473 1488 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

23:22:42.0473 1488 SOHDs - ok

23:22:42.0489 1488 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

23:22:42.0504 1488 SOHPlMgr - ok

23:22:42.0536 1488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:22:42.0536 1488 spldr - ok

23:22:42.0598 1488 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:22:42.0645 1488 Spooler - ok

23:22:42.0801 1488 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:22:42.0910 1488 sppsvc - ok

23:22:43.0004 1488 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:22:43.0050 1488 sppuinotify - ok

23:22:43.0160 1488 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys

23:22:43.0175 1488 sptd - ok

23:22:43.0238 1488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:22:43.0284 1488 srv - ok

23:22:43.0316 1488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:22:43.0331 1488 srv2 - ok

23:22:43.0378 1488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:22:43.0409 1488 srvnet - ok

23:22:43.0440 1488 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:22:43.0487 1488 SSDPSRV - ok

23:22:43.0503 1488 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:22:43.0534 1488 SstpSvc - ok

23:22:43.0659 1488 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

23:22:43.0690 1488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

23:22:43.0690 1488 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

23:22:43.0768 1488 Steam Client Service - ok

23:22:43.0893 1488 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:22:43.0908 1488 Stereo Service - ok

23:22:43.0940 1488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:22:43.0955 1488 stexstor - ok

23:22:44.0033 1488 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:22:44.0049 1488 stisvc - ok

23:22:44.0096 1488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

23:22:44.0111 1488 swenum - ok

23:22:44.0142 1488 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:22:44.0205 1488 swprv - ok

23:22:44.0298 1488 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:22:44.0361 1488 SysMain - ok

23:22:44.0454 1488 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:22:44.0501 1488 TabletInputService - ok

23:22:44.0517 1488 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:22:44.0579 1488 TapiSrv - ok

23:22:44.0626 1488 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:22:44.0657 1488 TBS - ok

23:22:44.0829 1488 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

23:22:44.0876 1488 Tcpip - ok

23:22:45.0032 1488 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

23:22:45.0078 1488 TCPIP6 - ok

23:22:45.0188 1488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:22:45.0234 1488 tcpipreg - ok

23:22:45.0266 1488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:22:45.0297 1488 TDPIPE - ok

23:22:45.0354 1488 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:22:45.0374 1488 TDTCP - ok

23:22:45.0424 1488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:22:45.0464 1488 tdx - ok

23:22:45.0514 1488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

23:22:45.0524 1488 TermDD - ok

23:22:45.0584 1488 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:22:45.0654 1488 TermService - ok

23:22:45.0674 1488 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:22:45.0694 1488 Themes - ok

23:22:45.0714 1488 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:22:45.0754 1488 THREADORDER - ok

23:22:45.0764 1488 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:22:45.0814 1488 TrkWks - ok

23:22:45.0874 1488 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:22:45.0934 1488 TrustedInstaller - ok

23:22:45.0974 1488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:22:46.0014 1488 tssecsrv - ok

23:22:46.0094 1488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:22:46.0134 1488 TsUsbFlt - ok

23:22:46.0194 1488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:22:46.0254 1488 tunnel - ok

23:22:46.0284 1488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:22:46.0294 1488 uagp35 - ok

23:22:46.0354 1488 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

23:22:46.0364 1488 uCamMonitor - ok

23:22:46.0424 1488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:22:46.0474 1488 udfs - ok

23:22:46.0524 1488 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:22:46.0544 1488 UI0Detect - ok

23:22:46.0604 1488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:22:46.0614 1488 uliagpkx - ok

23:22:46.0664 1488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

23:22:46.0684 1488 umbus - ok

23:22:46.0704 1488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:22:46.0734 1488 UmPass - ok

23:22:46.0774 1488 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:22:46.0834 1488 upnphost - ok

23:22:46.0884 1488 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

23:22:46.0914 1488 USBAAPL64 - ok

23:22:46.0954 1488 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:22:46.0994 1488 usbccgp - ok

23:22:47.0044 1488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:22:47.0054 1488 usbcir - ok

23:22:47.0094 1488 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

23:22:47.0124 1488 usbehci - ok

23:22:47.0184 1488 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:22:47.0214 1488 usbhub - ok

23:22:47.0254 1488 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:22:47.0284 1488 usbohci - ok

23:22:47.0314 1488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:22:47.0344 1488 usbprint - ok

23:22:47.0394 1488 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

23:22:47.0434 1488 USBSTOR - ok

23:22:47.0444 1488 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:22:47.0494 1488 usbuhci - ok

23:22:47.0544 1488 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

23:22:47.0554 1488 usbvideo - ok

23:22:47.0584 1488 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:22:47.0644 1488 UxSms - ok

23:22:47.0754 1488 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

23:22:47.0764 1488 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

23:22:47.0764 1488 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

23:22:47.0814 1488 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

23:22:47.0834 1488 VAIO Event Service - ok

23:22:47.0924 1488 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

23:22:47.0944 1488 VAIO Power Management - ok

23:22:47.0994 1488 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:22:48.0004 1488 VaultSvc - ok

23:22:48.0064 1488 VCFw (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

23:22:48.0084 1488 VCFw - ok

23:22:48.0134 1488 VcmIAlzMgr (fd03ac6cd1571aa8b2ff56d3c600e26e) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

23:22:48.0144 1488 VcmIAlzMgr - ok

23:22:48.0184 1488 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

23:22:48.0194 1488 VcmINSMgr - ok

23:22:48.0254 1488 VcmXmlIfHelper (dfe10c68ef4684f7754fcca39a4cc6ba) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

23:22:48.0264 1488 VcmXmlIfHelper - ok

23:22:48.0384 1488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:22:48.0404 1488 vdrvroot - ok

23:22:48.0454 1488 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:22:48.0494 1488 vds - ok

23:22:48.0544 1488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:22:48.0564 1488 vga - ok

23:22:48.0574 1488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:22:48.0624 1488 VgaSave - ok

23:22:48.0674 1488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:22:48.0684 1488 vhdmp - ok

23:22:48.0724 1488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:22:48.0734 1488 viaide - ok

23:22:48.0774 1488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:22:48.0794 1488 volmgr - ok

23:22:48.0844 1488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:22:48.0864 1488 volmgrx - ok

23:22:48.0924 1488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:22:48.0944 1488 volsnap - ok

23:22:48.0994 1488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:22:49.0014 1488 vsmraid - ok

23:22:49.0124 1488 VSNService (27cc4003da9ea10e3cd412a398bf04e6) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe

23:22:49.0144 1488 VSNService ( UnsignedFile.Multi.Generic ) - warning

23:22:49.0144 1488 VSNService - detected UnsignedFile.Multi.Generic (1)

23:22:49.0224 1488 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:22:49.0294 1488 VSS - ok

23:22:49.0414 1488 VUAgent (77e034d8d8dfa4039b45aca2f0d3ac13) C:\Program Files\SONY\VAIO Update 5\VUAgent.exe

23:22:49.0444 1488 VUAgent - ok

23:22:49.0534 1488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

23:22:49.0554 1488 vwifibus - ok

23:22:49.0584 1488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

23:22:49.0614 1488 vwififlt - ok

23:22:49.0644 1488 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

23:22:49.0664 1488 vwifimp - ok

23:22:49.0754 1488 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

23:22:49.0774 1488 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

23:22:49.0774 1488 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

23:22:49.0814 1488 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:22:49.0864 1488 W32Time - ok

23:22:49.0904 1488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:22:49.0924 1488 WacomPen - ok

23:22:49.0984 1488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:22:50.0034 1488 WANARP - ok

23:22:50.0054 1488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:22:50.0084 1488 Wanarpv6 - ok

23:22:50.0154 1488 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

23:22:50.0194 1488 WatAdminSvc - ok

23:22:50.0284 1488 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:22:50.0364 1488 wbengine - ok

23:22:50.0534 1488 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:22:50.0594 1488 WbioSrvc - ok

23:22:50.0724 1488 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:22:50.0854 1488 wcncsvc - ok

23:22:50.0894 1488 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:22:50.0944 1488 WcsPlugInService - ok

23:22:51.0034 1488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:22:51.0044 1488 Wd - ok

23:22:51.0124 1488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:22:51.0164 1488 Wdf01000 - ok

23:22:51.0204 1488 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:22:51.0414 1488 WdiServiceHost - ok

23:22:51.0414 1488 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:22:51.0434 1488 WdiSystemHost - ok

23:22:51.0494 1488 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:22:51.0544 1488 WebClient - ok

23:22:51.0604 1488 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:22:51.0664 1488 Wecsvc - ok

23:22:51.0694 1488 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:22:51.0754 1488 wercplsupport - ok

23:22:51.0804 1488 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:22:51.0844 1488 WerSvc - ok

23:22:51.0974 1488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:22:52.0054 1488 WfpLwf - ok

23:22:52.0084 1488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:22:52.0104 1488 WIMMount - ok

23:22:52.0104 1488 WinHttpAutoProxySvc - ok

23:22:52.0194 1488 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:22:52.0304 1488 Winmgmt - ok

23:22:52.0504 1488 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:22:52.0614 1488 WinRM - ok

23:22:52.0744 1488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:22:52.0774 1488 WinUsb - ok

23:22:52.0834 1488 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:22:52.0864 1488 Wlansvc - ok

23:22:53.0014 1488 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:22:53.0064 1488 wlidsvc - ok

23:22:53.0164 1488 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

23:22:53.0174 1488 WmBEnum - ok

23:22:53.0224 1488 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

23:22:53.0234 1488 WmFilter - ok

23:22:53.0274 1488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:22:53.0294 1488 WmiAcpi - ok

23:22:53.0344 1488 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:22:53.0374 1488 wmiApSrv - ok

23:22:53.0394 1488 WMPNetworkSvc - ok

23:22:53.0454 1488 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

23:22:53.0454 1488 WmVirHid - ok

23:22:53.0494 1488 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

23:22:53.0504 1488 WmXlCore - ok

23:22:53.0534 1488 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:22:53.0564 1488 WPCSvc - ok

23:22:53.0614 1488 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:22:53.0634 1488 WPDBusEnum - ok

23:22:53.0654 1488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:22:53.0694 1488 ws2ifsl - ok

23:22:53.0704 1488 WSearch - ok

23:22:53.0814 1488 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

23:22:53.0874 1488 wuauserv - ok

23:22:53.0984 1488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:22:54.0044 1488 WudfPf - ok

23:22:54.0114 1488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:22:54.0154 1488 WUDFRd - ok

23:22:54.0194 1488 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:22:54.0234 1488 wudfsvc - ok

23:22:54.0274 1488 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:22:54.0304 1488 WwanSvc - ok

23:22:54.0394 1488 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

23:22:54.0434 1488 xusb21 - ok

23:22:54.0484 1488 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys

23:22:54.0544 1488 yukonw7 - ok

23:22:54.0594 1488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:22:55.0304 1488 \Device\Harddisk0\DR0 - ok

23:22:55.0344 1488 Boot (0x1200) (f5336d2cb112c43983b6151d3d188297) \Device\Harddisk0\DR0\Partition0

23:22:55.0344 1488 \Device\Harddisk0\DR0\Partition0 - ok

23:22:55.0364 1488 Boot (0x1200) (c42a05656d02b644057c60a40be8ccbd) \Device\Harddisk0\DR0\Partition1

23:22:55.0364 1488 \Device\Harddisk0\DR0\Partition1 - ok

23:22:55.0364 1488 ============================================================

23:22:55.0364 1488 Scan finished

23:22:55.0364 1488 ============================================================

23:22:55.0394 0392 Detected object count: 9

23:22:55.0394 0392 Actual detected object count: 9

23:23:11.0711 0392 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

23:23:11.0711 0392 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

23:23:11.0731 0392 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0731 0392 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0746 0392 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0746 0392 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0762 0392 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0762 0392 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0777 0392 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0777 0392 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0793 0392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0793 0392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0809 0392 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0809 0392 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0809 0392 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0809 0392 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:23:11.0809 0392 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:23:11.0809 0392 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Those are OK, please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

I ran combofix. here are the scan results

ComboFix 12-07-13.01 - teng 14/07/2012 0:05.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2324 [GMT 10:00]

Running from: c:\users\teng\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\INSTALL.LOG

c:\program files (x86)\UNWISE.EXE

c:\users\teng\AppData\Local\amri.exe

c:\users\teng\AppData\Local\bdwg.exe

c:\users\teng\AppData\Local\dacdwkjw.log

c:\users\teng\AppData\Local\fvswgmnd.log

c:\users\teng\AppData\Local\inlb.exe

c:\users\teng\AppData\Local\ixos.exe

c:\users\teng\AppData\Local\jhlmlsnb.log

c:\users\teng\AppData\Local\jqxw.exe

c:\users\teng\AppData\Local\jume.exe

c:\users\teng\AppData\Local\lfbj.exe

c:\users\teng\AppData\Local\rbimvufg.log

c:\users\teng\AppData\Local\sxxctcia.log

c:\users\teng\AppData\Local\ucmu.exe

c:\users\teng\AppData\Local\uhcjuvoo.log

c:\users\teng\AppData\Local\ukvp.exe

c:\users\teng\AppData\Local\upfy.exe

c:\users\teng\AppData\Local\uwdj.exe

c:\users\teng\AppData\Local\vtvtfqre.log

c:\users\teng\AppData\Local\yslk.exe

c:\users\teng\AppData\Roaming\Ophen

c:\users\teng\AppData\Roaming\Ophen\inolc.afe

c:\windows\system32\fxsst.dll . . . . Failed to delete

c:\windows\SysWow64\agent.exe

.

----- File Replicators -----

.

c:\programdata\Adobe\Reader\9.2\ARM\10207\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\10207\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\10207\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\10784\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\10784\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\10784\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\16245\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\16245\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\16245\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\18064\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\18064\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\18064\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\26270\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\26270\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\26270\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\31101\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\31101\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\31101\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\31182\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\31182\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\31182\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\8908\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.2\ARM\8908\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.2\ARM\8908\ReaderUpdater.exe

c:\programdata\cple.exe

c:\programdata\dvxe.exe

c:\programdata\dwsv.exe

c:\programdata\eodx.exe

c:\programdata\fedh.exe

c:\programdata\inis.exe

c:\programdata\lsll.exe

c:\programdata\ntul.exe

c:\programdata\oxck.exe

c:\programdata\tmia.exe

c:\programdata\vhbr.exe

c:\programdata\wcgg.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10207\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10207\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10207\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10784\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10784\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\10784\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\16245\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\16245\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\16245\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\18064\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\18064\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\18064\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\26270\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\26270\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\26270\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31101\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31101\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31101\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31182\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31182\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\31182\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\8908\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\8908\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.2\ARM\8908\ReaderUpdater.exe

c:\users\All Users\cple.exe

c:\users\All Users\dvxe.exe

c:\users\All Users\dwsv.exe

c:\users\All Users\eodx.exe

c:\users\All Users\fedh.exe

c:\users\All Users\inis.exe

c:\users\All Users\lsll.exe

c:\users\All Users\ntul.exe

c:\users\All Users\oxck.exe

c:\users\All Users\tmia.exe

c:\users\All Users\vhbr.exe

c:\users\All Users\wcgg.exe

c:\users\teng\AppData\Local\amri.exe

c:\users\teng\AppData\Local\bdwg.exe

c:\users\teng\AppData\Local\inlb.exe

c:\users\teng\AppData\Local\ixos.exe

c:\users\teng\AppData\Local\jqxw.exe

c:\users\teng\AppData\Local\jume.exe

c:\users\teng\AppData\Local\lfbj.exe

c:\users\teng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\teng\Desktop\0.9476905325084528.exe

c:\users\teng\AppData\Local\ucmu.exe

c:\users\teng\AppData\Local\ukvp.exe

c:\users\teng\AppData\Local\upfy.exe

c:\users\teng\AppData\Local\uwdj.exe

c:\users\teng\AppData\Local\yslk.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ahyx.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bvoc.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bxch.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cdma.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cfeo.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\clci.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ffrp.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\hqyb.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\kyxe.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lfru.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lqbq.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\oumf.exe

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Micorsoft Windows Service

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 14:16 . 2012-07-13 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-13 14:16 . 2012-07-13 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63DC2876-B22A-4EB2-B022-0ED06827299F}\mpengine.dll

2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

2012-07-10 05:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

pjbhcvsk.exe [2012-7-11 90944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF6794.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-PjbHcvsk - c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

AddRemove-USB Human Interface Device - c:\progra~2\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2012-07-14 00:27:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-13 14:27

.

Pre-Run: 52,566,511,616 bytes free

Post-Run: 52,337,942,528 bytes free

.

- - End Of File - - 6175BA8BFD095840AB67195CD934F055

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

Just as an added note, I wasn't able to open this site so I had to run the Roguekiller scan and delete the files you mentioned before again. As I ran it in safe mode last time it only showed bad registry files. This time it had to close a few process first. heres the scan log (sorry this didn't come up sooner):

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Remove -- Date: 07/14/2012 00:31:27

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> NOT SELECTED

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[14].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

Heres the MBAM scan report:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

teng :: VAIO [administrator]

14/07/2012 12:55:20 AM

mbam-log-2012-07-14 (00-55-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241048

Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, we have to delete some files using ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\programdata\cple.exe

c:\programdata\dvxe.exe

c:\programdata\dwsv.exe

c:\programdata\eodx.exe

c:\programdata\fedh.exe

c:\programdata\inis.exe

c:\programdata\lsll.exe

c:\programdata\ntul.exe

c:\programdata\oxck.exe

c:\programdata\tmia.exe

c:\programdata\vhbr.exe

c:\programdata\wcgg.exe

:\users\All Users\cple.exe

c:\users\All Users\dvxe.exe

c:\users\All Users\dwsv.exe

c:\users\All Users\eodx.exe

c:\users\All Users\fedh.exe

c:\users\All Users\inis.exe

c:\users\All Users\lsll.exe

c:\users\All Users\ntul.exe

c:\users\All Users\oxck.exe

c:\users\All Users\tmia.exe

c:\users\All Users\vhbr.exe

c:\users\All Users\wcgg.exe

c:\users\teng\AppData\Local\amri.exe

c:\users\teng\AppData\Local\bdwg.exe

c:\users\teng\AppData\Local\inlb.exe

c:\users\teng\AppData\Local\ixos.exe

c:\users\teng\AppData\Local\jqxw.exe

c:\users\teng\AppData\Local\jume.exe

c:\users\teng\AppData\Local\lfbj.exe

c:\users\teng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\teng\Desktop\0.9476905325084528.exe

c:\users\teng\AppData\Local\ucmu.exe

c:\users\teng\AppData\Local\ukvp.exe

c:\users\teng\AppData\Local\upfy.exe

c:\users\teng\AppData\Local\uwdj.exe

c:\users\teng\AppData\Local\yslk.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ahyx.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bvoc.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bxch.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cdma.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cfeo.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\clci.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ffrp.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\hqyb.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\kyxe.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lfru.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lqbq.exe

c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\oumf.exe

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

heres the scan result:

ComboFix 12-07-13.02 - teng 14/07/2012 1:19.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2135 [GMT 10:00]

Running from: c:\users\teng\Desktop\ComboFix.exe

Command switches used :: c:\users\teng\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\cple.exe"

"c:\programdata\dvxe.exe"

"c:\programdata\dwsv.exe"

"c:\programdata\eodx.exe"

"c:\programdata\fedh.exe"

"c:\programdata\inis.exe"

"c:\programdata\lsll.exe"

"c:\programdata\ntul.exe"

"c:\programdata\oxck.exe"

"c:\programdata\tmia.exe"

"c:\programdata\vhbr.exe"

"c:\programdata\wcgg.exe"

"c:\users\All Users\dvxe.exe"

"c:\users\All Users\dwsv.exe"

"c:\users\All Users\eodx.exe"

"c:\users\All Users\fedh.exe"

"c:\users\All Users\inis.exe"

"c:\users\All Users\lsll.exe"

"c:\users\All Users\ntul.exe"

"c:\users\All Users\oxck.exe"

"c:\users\All Users\tmia.exe"

"c:\users\All Users\vhbr.exe"

"c:\users\All Users\wcgg.exe"

"c:\users\teng\AppData\Local\amri.exe"

"c:\users\teng\AppData\Local\bdwg.exe"

"c:\users\teng\AppData\Local\inlb.exe"

"c:\users\teng\AppData\Local\ixos.exe"

"c:\users\teng\AppData\Local\jqxw.exe"

"c:\users\teng\AppData\Local\jume.exe"

"c:\users\teng\AppData\Local\lfbj.exe"

"c:\users\teng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\teng\Desktop\0.9476905325084528.exe"

"c:\users\teng\AppData\Local\ucmu.exe"

"c:\users\teng\AppData\Local\ukvp.exe"

"c:\users\teng\AppData\Local\upfy.exe"

"c:\users\teng\AppData\Local\uwdj.exe"

"c:\users\teng\AppData\Local\yslk.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ahyx.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bvoc.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\bxch.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cdma.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\cfeo.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\clci.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\ffrp.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\hqyb.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\kyxe.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lfru.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\lqbq.exe"

"c:\users\teng\AppData\Roaming\Microsoft\Windows\Templates\oumf.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\teng\AppData\Local\dacdwkjw.log

c:\users\teng\AppData\Local\fvswgmnd.log

c:\users\teng\AppData\Local\jhlmlsnb.log

c:\users\teng\AppData\Local\qkbydubj.log

c:\users\teng\AppData\Local\rbimvufg.log

c:\users\teng\AppData\Local\sxxctcia.log

c:\users\teng\AppData\Local\uhcjuvoo.log

c:\users\teng\AppData\Local\vtvtfqre.log

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 15:31 . 2012-07-13 15:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-13 15:31 . 2012-07-13 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll

2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

2012-07-10 23:52 . 2012-07-10 23:52 90944 --s---w- c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe

2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll

2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES

2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW

2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS

2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY

2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2

2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME

2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING

2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview

2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders

2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll

2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll

2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe

2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp

2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll

2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp

2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll

2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe

2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe

2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe

2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe

2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe

2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll

2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll

2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll

1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-27 11:45 . 2012-07-13 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-27 11:45 . 2012-07-13 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-13 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 02:36 . 2012-07-13 14:25 648596 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-13 14:25 118726 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

pjbhcvsk.exe [2012-7-11 90944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]

R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,

84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\

"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90

.

[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]

"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,

a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\

"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-14 01:34:47

ComboFix-quarantined-files.txt 2012-07-13 15:34

ComboFix2.txt 2012-07-13 14:27

.

Pre-Run: 52,084,174,848 bytes free

Post-Run: 51,674,939,392 bytes free

.

- - End Of File - - 5582A984270AA8252DD39E7A156DC961

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

heres the RogueKiller log:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Scan -- Date: 07/14/2012 01:50:08

¤¤¤ Bad processes: 3 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sUSP PATH] hovcexutiovmkrtn.exe -- C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[15].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;

RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Yes > delete it.

Run RogueKiller again and click Scan

When the scan completes....

These will automatically be Killed:

¤¤¤ Bad processes: 3 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sUSP PATH] hovcexutiovmkrtn.exe -- C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe -> KILLED [TermProc]

Click the Registry Tab and put a check next to these > uncheck the rest > now click Delete on the right hand column:

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND

[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> FOUND

Post the log...don't reboot!!

Run TDSSKiller again > download a fresh copy

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

heres the RogueKiller log:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Remove -- Date: 07/14/2012 02:47:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)

[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> DELETED

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[18].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[1].txt ;

RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;

RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

Heres the TDSSKiller log, I didn't delete anything (wasn't sure what to delete):

02:50:32.0926 3148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

02:50:33.0999 3148 ============================================================

02:50:33.0999 3148 Current date / time: 2012/07/14 02:50:33.0999

02:50:33.0999 3148 SystemInfo:

02:50:33.0999 3148

02:50:33.0999 3148 OS Version: 6.1.7601 ServicePack: 1.0

02:50:33.0999 3148 Product type: Workstation

02:50:33.0999 3148 ComputerName: VAIO

02:50:34.0000 3148 UserName: teng

02:50:34.0000 3148 Windows directory: C:\Windows

02:50:34.0000 3148 System windows directory: C:\Windows

02:50:34.0000 3148 Running under WOW64

02:50:34.0000 3148 Processor architecture: Intel x64

02:50:34.0000 3148 Number of processors: 8

02:50:34.0000 3148 Page size: 0x1000

02:50:34.0000 3148 Boot type: Normal boot

02:50:34.0000 3148 ============================================================

02:50:34.0722 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:50:34.0748 3148 ============================================================

02:50:34.0748 3148 \Device\Harddisk0\DR0:

02:50:34.0748 3148 MBR partitions:

02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40000, BlocksNum 0x32000

02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72000, BlocksNum 0x38413830

02:50:34.0749 3148 ============================================================

02:50:34.0830 3148 C: <-> \Device\Harddisk0\DR0\Partition1

02:50:34.0831 3148 ============================================================

02:50:34.0831 3148 Initialize success

02:50:34.0831 3148 ============================================================

02:51:04.0705 2060 ============================================================

02:51:04.0705 2060 Scan started

02:51:04.0705 2060 Mode: Manual; SigCheck; TDLFS;

02:51:04.0705 2060 ============================================================

02:51:05.0379 2060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

02:51:05.0551 2060 1394ohci - ok

02:51:05.0682 2060 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

02:51:05.0716 2060 ACDaemon - ok

02:51:05.0792 2060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

02:51:05.0827 2060 ACPI - ok

02:51:05.0880 2060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

02:51:05.0974 2060 AcpiPmi - ok

02:51:06.0063 2060 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

02:51:06.0089 2060 AdobeActiveFileMonitor8.0 - ok

02:51:06.0190 2060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

02:51:06.0232 2060 adp94xx - ok

02:51:06.0312 2060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

02:51:06.0350 2060 adpahci - ok

02:51:06.0407 2060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

02:51:06.0438 2060 adpu320 - ok

02:51:06.0480 2060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

02:51:06.0688 2060 AeLookupSvc - ok

02:51:06.0803 2060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

02:51:06.0903 2060 AFD - ok

02:51:06.0959 2060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

02:51:06.0985 2060 agp440 - ok

02:51:07.0467 2060 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll

02:51:07.0467 2060 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22

02:51:07.0483 2060 Akamai ( HiddenFile.Multi.Generic ) - warning

02:51:07.0483 2060 Akamai - detected HiddenFile.Multi.Generic (1)

02:51:07.0671 2060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

02:51:07.0754 2060 ALG - ok

02:51:07.0866 2060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

02:51:07.0891 2060 aliide - ok

02:51:07.0897 2060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

02:51:07.0921 2060 amdide - ok

02:51:07.0987 2060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

02:51:08.0054 2060 AmdK8 - ok

02:51:08.0083 2060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

02:51:08.0143 2060 AmdPPM - ok

02:51:08.0205 2060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

02:51:08.0232 2060 amdsata - ok

02:51:08.0276 2060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

02:51:08.0306 2060 amdsbs - ok

02:51:08.0358 2060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

02:51:08.0384 2060 amdxata - ok

02:51:08.0470 2060 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys

02:51:08.0499 2060 ApfiltrService - ok

02:51:08.0555 2060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

02:51:08.0770 2060 AppID - ok

02:51:08.0835 2060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

02:51:08.0939 2060 AppIDSvc - ok

02:51:09.0001 2060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

02:51:09.0096 2060 Appinfo - ok

02:51:09.0248 2060 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

02:51:09.0269 2060 Apple Mobile Device - ok

02:51:09.0358 2060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

02:51:09.0384 2060 arc - ok

02:51:09.0426 2060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

02:51:09.0452 2060 arcsas - ok

02:51:09.0508 2060 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

02:51:09.0526 2060 ArcSoftKsUFilter - ok

02:51:09.0619 2060 aspnet_state - ok

02:51:09.0674 2060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:51:09.0769 2060 AsyncMac - ok

02:51:09.0818 2060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

02:51:09.0844 2060 atapi - ok

02:51:10.0000 2060 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

02:51:10.0106 2060 athr - ok

02:51:10.0303 2060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:51:10.0431 2060 AudioEndpointBuilder - ok

02:51:10.0443 2060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:51:10.0529 2060 AudioSrv - ok

02:51:10.0606 2060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

02:51:10.0697 2060 AxInstSV - ok

02:51:10.0800 2060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

02:51:10.0872 2060 b06bdrv - ok

02:51:10.0945 2060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:51:11.0017 2060 b57nd60a - ok

02:51:11.0082 2060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

02:51:11.0150 2060 BDESVC - ok

02:51:11.0210 2060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:51:11.0307 2060 Beep - ok

02:51:11.0459 2060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

02:51:11.0580 2060 BFE - ok

02:51:11.0672 2060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

02:51:11.0854 2060 BITS - ok

02:51:11.0937 2060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

02:51:11.0964 2060 blbdrive - ok

02:51:12.0121 2060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

02:51:12.0153 2060 Bonjour Service - ok

02:51:12.0232 2060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

02:51:12.0298 2060 bowser - ok

02:51:12.0354 2060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

02:51:12.0438 2060 BrFiltLo - ok

02:51:12.0456 2060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

02:51:12.0489 2060 BrFiltUp - ok

02:51:12.0556 2060 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

02:51:12.0637 2060 BridgeMP - ok

02:51:12.0707 2060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

02:51:12.0825 2060 Browser - ok

02:51:12.0902 2060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:51:12.0965 2060 Brserid - ok

02:51:13.0032 2060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:51:13.0080 2060 BrSerWdm - ok

02:51:13.0112 2060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:51:13.0196 2060 BrUsbMdm - ok

02:51:13.0243 2060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:51:13.0285 2060 BrUsbSer - ok

02:51:13.0343 2060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

02:51:13.0426 2060 BthEnum - ok

02:51:13.0488 2060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

02:51:13.0538 2060 BTHMODEM - ok

02:51:13.0587 2060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

02:51:13.0629 2060 BthPan - ok

02:51:13.0736 2060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

02:51:13.0803 2060 BTHPORT - ok

02:51:13.0858 2060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

02:51:13.0947 2060 bthserv - ok

02:51:14.0008 2060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

02:51:14.0049 2060 BTHUSB - ok

02:51:14.0107 2060 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

02:51:14.0128 2060 btusbflt - ok

02:51:14.0196 2060 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

02:51:14.0219 2060 btwaudio - ok

02:51:14.0325 2060 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

02:51:14.0348 2060 btwavdt - ok

02:51:14.0568 2060 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

02:51:14.0615 2060 btwdins - ok

02:51:14.0629 2060 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

02:51:14.0645 2060 btwl2cap - ok

02:51:14.0693 2060 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

02:51:14.0712 2060 btwrchid - ok

02:51:14.0771 2060 catchme - ok

02:51:14.0827 2060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:51:14.0916 2060 cdfs - ok

02:51:14.0978 2060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

02:51:15.0022 2060 cdrom - ok

02:51:15.0070 2060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:51:15.0172 2060 CertPropSvc - ok

02:51:15.0229 2060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

02:51:15.0285 2060 circlass - ok

02:51:15.0352 2060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:51:15.0388 2060 CLFS - ok

02:51:15.0486 2060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:51:15.0509 2060 clr_optimization_v2.0.50727_32 - ok

02:51:15.0576 2060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

02:51:15.0599 2060 clr_optimization_v2.0.50727_64 - ok

02:51:15.0726 2060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:51:15.0751 2060 clr_optimization_v4.0.30319_32 - ok

02:51:15.0827 2060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

02:51:15.0849 2060 clr_optimization_v4.0.30319_64 - ok

02:51:15.0902 2060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

02:51:15.0947 2060 CmBatt - ok

02:51:15.0987 2060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

02:51:16.0011 2060 cmdide - ok

02:51:16.0098 2060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

02:51:16.0156 2060 CNG - ok

02:51:16.0222 2060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

02:51:16.0248 2060 Compbatt - ok

02:51:16.0303 2060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

02:51:16.0356 2060 CompositeBus - ok

02:51:16.0375 2060 COMSysApp - ok

02:51:16.0414 2060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

02:51:16.0438 2060 crcdisk - ok

02:51:16.0513 2060 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

02:51:16.0563 2060 CryptSvc - ok

02:51:16.0630 2060 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

02:51:16.0650 2060 CVirtA - ok

02:51:16.0826 2060 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

02:51:16.0891 2060 CVPND - ok

02:51:17.0088 2060 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys

02:51:17.0117 2060 CVPNDRVA - ok

02:51:17.0223 2060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:51:17.0311 2060 DcomLaunch - ok

02:51:17.0367 2060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

02:51:17.0462 2060 defragsvc - ok

02:51:17.0544 2060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

02:51:17.0648 2060 DfsC - ok

02:51:17.0725 2060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

02:51:17.0816 2060 Dhcp - ok

02:51:17.0876 2060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:51:17.0952 2060 discache - ok

02:51:18.0006 2060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

02:51:18.0033 2060 Disk - ok

02:51:18.0100 2060 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

02:51:18.0122 2060 DNE - ok

02:51:18.0188 2060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

02:51:18.0264 2060 Dnscache - ok

02:51:18.0325 2060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

02:51:18.0425 2060 dot3svc - ok

02:51:18.0448 2060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

02:51:18.0531 2060 DPS - ok

02:51:18.0587 2060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:51:18.0627 2060 drmkaud - ok

02:51:18.0737 2060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

02:51:18.0796 2060 DXGKrnl - ok

02:51:18.0863 2060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

02:51:18.0963 2060 EapHost - ok

02:51:19.0298 2060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

02:51:19.0480 2060 ebdrv - ok

02:51:19.0634 2060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

02:51:19.0704 2060 EFS - ok

02:51:19.0842 2060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

02:51:19.0936 2060 ehRecvr - ok

02:51:19.0972 2060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

02:51:20.0017 2060 ehSched - ok

02:51:20.0126 2060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

02:51:20.0168 2060 elxstor - ok

02:51:20.0202 2060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

02:51:20.0228 2060 ErrDev - ok

02:51:20.0293 2060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

02:51:20.0399 2060 EventSystem - ok

02:51:20.0589 2060 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

02:51:20.0659 2060 EvtEng - ok

02:51:20.0818 2060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:51:20.0914 2060 exfat - ok

02:51:20.0942 2060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:51:21.0035 2060 fastfat - ok

02:51:21.0125 2060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

02:51:21.0210 2060 Fax - ok

02:51:21.0264 2060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

02:51:21.0298 2060 fdc - ok

02:51:21.0353 2060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

02:51:21.0474 2060 fdPHost - ok

02:51:21.0508 2060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

02:51:21.0585 2060 FDResPub - ok

02:51:21.0652 2060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:51:21.0678 2060 FileInfo - ok

02:51:21.0690 2060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:51:21.0786 2060 Filetrace - ok

02:51:21.0907 2060 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

02:51:21.0958 2060 FLEXnet Licensing Service - ok

02:51:22.0012 2060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

02:51:22.0037 2060 flpydisk - ok

02:51:22.0098 2060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

02:51:22.0132 2060 FltMgr - ok

02:51:22.0244 2060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

02:51:22.0321 2060 FontCache - ok

02:51:22.0396 2060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

02:51:22.0416 2060 FontCache3.0.0.0 - ok

02:51:22.0470 2060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:51:22.0496 2060 FsDepends - ok

02:51:22.0548 2060 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

02:51:22.0568 2060 fssfltr - ok

02:51:22.0704 2060 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

02:51:22.0748 2060 fsssvc - ok

02:51:22.0793 2060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

02:51:22.0818 2060 Fs_Rec - ok

02:51:22.0960 2060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

02:51:23.0000 2060 fvevol - ok

02:51:23.0050 2060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

02:51:23.0076 2060 gagp30kx - ok

02:51:23.0146 2060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

02:51:23.0163 2060 GEARAspiWDM - ok

02:51:23.0275 2060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

02:51:23.0379 2060 gpsvc - ok

02:51:23.0430 2060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:51:23.0503 2060 hcw85cir - ok

02:51:23.0580 2060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

02:51:23.0621 2060 HdAudAddService - ok

02:51:23.0662 2060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

02:51:23.0696 2060 HDAudBus - ok

02:51:23.0731 2060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

02:51:23.0778 2060 HidBatt - ok

02:51:23.0812 2060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

02:51:23.0869 2060 HidBth - ok

02:51:23.0927 2060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

02:51:23.0969 2060 HidIr - ok

02:51:24.0008 2060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

02:51:24.0113 2060 hidserv - ok

02:51:24.0173 2060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

02:51:24.0200 2060 HidUsb - ok

02:51:24.0249 2060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

02:51:24.0346 2060 hkmsvc - ok

02:51:24.0428 2060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

02:51:24.0496 2060 HomeGroupListener - ok

02:51:24.0545 2060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

02:51:24.0592 2060 HomeGroupProvider - ok

02:51:24.0634 2060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

02:51:24.0659 2060 HpSAMD - ok

02:51:24.0759 2060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

02:51:24.0872 2060 HTTP - ok

02:51:24.0899 2060 hwdatacard - ok

02:51:24.0931 2060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

02:51:24.0956 2060 hwpolicy - ok

02:51:25.0055 2060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

02:51:25.0082 2060 i8042prt - ok

02:51:25.0281 2060 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

02:51:25.0310 2060 IAANTMON - ok

02:51:25.0367 2060 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys

02:51:25.0398 2060 iaStor - ok

02:51:25.0488 2060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

02:51:25.0525 2060 iaStorV - ok

02:51:25.0684 2060 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

02:51:25.0707 2060 IDriverT ( UnsignedFile.Multi.Generic ) - warning

02:51:25.0707 2060 IDriverT - detected UnsignedFile.Multi.Generic (1)

02:51:25.0835 2060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

02:51:25.0883 2060 idsvc - ok

02:51:25.0996 2060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

02:51:26.0022 2060 iirsp - ok

02:51:26.0120 2060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

02:51:26.0215 2060 IKEEXT - ok

02:51:26.0288 2060 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys

02:51:26.0326 2060 Impcd - ok

02:51:26.0534 2060 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys

02:51:26.0640 2060 IntcAzAudAddService - ok

02:51:26.0790 2060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

02:51:26.0813 2060 intelide - ok

02:51:26.0870 2060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

02:51:26.0908 2060 intelppm - ok

02:51:26.0959 2060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

02:51:27.0055 2060 IPBusEnum - ok

02:51:27.0114 2060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:51:27.0209 2060 IpFilterDriver - ok

02:51:27.0285 2060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

02:51:27.0381 2060 iphlpsvc - ok

02:51:27.0423 2060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

02:51:27.0468 2060 IPMIDRV - ok

02:51:27.0509 2060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:51:27.0604 2060 IPNAT - ok

02:51:27.0728 2060 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe

02:51:27.0777 2060 iPod Service - ok

02:51:27.0831 2060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:51:27.0904 2060 IRENUM - ok

02:51:27.0971 2060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

02:51:27.0998 2060 isapnp - ok

02:51:28.0154 2060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

02:51:28.0194 2060 iScsiPrt - ok

02:51:28.0299 2060 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

02:51:28.0320 2060 IviRegMgr - ok

02:51:28.0375 2060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

02:51:28.0400 2060 kbdclass - ok

02:51:28.0460 2060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

02:51:28.0505 2060 kbdhid - ok

02:51:28.0568 2060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:51:28.0594 2060 KeyIso - ok

02:51:28.0618 2060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

02:51:28.0645 2060 KSecDD - ok

02:51:28.0672 2060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

02:51:28.0700 2060 KSecPkg - ok

02:51:28.0757 2060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:51:28.0842 2060 ksthunk - ok

02:51:28.0890 2060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

02:51:28.0986 2060 KtmRm - ok

02:51:29.0059 2060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

02:51:29.0180 2060 LanmanServer - ok

02:51:29.0272 2060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

02:51:29.0361 2060 LanmanWorkstation - ok

02:51:29.0424 2060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:51:29.0521 2060 lltdio - ok

02:51:29.0580 2060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

02:51:29.0680 2060 lltdsvc - ok

02:51:29.0720 2060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

02:51:29.0796 2060 lmhosts - ok

02:51:29.0865 2060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

02:51:29.0892 2060 LSI_FC - ok

02:51:29.0917 2060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

02:51:29.0944 2060 LSI_SAS - ok

02:51:29.0993 2060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

02:51:30.0020 2060 LSI_SAS2 - ok

02:51:30.0060 2060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

02:51:30.0089 2060 LSI_SCSI - ok

02:51:30.0145 2060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:51:30.0234 2060 luafv - ok

02:51:30.0283 2060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

02:51:30.0322 2060 Mcx2Svc - ok

02:51:30.0341 2060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

02:51:30.0365 2060 megasas - ok

02:51:30.0438 2060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

02:51:30.0471 2060 MegaSR - ok

02:51:30.0662 2060 Micorsoft Windows Service (a6d351093f75d16c574db31cdf736153) C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys

02:51:30.0670 2060 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - warning

02:51:30.0670 2060 Micorsoft Windows Service - detected UnsignedFile.Multi.Generic (1)

02:51:30.0703 2060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:51:30.0791 2060 MMCSS - ok

02:51:30.0825 2060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:51:30.0910 2060 Modem - ok

02:51:30.0958 2060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:51:30.0989 2060 monitor - ok

02:51:31.0045 2060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

02:51:31.0070 2060 mouclass - ok

02:51:31.0133 2060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:51:31.0174 2060 mouhid - ok

02:51:31.0231 2060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

02:51:31.0258 2060 mountmgr - ok

02:51:31.0319 2060 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

02:51:31.0359 2060 MpFilter - ok

02:51:31.0410 2060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

02:51:31.0441 2060 mpio - ok

02:51:31.0477 2060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:51:31.0553 2060 mpsdrv - ok

02:51:31.0650 2060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

02:51:31.0778 2060 MpsSvc - ok

02:51:31.0842 2060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

02:51:31.0910 2060 MRxDAV - ok

02:51:31.0960 2060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:51:32.0011 2060 mrxsmb - ok

02:51:32.0066 2060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:51:32.0113 2060 mrxsmb10 - ok

02:51:32.0168 2060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:51:32.0196 2060 mrxsmb20 - ok

02:51:32.0247 2060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

02:51:32.0272 2060 msahci - ok

02:51:32.0314 2060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

02:51:32.0342 2060 msdsm - ok

02:51:32.0382 2060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

02:51:32.0428 2060 MSDTC - ok

02:51:32.0478 2060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:51:32.0569 2060 Msfs - ok

02:51:32.0621 2060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:51:32.0696 2060 mshidkmdf - ok

02:51:32.0741 2060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

02:51:32.0766 2060 msisadrv - ok

02:51:32.0797 2060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

02:51:32.0891 2060 MSiSCSI - ok

02:51:32.0896 2060 msiserver - ok

02:51:32.0946 2060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:51:33.0024 2060 MSKSSRV - ok

02:51:33.0210 2060 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

02:51:33.0235 2060 MsMpSvc - ok

02:51:33.0290 2060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:51:33.0375 2060 MSPCLOCK - ok

02:51:33.0398 2060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:51:33.0484 2060 MSPQM - ok

02:51:33.0597 2060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

02:51:33.0674 2060 MsRPC - ok

02:51:33.0745 2060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

02:51:33.0771 2060 mssmbios - ok

02:51:33.0822 2060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:51:33.0910 2060 MSTEE - ok

02:51:33.0944 2060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

02:51:33.0983 2060 MTConfig - ok

02:51:34.0049 2060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:51:34.0075 2060 Mup - ok

02:51:34.0150 2060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

02:51:34.0257 2060 napagent - ok

02:51:34.0339 2060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:51:34.0391 2060 NativeWifiP - ok

02:51:34.0610 2060 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

02:51:34.0638 2060 NBService ( UnsignedFile.Multi.Generic ) - warning

02:51:34.0638 2060 NBService - detected UnsignedFile.Multi.Generic (1)

02:51:34.0747 2060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

02:51:34.0808 2060 NDIS - ok

02:51:34.0863 2060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:51:34.0947 2060 NdisCap - ok

02:51:35.0003 2060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:51:35.0102 2060 NdisTapi - ok

02:51:35.0154 2060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

02:51:35.0235 2060 Ndisuio - ok

02:51:35.0280 2060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

02:51:35.0374 2060 NdisWan - ok

02:51:35.0419 2060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

02:51:35.0495 2060 NDProxy - ok

02:51:35.0544 2060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:51:35.0644 2060 NetBIOS - ok

02:51:35.0693 2060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

02:51:35.0775 2060 NetBT - ok

02:51:35.0824 2060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:51:35.0850 2060 Netlogon - ok

02:51:35.0926 2060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

02:51:36.0020 2060 Netman - ok

02:51:36.0133 2060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

02:51:36.0221 2060 netprofm - ok

02:51:36.0305 2060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

02:51:36.0326 2060 NetTcpPortSharing - ok

02:51:36.0796 2060 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

02:51:37.0117 2060 NETw5s64 - ok

02:51:37.0269 2060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

02:51:37.0294 2060 nfrd960 - ok

02:51:37.0336 2060 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

02:51:37.0359 2060 NisDrv - ok

02:51:37.0539 2060 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

02:51:37.0573 2060 NisSrv - ok

02:51:37.0637 2060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

02:51:37.0732 2060 NlaSvc - ok

02:51:37.0893 2060 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

02:51:37.0922 2060 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

02:51:37.0922 2060 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

02:51:37.0945 2060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:51:38.0014 2060 Npfs - ok

02:51:38.0034 2060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

02:51:38.0100 2060 nsi - ok

02:51:38.0117 2060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:51:38.0205 2060 nsiproxy - ok

02:51:38.0366 2060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

02:51:38.0451 2060 Ntfs - ok

02:51:38.0566 2060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:51:38.0661 2060 Null - ok

02:51:38.0727 2060 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

02:51:38.0753 2060 NVHDA - ok

02:51:39.0704 2060 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

02:51:40.0309 2060 nvlddmkm - ok

02:51:40.0500 2060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

02:51:40.0524 2060 nvraid - ok

02:51:40.0543 2060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

02:51:40.0570 2060 nvstor - ok

02:51:40.0698 2060 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

02:51:40.0769 2060 nvsvc - ok

02:51:41.0049 2060 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

02:51:41.0139 2060 nvUpdatusService - ok

02:51:41.0346 2060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

02:51:41.0373 2060 nv_agp - ok

02:51:41.0570 2060 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

02:51:41.0607 2060 odserv - ok

02:51:41.0651 2060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

02:51:41.0689 2060 ohci1394 - ok

02:51:41.0761 2060 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

02:51:41.0784 2060 ose - ok

02:51:41.0832 2060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:51:41.0886 2060 p2pimsvc - ok

02:51:41.0941 2060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

02:51:41.0977 2060 p2psvc - ok

02:51:42.0014 2060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

02:51:42.0042 2060 Parport - ok

02:51:42.0081 2060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

02:51:42.0108 2060 partmgr - ok

02:51:42.0147 2060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

02:51:42.0199 2060 PcaSvc - ok

02:51:42.0259 2060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

02:51:42.0290 2060 pci - ok

02:51:42.0337 2060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

02:51:42.0361 2060 pciide - ok

02:51:42.0411 2060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

02:51:42.0442 2060 pcmcia - ok

02:51:42.0483 2060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:51:42.0510 2060 pcw - ok

02:51:42.0571 2060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:51:42.0679 2060 PEAUTH - ok

02:51:42.0761 2060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

02:51:42.0803 2060 PerfHost - ok

02:51:42.0941 2060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

02:51:43.0051 2060 pla - ok

02:51:43.0180 2060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

02:51:43.0256 2060 PlugPlay - ok

02:51:43.0448 2060 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

02:51:43.0474 2060 PMBDeviceInfoProvider - ok

02:51:43.0510 2060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

02:51:43.0559 2060 PNRPAutoReg - ok

02:51:43.0604 2060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:51:43.0635 2060 PNRPsvc - ok

02:51:43.0726 2060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

02:51:43.0836 2060 PolicyAgent - ok

02:51:43.0909 2060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

02:51:44.0023 2060 Power - ok

02:51:44.0187 2060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

02:51:44.0277 2060 PptpMiniport - ok

02:51:44.0316 2060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

02:51:44.0367 2060 Processor - ok

02:51:44.0432 2060 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

02:51:44.0496 2060 ProfSvc - ok

02:51:44.0536 2060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:51:44.0563 2060 ProtectedStorage - ok

02:51:44.0624 2060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

02:51:44.0714 2060 Psched - ok

02:51:44.0824 2060 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

02:51:44.0845 2060 PSI_SVC_2 - ok

02:51:44.0908 2060 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

02:51:44.0930 2060 PxHlpa64 - ok

02:51:45.0107 2060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

02:51:45.0203 2060 ql2300 - ok

02:51:45.0364 2060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

02:51:45.0391 2060 ql40xx - ok

02:51:45.0479 2060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

02:51:45.0521 2060 QWAVE - ok

02:51:45.0577 2060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:51:45.0621 2060 QWAVEdrv - ok

02:51:45.0644 2060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:51:45.0732 2060 RasAcd - ok

02:51:45.0793 2060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:51:45.0867 2060 RasAgileVpn - ok

02:51:45.0940 2060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

02:51:46.0044 2060 RasAuto - ok

02:51:46.0105 2060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:51:46.0196 2060 Rasl2tp - ok

02:51:46.0288 2060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

02:51:46.0390 2060 RasMan - ok

02:51:46.0450 2060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:51:46.0547 2060 RasPppoe - ok

02:51:46.0641 2060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:51:46.0754 2060 RasSstp - ok

02:51:46.0843 2060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

02:51:46.0945 2060 rdbss - ok

02:51:46.0986 2060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

02:51:47.0041 2060 rdpbus - ok

02:51:47.0095 2060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:51:47.0189 2060 RDPCDD - ok

02:51:47.0235 2060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:51:47.0328 2060 RDPENCDD - ok

02:51:47.0371 2060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:51:47.0445 2060 RDPREFMP - ok

02:51:47.0507 2060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

02:51:47.0563 2060 RDPWD - ok

02:51:47.0624 2060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

02:51:47.0669 2060 rdyboost - ok

02:51:47.0733 2060 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

02:51:47.0755 2060 regi - ok

02:51:48.0019 2060 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

02:51:48.0080 2060 RegSrvc - ok

02:51:48.0139 2060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

02:51:48.0216 2060 RemoteAccess - ok

02:51:48.0275 2060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

02:51:48.0368 2060 RemoteRegistry - ok

02:51:48.0429 2060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

02:51:48.0479 2060 RFCOMM - ok

02:51:48.0552 2060 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys

02:51:48.0597 2060 rimspci - ok

02:51:48.0678 2060 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys

02:51:48.0735 2060 risdsnpe - ok

02:51:48.0867 2060 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

02:51:48.0895 2060 Roxio UPnP Renderer 10 - ok

02:51:48.0949 2060 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

02:51:48.0982 2060 Roxio Upnp Server 10 - ok

02:51:49.0005 2060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

02:51:49.0108 2060 RpcEptMapper - ok

02:51:49.0137 2060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

02:51:49.0188 2060 RpcLocator - ok

02:51:49.0311 2060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:51:49.0396 2060 RpcSs - ok

02:51:49.0465 2060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:51:49.0564 2060 rspndr - ok

02:51:49.0741 2060 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\SONY\VAIO Care\collsvc.exe

02:51:49.0764 2060 SampleCollector ( UnsignedFile.Multi.Generic ) - warning

02:51:49.0764 2060 SampleCollector - detected UnsignedFile.Multi.Generic (1)

02:51:49.0814 2060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:51:49.0839 2060 SamSs - ok

02:51:49.0883 2060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

02:51:49.0911 2060 sbp2port - ok

02:51:49.0985 2060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

02:51:50.0065 2060 SCardSvr - ok

02:51:50.0114 2060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

02:51:50.0193 2060 scfilter - ok

02:51:50.0402 2060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

02:51:50.0541 2060 Schedule - ok

02:51:50.0607 2060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:51:50.0679 2060 SCPolicySvc - ok

02:51:50.0761 2060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

02:51:50.0796 2060 sdbus - ok

02:51:50.0857 2060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

02:51:50.0931 2060 SDRSVC - ok

02:51:51.0062 2060 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

02:51:51.0093 2060 SeaPort - ok

02:51:51.0152 2060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:51:51.0226 2060 secdrv - ok

02:51:51.0274 2060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

02:51:51.0378 2060 seclogon - ok

02:51:51.0433 2060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

02:51:51.0523 2060 SENS - ok

02:51:51.0547 2060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

02:51:51.0609 2060 SensrSvc - ok

02:51:51.0665 2060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

02:51:51.0707 2060 Serenum - ok

02:51:51.0761 2060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

02:51:51.0813 2060 Serial - ok

02:51:51.0873 2060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

02:51:51.0899 2060 sermouse - ok

02:51:51.0959 2060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

02:51:52.0060 2060 SessionEnv - ok

02:51:52.0140 2060 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

02:51:52.0188 2060 SFEP - ok

02:51:52.0223 2060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

02:51:52.0280 2060 sffdisk - ok

02:51:52.0325 2060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

02:51:52.0382 2060 sffp_mmc - ok

02:51:52.0428 2060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

02:51:52.0482 2060 sffp_sd - ok

02:51:52.0545 2060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

02:51:52.0570 2060 sfloppy - ok

02:51:52.0645 2060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

02:51:52.0749 2060 SharedAccess - ok

02:51:52.0861 2060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

02:51:52.0990 2060 ShellHWDetection - ok

02:51:53.0046 2060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

02:51:53.0072 2060 SiSRaid2 - ok

02:51:53.0131 2060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

02:51:53.0158 2060 SiSRaid4 - ok

02:51:53.0207 2060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:51:53.0283 2060 Smb - ok

02:51:53.0365 2060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

02:51:53.0435 2060 SNMPTRAP - ok

02:51:53.0608 2060 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

02:51:53.0627 2060 SOHCImp - ok

02:51:53.0664 2060 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

02:51:53.0680 2060 SOHDBSvr - ok

02:51:53.0728 2060 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

02:51:53.0758 2060 SOHDms - ok

02:51:53.0787 2060 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

02:51:53.0804 2060 SOHDs - ok

02:51:53.0860 2060 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

02:51:53.0905 2060 SOHPlMgr - ok

02:51:53.0937 2060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:51:53.0961 2060 spldr - ok

02:51:54.0042 2060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

02:51:54.0131 2060 Spooler - ok

02:51:54.0757 2060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

02:51:55.0009 2060 sppsvc - ok

02:51:55.0306 2060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

02:51:55.0402 2060 sppuinotify - ok

02:51:55.0681 2060 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys

02:51:55.0681 2060 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2

02:51:55.0706 2060 sptd ( LockedFile.Multi.Generic ) - warning

02:51:55.0706 2060 sptd - detected LockedFile.Multi.Generic (1)

02:51:55.0771 2060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

02:51:55.0847 2060 srv - ok

02:51:55.0925 2060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

02:51:55.0983 2060 srv2 - ok

02:51:56.0034 2060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

02:51:56.0075 2060 srvnet - ok

02:51:56.0187 2060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

02:51:56.0269 2060 SSDPSRV - ok

02:51:56.0362 2060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

02:51:56.0440 2060 SstpSvc - ok

02:51:56.0668 2060 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

02:51:56.0702 2060 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

02:51:56.0702 2060 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

02:51:56.0800 2060 Steam Client Service - ok

02:51:57.0016 2060 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

02:51:57.0049 2060 Stereo Service - ok

02:51:57.0118 2060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

02:51:57.0142 2060 stexstor - ok

02:51:57.0222 2060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

02:51:57.0295 2060 stisvc - ok

02:51:57.0335 2060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

02:51:57.0359 2060 swenum - ok

02:51:57.0468 2060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

02:51:57.0583 2060 swprv - ok

02:51:57.0989 2060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

02:51:58.0121 2060 SysMain - ok

02:51:58.0334 2060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

02:51:58.0395 2060 TabletInputService - ok

02:51:58.0465 2060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

02:51:58.0579 2060 TapiSrv - ok

02:51:58.0628 2060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

02:51:58.0710 2060 TBS - ok

02:51:58.0984 2060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

02:51:59.0109 2060 Tcpip - ok

02:51:59.0715 2060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

02:51:59.0800 2060 TCPIP6 - ok

02:52:00.0121 2060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

02:52:00.0221 2060 tcpipreg - ok

02:52:00.0272 2060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:52:00.0336 2060 TDPIPE - ok

02:52:00.0401 2060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

02:52:00.0452 2060 TDTCP - ok

02:52:00.0499 2060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

02:52:00.0575 2060 tdx - ok

02:52:00.0649 2060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

02:52:00.0674 2060 TermDD - ok

02:52:00.0837 2060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

02:52:00.0965 2060 TermService - ok

02:52:01.0001 2060 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

02:52:01.0037 2060 Themes - ok

02:52:01.0117 2060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:52:01.0220 2060 THREADORDER - ok

02:52:01.0262 2060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

02:52:01.0352 2060 TrkWks - ok

02:52:01.0490 2060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

02:52:01.0588 2060 TrustedInstaller - ok

02:52:01.0658 2060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:52:01.0729 2060 tssecsrv - ok

02:52:01.0815 2060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

02:52:01.0881 2060 TsUsbFlt - ok

02:52:01.0936 2060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

02:52:02.0039 2060 tunnel - ok

02:52:02.0157 2060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

02:52:02.0200 2060 uagp35 - ok

02:52:02.0276 2060 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

02:52:02.0298 2060 uCamMonitor - ok

02:52:02.0366 2060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

02:52:02.0454 2060 udfs - ok

02:52:02.0486 2060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

02:52:02.0518 2060 UI0Detect - ok

02:52:02.0573 2060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

02:52:02.0601 2060 uliagpkx - ok

02:52:02.0646 2060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

02:52:02.0684 2060 umbus - ok

02:52:02.0743 2060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

02:52:02.0780 2060 UmPass - ok

02:52:02.0854 2060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

02:52:02.0974 2060 upnphost - ok

02:52:03.0032 2060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

02:52:03.0070 2060 USBAAPL64 - ok

02:52:03.0118 2060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

02:52:03.0168 2060 usbccgp - ok

02:52:03.0225 2060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

02:52:03.0257 2060 usbcir - ok

02:52:03.0345 2060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

02:52:03.0398 2060 usbehci - ok

02:52:03.0468 2060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

02:52:03.0515 2060 usbhub - ok

02:52:03.0571 2060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

02:52:03.0623 2060 usbohci - ok

02:52:03.0655 2060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

02:52:03.0695 2060 usbprint - ok

02:52:03.0748 2060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

02:52:03.0801 2060 USBSTOR - ok

02:52:03.0825 2060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

02:52:03.0860 2060 usbuhci - ok

02:52:03.0928 2060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

02:52:03.0965 2060 usbvideo - ok

02:52:04.0015 2060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

02:52:04.0112 2060 UxSms - ok

02:52:04.0252 2060 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

02:52:04.0357 2060 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

02:52:04.0378 2060 VAIO Event Service - ok

02:52:04.0584 2060 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

02:52:04.0638 2060 VAIO Power Management - ok

02:52:04.0694 2060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:52:04.0720 2060 VaultSvc - ok

02:52:04.0878 2060 VCFw (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

02:52:04.0917 2060 VCFw - ok

02:52:05.0107 2060 VcmIAlzMgr (fd03ac6cd1571aa8b2ff56d3c600e26e) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

02:52:05.0170 2060 VcmIAlzMgr - ok

02:52:05.0234 2060 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

02:52:05.0264 2060 VcmINSMgr - ok

02:52:05.0340 2060 VcmXmlIfHelper (dfe10c68ef4684f7754fcca39a4cc6ba) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

02:52:05.0360 2060 VcmXmlIfHelper - ok

02:52:05.0602 2060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

02:52:05.0628 2060 vdrvroot - ok

02:52:05.0710 2060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

02:52:05.0797 2060 vds - ok

02:52:05.0864 2060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:52:05.0895 2060 vga - ok

02:52:05.0912 2060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:52:06.0003 2060 VgaSave - ok

02:52:06.0061 2060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

02:52:06.0092 2060 vhdmp - ok

02:52:06.0141 2060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

02:52:06.0165 2060 viaide - ok

02:52:06.0206 2060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

02:52:06.0232 2060 volmgr - ok

02:52:06.0293 2060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

02:52:06.0329 2060 volmgrx - ok

02:52:06.0394 2060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

02:52:06.0427 2060 volsnap - ok

02:52:06.0493 2060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

02:52:06.0523 2060 vsmraid - ok

02:52:06.0682 2060 VSNService (27cc4003da9ea10e3cd412a398bf04e6) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe

02:52:06.0725 2060 VSNService ( UnsignedFile.Multi.Generic ) - warning

02:52:06.0725 2060 VSNService - detected UnsignedFile.Multi.Generic (1)

02:52:06.0867 2060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

02:52:07.0005 2060 VSS - ok

02:52:07.0240 2060 VUAgent (77e034d8d8dfa4039b45aca2f0d3ac13) C:\Program Files\SONY\VAIO Update 5\VUAgent.exe

02:52:07.0317 2060 VUAgent - ok

02:52:07.0456 2060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:52:07.0490 2060 vwifibus - ok

02:52:07.0540 2060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:52:07.0581 2060 vwififlt - ok

02:52:07.0615 2060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

02:52:07.0643 2060 vwifimp - ok

02:52:07.0763 2060 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

02:52:07.0785 2060 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

02:52:07.0785 2060 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

02:52:07.0886 2060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

02:52:07.0960 2060 W32Time - ok

02:52:08.0003 2060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

02:52:08.0033 2060 WacomPen - ok

02:52:08.0094 2060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:52:08.0166 2060 WANARP - ok

02:52:08.0193 2060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:52:08.0250 2060 Wanarpv6 - ok

02:52:08.0369 2060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

02:52:08.0425 2060 WatAdminSvc - ok

02:52:08.0557 2060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

02:52:08.0669 2060 wbengine - ok

02:52:08.0844 2060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

02:52:08.0885 2060 WbioSrvc - ok

02:52:08.0998 2060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

02:52:09.0092 2060 wcncsvc - ok

02:52:09.0124 2060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

02:52:09.0165 2060 WcsPlugInService - ok

02:52:09.0226 2060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

02:52:09.0252 2060 Wd - ok

02:52:09.0321 2060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:52:09.0367 2060 Wdf01000 - ok

02:52:09.0390 2060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:52:09.0489 2060 WdiServiceHost - ok

02:52:09.0494 2060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:52:09.0528 2060 WdiSystemHost - ok

02:52:09.0593 2060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

02:52:09.0656 2060 WebClient - ok

02:52:09.0726 2060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

02:52:09.0819 2060 Wecsvc - ok

02:52:09.0879 2060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

02:52:09.0955 2060 wercplsupport - ok

02:52:10.0016 2060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

02:52:10.0110 2060 WerSvc - ok

02:52:10.0176 2060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:52:10.0243 2060 WfpLwf - ok

02:52:10.0258 2060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:52:10.0278 2060 WIMMount - ok

02:52:10.0358 2060 WinDefend - ok

02:52:10.0366 2060 WinHttpAutoProxySvc - ok

02:52:10.0426 2060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

02:52:10.0496 2060 Winmgmt - ok

02:52:10.0645 2060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

02:52:10.0749 2060 WinRM - ok

02:52:10.0947 2060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

02:52:10.0998 2060 WinUsb - ok

02:52:11.0159 2060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

02:52:11.0251 2060 Wlansvc - ok

02:52:11.0493 2060 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:52:11.0587 2060 wlidsvc - ok

02:52:11.0749 2060 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

02:52:11.0768 2060 WmBEnum - ok

02:52:11.0832 2060 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

02:52:11.0848 2060 WmFilter - ok

02:52:11.0888 2060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

02:52:11.0918 2060 WmiAcpi - ok

02:52:11.0975 2060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

02:52:12.0026 2060 wmiApSrv - ok

02:52:12.0053 2060 WMPNetworkSvc - ok

02:52:12.0120 2060 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

02:52:12.0137 2060 WmVirHid - ok

02:52:12.0181 2060 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

02:52:12.0200 2060 WmXlCore - ok

02:52:12.0263 2060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

02:52:12.0308 2060 WPCSvc - ok

02:52:12.0367 2060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

02:52:12.0415 2060 WPDBusEnum - ok

02:52:12.0440 2060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:52:12.0507 2060 ws2ifsl - ok

02:52:12.0579 2060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

02:52:12.0623 2060 wscsvc - ok

02:52:12.0628 2060 WSearch - ok

02:52:12.0824 2060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

02:52:12.0939 2060 wuauserv - ok

02:52:13.0122 2060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

02:52:13.0216 2060 WudfPf - ok

02:52:13.0324 2060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:52:13.0399 2060 WUDFRd - ok

02:52:13.0447 2060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

02:52:13.0522 2060 wudfsvc - ok

02:52:13.0568 2060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

02:52:13.0625 2060 WwanSvc - ok

02:52:13.0678 2060 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

02:52:13.0736 2060 xusb21 - ok

02:52:13.0815 2060 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys

02:52:13.0892 2060 yukonw7 - ok

02:52:13.0953 2060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

02:52:14.0452 2060 \Device\Harddisk0\DR0 - ok

02:52:14.0480 2060 Boot (0x1200) (f5336d2cb112c43983b6151d3d188297) \Device\Harddisk0\DR0\Partition0

02:52:14.0484 2060 \Device\Harddisk0\DR0\Partition0 - ok

02:52:14.0499 2060 Boot (0x1200) (c42a05656d02b644057c60a40be8ccbd) \Device\Harddisk0\DR0\Partition1

02:52:14.0502 2060 \Device\Harddisk0\DR0\Partition1 - ok

02:52:14.0503 2060 ============================================================

02:52:14.0503 2060 Scan finished

02:52:14.0503 2060 ============================================================

02:52:14.0520 5960 Detected object count: 11

02:52:14.0520 5960 Actual detected object count: 11

02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - skipped by user

02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
JoeyT

JoeyT

Posted
  • Author
Posted

ALso before after you mentioned to quickscan with MBAM I did a full scan and it found 2 suspicious objects. Not sure if this helps.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

teng :: VAIO [administrator]

14/07/2012 1:55:08 AM

mbam-log-2012-07-14 (02-48-14).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195160

Time elapsed: 52 minute(s), 51 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Rootkit.Agent) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys (Rootkit.Agent) -> No action taken.

(end)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.