Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield Virus


  • This topic is locked This topic is locked
71 replies to this topic

#1 meeps2012

meeps2012

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 18 June 2012 - 06:28 PM

Hello

I noticed the security shield pop-up a few days ago, and have been trying to remove it since. I've followed the removal process from this site several times, both in and out of safe mode, but nothing seems to be helping.

Some of the problems I've been having, that may help you help me
-RKill did not show that it stopped any problems (the most recent time showed one thing in Windows Media Player).
-One of the steps said to "uncheck the checkbox labelled Use a proxy server for your LAN" - mine was never checked
-I've downloaded and run Malware bytes several times. The first two times and kept freezing and I would get the top banner would say "Not responding". Each time it detected something, but it never finished scanning and I wasnt able to remove anything.

The most recent time I tried it outside of safemode and it scanned without issue. The problem is that it took way too long to scan. It scanned for 30 hours and did not find a single issue. I finally decided to stop the scan and ask for help. Do I scan all the disks, or just the C drive? My C drive is ridiculously full with only about 15 GB free out of 224. A family member had been using this computer for a while and never did a defragment. There isnt that much software installed.

This thing is really stressing me out, so I appreciate any help I can get. I've tried system restore but I get error messages when I try that. Thank you for taking the time to respond.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19088
Run by Peter at 19:18:02 on 2012-06-18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2400 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.ca/
uSearch Bar = Preserve
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120502191857.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Unattend0000000001{3FA4BE3E-D946-48FF-BA6D-643984BC99EE}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.library.yorku.ca/lib/oculyork/support/plugins/ebraryRdr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271726664234
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://blacks.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{18679724-6529-4EC5-9F43-C487B9B6A19A} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{325204C9-0745-45C2-8425-3C26B0025BD6} : DhcpNameServer = 4.2.2.2 4.2.2.3 128.100.100.128
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-5-25 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-5-25 169608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-25 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-25 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-25 151880]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-25 340920]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-5-5 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-25 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-25 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-25 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-25 166288]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-25 57600]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-25 180848]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-25 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-25 87656]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-5-28 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-5-28 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-5-28 63328]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-5-5 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-5-5 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-5 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-16 15:04:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 15:04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 23:57:22 -------- d-----w- c:\users\peter\appdata\roaming\Malwarebytes
2012-06-14 23:57:14 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 23:41:32 -------- d-----w- c:\windows\pss
2012-06-14 22:46:57 434176 ----a-w- c:\users\peter\appdata\local\uwxge.exe
2012-06-13 22:09:19 434176 ----a-w- c:\users\peter\appdata\local\czmcj.exe
.
==================== Find3M ====================
.
2012-06-07 02:22:42 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-06-07 02:22:39 88 --sh--r- c:\windows\system32\5A05A67834.sys
.
============= FINISH: 19:20:00.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 18 June 2012 - 06:44 PM

Update: I'm not sure if this is a result of running DDS, but the real time scanning on Mcafee has been turned off. When I click to turn it on, it just turns back off.

#3 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 18 June 2012 - 07:08 PM

McAfee is working again. It wasn't working in safe mode, but now it's in normal mode and seems fine.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 19 June 2012 - 12:02 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 19 June 2012 - 08:48 AM

Hi Gringo,

Thank you so much for your help and quick response. I have posted the contents of checkup.txt below.

I have been having some trouble with Combofix. I have Mcafee Virus Plus and the real time scanning turned off automatically. I then turned off the firewall manually. When I run Combofix, I get stuck at Stage 2. It was stuck on that stage for almost 30 minutes. I stopped it because it said the whole thing should only take 10 minutes, and I read there were about 50 stages.

Does it make a difference that I have been doing everything in safemode?

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 11
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 19 June 2012 - 01:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 19 June 2012 - 05:28 PM

I tried your suggestions out and they both worked. Below are the logs. The first one didn't find anything, but the second one did. Thanks for your help so far.

17:56:52.0364 3700 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:56:53.0237 3700 ============================================================
17:56:53.0237 3700 Current date / time: 2012/06/19 17:56:53.0237
17:56:53.0237 3700 SystemInfo:
17:56:53.0237 3700
17:56:53.0237 3700 OS Version: 6.0.6001 ServicePack: 1.0
17:56:53.0237 3700 Product type: Workstation
17:56:53.0237 3700 ComputerName: PETER-PC
17:56:53.0237 3700 UserName: Peter
17:56:53.0237 3700 Windows directory: C:\Windows
17:56:53.0237 3700 System windows directory: C:\Windows
17:56:53.0237 3700 Processor architecture: Intel x86
17:56:53.0237 3700 Number of processors: 2
17:56:53.0237 3700 Page size: 0x1000
17:56:53.0237 3700 Boot type: Normal boot
17:56:53.0237 3700 ============================================================
17:56:54.0329 3700 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:56:54.0345 3700 Drive \Device\Harddisk2\DR2 - Size: 0x79920000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0x3DC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x40, Type 'W'
17:56:54.0345 3700 ============================================================
17:56:54.0345 3700 \Device\Harddisk0\DR0:
17:56:54.0345 3700 MBR partitions:
17:56:54.0345 3700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1195800, BlocksNum 0x1C02F970
17:56:54.0345 3700 \Device\Harddisk2\DR2:
17:56:54.0345 3700 MBR partitions:
17:56:54.0345 3700 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF7, BlocksNum 0x3CD709
17:56:54.0345 3700 ============================================================
17:56:54.0501 3700 C: <-> \Device\Harddisk0\DR0\Partition0
17:56:54.0501 3700 ============================================================
17:56:54.0501 3700 Initialize success
17:56:54.0501 3700 ============================================================
17:56:56.0170 0200 ============================================================
17:56:56.0170 0200 Scan started
17:56:56.0170 0200 Mode: Manual;
17:56:56.0170 0200 ============================================================
17:57:04.0454 0200 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:57:04.0594 0200 ACPI - ok
17:57:05.0873 0200 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:57:06.0076 0200 adp94xx - ok
17:57:06.0778 0200 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:57:06.0887 0200 adpahci - ok
17:57:07.0246 0200 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:57:07.0309 0200 adpu160m - ok
17:57:07.0433 0200 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:57:07.0465 0200 adpu320 - ok
17:57:07.0714 0200 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:57:07.0730 0200 AeLookupSvc - ok
17:57:07.0979 0200 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
17:57:08.0011 0200 AFD - ok
17:57:08.0510 0200 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:57:08.0525 0200 agp440 - ok
17:57:08.0697 0200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:57:08.0728 0200 aic78xx - ok
17:57:08.0978 0200 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:57:09.0009 0200 ALG - ok
17:57:09.0103 0200 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:57:09.0134 0200 aliide - ok
17:57:09.0165 0200 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:57:09.0196 0200 amdagp - ok
17:57:09.0290 0200 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:57:09.0352 0200 amdide - ok
17:57:09.0633 0200 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:57:09.0711 0200 AmdK7 - ok
17:57:09.0789 0200 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:57:09.0789 0200 AmdK8 - ok
17:57:09.0976 0200 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:57:09.0992 0200 ApfiltrService - ok
17:57:10.0397 0200 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:57:10.0491 0200 Appinfo - ok
17:57:10.0897 0200 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:57:10.0990 0200 arc - ok
17:57:11.0068 0200 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:57:11.0084 0200 arcsas - ok
17:57:11.0177 0200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:11.0193 0200 AsyncMac - ok
17:57:11.0349 0200 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:57:11.0380 0200 atapi - ok
17:57:11.0739 0200 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:57:11.0770 0200 AudioEndpointBuilder - ok
17:57:11.0786 0200 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:57:11.0786 0200 Audiosrv - ok
17:57:11.0833 0200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:57:11.0848 0200 Beep - ok
17:57:12.0301 0200 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
17:57:12.0347 0200 BFE - ok
17:57:14.0750 0200 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
17:57:14.0812 0200 BITS - ok
17:57:14.0859 0200 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:57:14.0921 0200 blbdrive - ok
17:57:15.0358 0200 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
17:57:15.0374 0200 bowser - ok
17:57:15.0436 0200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:57:15.0467 0200 BrFiltLo - ok
17:57:15.0499 0200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:57:15.0514 0200 BrFiltUp - ok
17:57:15.0701 0200 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:57:15.0701 0200 Browser - ok
17:57:16.0201 0200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:57:16.0247 0200 Brserid - ok
17:57:16.0731 0200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:57:16.0762 0200 BrSerWdm - ok
17:57:16.0793 0200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:57:16.0809 0200 BrUsbMdm - ok
17:57:16.0856 0200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:57:16.0981 0200 BrUsbSer - ok
17:57:17.0308 0200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:57:17.0339 0200 BTHMODEM - ok
17:57:18.0806 0200 catchme - ok
17:57:19.0321 0200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:57:19.0352 0200 cdfs - ok
17:57:19.0679 0200 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:57:19.0711 0200 cdrom - ok
17:57:19.0820 0200 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:57:19.0835 0200 CertPropSvc - ok
17:57:20.0569 0200 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:57:20.0569 0200 cfwids - ok
17:57:20.0974 0200 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:57:21.0005 0200 circlass - ok
17:57:22.0238 0200 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:57:22.0331 0200 CLFS - ok
17:57:22.0831 0200 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:22.0909 0200 clr_optimization_v2.0.50727_32 - ok
17:57:23.0423 0200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:57:23.0423 0200 clr_optimization_v4.0.30319_32 - ok
17:57:23.0829 0200 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:23.0891 0200 CmBatt - ok
17:57:24.0079 0200 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:57:24.0110 0200 cmdide - ok
17:57:24.0141 0200 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:57:24.0157 0200 Compbatt - ok
17:57:24.0157 0200 COMSysApp - ok
17:57:24.0172 0200 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:57:24.0188 0200 crcdisk - ok
17:57:24.0281 0200 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:57:24.0313 0200 Crusoe - ok
17:57:25.0186 0200 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
17:57:25.0202 0200 CryptSvc - ok
17:57:26.0777 0200 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:57:27.0011 0200 DcomLaunch - ok
17:57:27.0261 0200 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
17:57:27.0277 0200 DfsC - ok
17:57:32.0783 0200 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
17:57:33.0423 0200 DFSR - ok
17:57:34.0172 0200 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
17:57:34.0172 0200 Dhcp - ok
17:57:34.0827 0200 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:57:34.0889 0200 disk - ok
17:57:35.0045 0200 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
17:57:35.0045 0200 DMICall - ok
17:57:35.0404 0200 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
17:57:35.0420 0200 Dnscache - ok
17:57:35.0950 0200 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
17:57:35.0966 0200 dot3svc - ok
17:57:36.0621 0200 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:57:36.0668 0200 DPS - ok
17:57:36.0761 0200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:57:36.0824 0200 drmkaud - ok
17:57:38.0477 0200 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
17:57:38.0696 0200 DXGKrnl - ok
17:57:39.0195 0200 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:57:39.0242 0200 E1G60 - ok
17:57:39.0554 0200 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:57:39.0601 0200 EapHost - ok
17:57:39.0788 0200 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:57:39.0803 0200 Ecache - ok
17:57:41.0566 0200 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:57:41.0582 0200 ehRecvr - ok
17:57:41.0987 0200 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:57:42.0081 0200 ehSched - ok
17:57:42.0393 0200 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:57:42.0424 0200 ehstart - ok
17:57:43.0469 0200 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:57:43.0719 0200 elxstor - ok
17:57:45.0591 0200 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
17:57:46.0153 0200 EMDMgmt - ok
17:57:46.0511 0200 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:57:46.0543 0200 ErrDev - ok
17:57:47.0603 0200 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
17:57:47.0666 0200 EventSystem - ok
17:57:48.0493 0200 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:57:48.0571 0200 exfat - ok
17:57:49.0085 0200 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:57:49.0132 0200 fastfat - ok
17:57:49.0304 0200 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:57:49.0335 0200 fdc - ok
17:57:49.0678 0200 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:57:49.0678 0200 fdPHost - ok
17:57:49.0725 0200 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:57:49.0725 0200 FDResPub - ok
17:57:49.0803 0200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:57:49.0834 0200 FileInfo - ok
17:57:50.0146 0200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:57:50.0209 0200 Filetrace - ok
17:57:52.0268 0200 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:57:52.0517 0200 FLEXnet Licensing Service - ok
17:57:52.0783 0200 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:52.0892 0200 flpydisk - ok
17:57:53.0547 0200 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:57:53.0609 0200 FltMgr - ok
17:57:54.0077 0200 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:57:54.0124 0200 FontCache3.0.0.0 - ok
17:57:54.0187 0200 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:57:54.0233 0200 Fs_Rec - ok
17:57:54.0545 0200 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:57:54.0623 0200 gagp30kx - ok
17:57:56.0168 0200 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
17:57:56.0277 0200 gpsvc - ok
17:57:56.0527 0200 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:57:56.0558 0200 HdAudAddService - ok
17:57:56.0651 0200 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:57:56.0651 0200 HDAudBus - ok
17:57:56.0776 0200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:57:56.0792 0200 HidBth - ok
17:57:57.0010 0200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:57:57.0073 0200 HidIr - ok
17:57:57.0182 0200 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
17:57:57.0197 0200 hidserv - ok
17:57:57.0213 0200 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:57:57.0229 0200 HidUsb - ok
17:57:57.0291 0200 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:57:57.0338 0200 hkmsvc - ok
17:57:57.0447 0200 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:57:57.0525 0200 HpCISSs - ok
17:57:57.0915 0200 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:57:57.0946 0200 HSFHWAZL - ok
17:57:59.0756 0200 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:57:59.0896 0200 HSF_DPV - ok
17:58:00.0411 0200 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:58:00.0427 0200 HSXHWAZL - ok
17:58:00.0520 0200 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
17:58:00.0707 0200 HTTP - ok
17:58:00.0910 0200 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:58:00.0926 0200 i2omp - ok
17:58:00.0957 0200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:58:00.0988 0200 i8042prt - ok
17:58:01.0519 0200 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
17:58:01.0534 0200 iaStor - ok
17:58:02.0314 0200 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:58:02.0439 0200 iaStorV - ok
17:58:03.0422 0200 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:58:03.0500 0200 idsvc - ok
17:58:04.0670 0200 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:58:04.0795 0200 igfx - ok
17:58:05.0777 0200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:58:05.0809 0200 iirsp - ok
17:58:06.0121 0200 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
17:58:06.0136 0200 IKEEXT - ok
17:58:07.0790 0200 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys
17:58:07.0821 0200 IntcAzAudAddService - ok
17:58:07.0993 0200 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:58:07.0993 0200 intelide - ok
17:58:08.0383 0200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:58:08.0383 0200 intelppm - ok
17:58:08.0601 0200 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:58:08.0601 0200 IPBusEnum - ok
17:58:08.0632 0200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:08.0648 0200 IpFilterDriver - ok
17:58:09.0802 0200 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
17:58:09.0865 0200 iphlpsvc - ok
17:58:09.0880 0200 IpInIp - ok
17:58:10.0099 0200 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:58:10.0145 0200 IPMIDRV - ok
17:58:10.0177 0200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:58:10.0192 0200 IPNAT - ok
17:58:10.0223 0200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:58:10.0239 0200 IRENUM - ok
17:58:10.0270 0200 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:58:10.0286 0200 isapnp - ok
17:58:10.0333 0200 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:58:10.0333 0200 iScsiPrt - ok
17:58:10.0348 0200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:58:10.0379 0200 iteatapi - ok
17:58:10.0411 0200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:58:10.0426 0200 iteraid - ok
17:58:11.0003 0200 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:58:11.0035 0200 IviRegMgr - ok
17:58:11.0159 0200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:11.0175 0200 kbdclass - ok
17:58:11.0331 0200 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:58:11.0393 0200 kbdhid - ok
17:58:11.0503 0200 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:58:11.0503 0200 KeyIso - ok
17:58:11.0783 0200 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
17:58:11.0830 0200 KSecDD - ok
17:58:11.0939 0200 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:58:11.0986 0200 KtmRm - ok
17:58:12.0158 0200 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
17:58:12.0173 0200 LanmanServer - ok
17:58:12.0314 0200 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
17:58:12.0329 0200 LanmanWorkstation - ok
17:58:12.0579 0200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:58:12.0595 0200 lltdio - ok
17:58:12.0704 0200 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:58:12.0751 0200 lltdsvc - ok
17:58:12.0766 0200 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:58:12.0782 0200 lmhosts - ok
17:58:13.0203 0200 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:58:13.0359 0200 LSI_FC - ok
17:58:13.0765 0200 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:58:13.0858 0200 LSI_SAS - ok
17:58:14.0077 0200 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:58:14.0186 0200 LSI_SCSI - ok
17:58:14.0576 0200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:58:14.0669 0200 luafv - ok
17:58:15.0652 0200 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:15.0668 0200 McAfee SiteAdvisor Service - ok
17:58:15.0668 0200 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:15.0668 0200 McMPFSvc - ok
17:58:15.0730 0200 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:15.0730 0200 mcmscsvc - ok
17:58:15.0730 0200 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:15.0730 0200 McNaiAnn - ok
17:58:15.0886 0200 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:15.0886 0200 McNASvc - ok
17:58:17.0165 0200 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
17:58:17.0368 0200 McODS - ok
17:58:17.0368 0200 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:58:17.0384 0200 McProxy - ok
17:58:18.0055 0200 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:58:18.0133 0200 McShield - ok
17:58:18.0445 0200 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:58:18.0460 0200 Mcx2Svc - ok
17:58:18.0554 0200 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:58:18.0585 0200 mdmxsdk - ok
17:58:18.0803 0200 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:58:18.0897 0200 megasas - ok
17:58:20.0129 0200 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:58:20.0332 0200 MegaSR - ok
17:58:20.0863 0200 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:58:20.0878 0200 mfeapfk - ok
17:58:21.0705 0200 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:58:21.0721 0200 mfeavfk - ok
17:58:21.0767 0200 mfeavfk01 - ok
17:58:22.0157 0200 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:58:22.0157 0200 mfebopk - ok
17:58:23.0109 0200 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:58:23.0249 0200 mfefire - ok
17:58:24.0123 0200 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:58:24.0123 0200 mfefirek - ok
17:58:25.0948 0200 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:58:26.0073 0200 mfehidk - ok
17:58:26.0619 0200 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:58:26.0635 0200 mfenlfk - ok
17:58:27.0181 0200 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:58:27.0212 0200 mferkdet - ok
17:58:27.0368 0200 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:58:27.0415 0200 mfevtp - ok
17:58:28.0195 0200 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:58:28.0210 0200 mfewfpk - ok
17:58:29.0396 0200 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:58:29.0443 0200 Microsoft Office Groove Audit Service - ok
17:58:29.0677 0200 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:58:29.0708 0200 MMCSS - ok
17:58:29.0817 0200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:58:29.0833 0200 Modem - ok
17:58:30.0098 0200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:58:30.0113 0200 monitor - ok
17:58:30.0316 0200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:58:30.0332 0200 mouclass - ok
17:58:30.0379 0200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:58:30.0394 0200 mouhid - ok
17:58:30.0457 0200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:58:30.0472 0200 MountMgr - ok
17:58:31.0003 0200 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:58:31.0049 0200 mpio - ok
17:58:31.0315 0200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:58:31.0408 0200 mpsdrv - ok
17:58:32.0407 0200 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
17:58:32.0578 0200 MpsSvc - ok
17:58:32.0797 0200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:58:32.0812 0200 Mraid35x - ok
17:58:33.0296 0200 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:58:33.0421 0200 MRxDAV - ok
17:58:33.0608 0200 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:33.0623 0200 mrxsmb - ok
17:58:34.0123 0200 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:34.0169 0200 mrxsmb10 - ok
17:58:34.0622 0200 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:34.0637 0200 mrxsmb20 - ok
17:58:34.0731 0200 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:58:34.0762 0200 msahci - ok
17:58:35.0527 0200 MSCSPTISRV (31fe01f58c95e1296f909be52dea63dd) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
17:58:35.0745 0200 MSCSPTISRV - ok
17:58:36.0073 0200 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:58:36.0088 0200 msdsm - ok
17:58:36.0541 0200 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:58:36.0572 0200 MSDTC - ok
17:58:36.0650 0200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:58:36.0681 0200 Msfs - ok
17:58:36.0821 0200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:58:36.0884 0200 msisadrv - ok
17:58:37.0180 0200 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:58:37.0196 0200 MSiSCSI - ok
17:58:37.0196 0200 msiserver - ok
17:58:37.0352 0200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:58:37.0367 0200 MSKSSRV - ok
17:58:37.0445 0200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:37.0508 0200 MSPCLOCK - ok
17:58:37.0586 0200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:58:37.0664 0200 MSPQM - ok
17:58:37.0960 0200 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:58:37.0976 0200 MsRPC - ok
17:58:38.0147 0200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:58:38.0147 0200 mssmbios - ok
17:58:38.0225 0200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:58:38.0225 0200 MSTEE - ok
17:58:38.0428 0200 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:58:38.0459 0200 Mup - ok
17:58:39.0770 0200 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
17:58:39.0785 0200 napagent - ok
17:58:40.0051 0200 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
17:58:40.0129 0200 NativeWifiP - ok
17:58:41.0533 0200 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:58:41.0704 0200 NDIS - ok
17:58:41.0954 0200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:42.0032 0200 NdisTapi - ok
17:58:42.0094 0200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:42.0110 0200 Ndisuio - ok
17:58:42.0328 0200 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:42.0391 0200 NdisWan - ok
17:58:42.0765 0200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:58:42.0796 0200 NDProxy - ok
17:58:42.0890 0200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:58:42.0921 0200 NetBIOS - ok
17:58:43.0529 0200 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
17:58:43.0623 0200 netbt - ok
17:58:43.0873 0200 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:58:43.0873 0200 Netlogon - ok
17:58:44.0793 0200 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:58:44.0793 0200 Netman - ok
17:58:45.0573 0200 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:58:45.0635 0200 netprofm - ok
17:58:46.0041 0200 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:58:46.0072 0200 NetTcpPortSharing - ok
17:58:52.0780 0200 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
17:58:53.0872 0200 NETw3v32 - ok
17:59:02.0156 0200 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
17:59:03.0029 0200 NETw4v32 - ok
17:59:05.0962 0200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:59:05.0978 0200 nfrd960 - ok
17:59:06.0617 0200 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:59:06.0617 0200 NlaSvc - ok
17:59:06.0664 0200 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:59:06.0680 0200 Npfs - ok
17:59:06.0836 0200 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:59:06.0883 0200 nsi - ok
17:59:07.0085 0200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:59:07.0101 0200 nsiproxy - ok
17:59:09.0566 0200 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:59:09.0753 0200 Ntfs - ok
17:59:09.0909 0200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:59:09.0956 0200 ntrigdigi - ok
17:59:10.0018 0200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:59:10.0065 0200 Null - ok
17:59:10.0658 0200 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:59:10.0720 0200 nvraid - ok
17:59:10.0798 0200 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:59:10.0829 0200 nvstor - ok
17:59:11.0453 0200 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:59:11.0516 0200 nv_agp - ok
17:59:11.0516 0200 NwlnkFlt - ok
17:59:11.0531 0200 NwlnkFwd - ok
17:59:13.0466 0200 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:59:13.0825 0200 odserv - ok
17:59:14.0074 0200 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:59:14.0074 0200 ohci1394 - ok
17:59:14.0137 0200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:14.0152 0200 ose - ok
17:59:15.0759 0200 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:59:15.0868 0200 p2pimsvc - ok
17:59:15.0884 0200 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:59:15.0884 0200 p2psvc - ok
17:59:16.0555 0200 PACSPTISVR (f5395a0379c51283471354402f7b949d) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
17:59:16.0617 0200 PACSPTISVR - ok
17:59:16.0648 0200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:59:16.0664 0200 Parport - ok
17:59:16.0695 0200 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:59:16.0711 0200 partmgr - ok
17:59:16.0804 0200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:59:16.0804 0200 Parvdm - ok
17:59:16.0867 0200 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:59:16.0867 0200 PcaSvc - ok
17:59:16.0945 0200 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:59:16.0945 0200 pci - ok
17:59:16.0976 0200 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:59:16.0991 0200 pciide - ok
17:59:17.0054 0200 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
17:59:17.0069 0200 pcmcia - ok
17:59:17.0147 0200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:59:17.0225 0200 PEAUTH - ok
17:59:18.0021 0200 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:59:18.0380 0200 pla - ok
17:59:19.0160 0200 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
17:59:19.0191 0200 PlugPlay - ok
17:59:19.0706 0200 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:59:19.0721 0200 PNRPAutoReg - ok
17:59:19.0721 0200 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:59:19.0737 0200 PNRPsvc - ok
17:59:19.0815 0200 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
17:59:19.0815 0200 PolicyAgent - ok
17:59:20.0236 0200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:59:20.0267 0200 PptpMiniport - ok
17:59:20.0283 0200 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:59:20.0299 0200 Processor - ok
17:59:20.0408 0200 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
17:59:20.0423 0200 ProfSvc - ok
17:59:20.0501 0200 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:59:20.0501 0200 ProtectedStorage - ok
17:59:20.0845 0200 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
17:59:20.0860 0200 ProtexisLicensing - ok
17:59:20.0891 0200 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:59:20.0891 0200 PSched - ok
17:59:20.0923 0200 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
17:59:20.0923 0200 PxHelp20 - ok
17:59:21.0437 0200 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:59:21.0515 0200 ql2300 - ok
17:59:21.0656 0200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:59:21.0687 0200 ql40xx - ok
17:59:22.0280 0200 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:59:22.0295 0200 QWAVE - ok
17:59:22.0327 0200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:59:22.0342 0200 QWAVEdrv - ok
17:59:22.0498 0200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:59:22.0545 0200 RasAcd - ok
17:59:22.0639 0200 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:59:22.0654 0200 RasAuto - ok
17:59:22.0685 0200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:59:22.0701 0200 Rasl2tp - ok
17:59:22.0779 0200 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
17:59:22.0795 0200 RasMan - ok
17:59:22.0810 0200 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:22.0826 0200 RasPppoe - ok
17:59:22.0888 0200 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:59:22.0904 0200 RasSstp - ok
17:59:23.0185 0200 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:59:23.0231 0200 rdbss - ok
17:59:23.0263 0200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:59:23.0278 0200 RDPCDD - ok
17:59:23.0309 0200 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:59:23.0341 0200 rdpdr - ok
17:59:23.0356 0200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:59:23.0356 0200 RDPENCDD - ok
17:59:23.0403 0200 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:59:23.0419 0200 RDPWD - ok
17:59:23.0450 0200 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
17:59:23.0465 0200 regi - ok
17:59:23.0497 0200 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:59:23.0512 0200 RemoteAccess - ok
17:59:23.0933 0200 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
17:59:23.0933 0200 RemoteRegistry - ok
17:59:23.0980 0200 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:59:23.0996 0200 RpcLocator - ok
17:59:24.0121 0200 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:59:24.0121 0200 RpcSs - ok
17:59:24.0526 0200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:59:24.0557 0200 rspndr - ok
17:59:24.0651 0200 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:59:24.0667 0200 SamSs - ok
17:59:24.0823 0200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:59:24.0838 0200 sbp2port - ok
17:59:25.0041 0200 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
17:59:25.0072 0200 SCardSvr - ok
17:59:25.0228 0200 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
17:59:25.0259 0200 Schedule - ok
17:59:25.0384 0200 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:59:25.0384 0200 SCPolicySvc - ok
17:59:25.0821 0200 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:59:25.0821 0200 SDRSVC - ok
17:59:25.0852 0200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:59:25.0868 0200 secdrv - ok
17:59:25.0899 0200 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:59:25.0915 0200 seclogon - ok
17:59:25.0993 0200 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:59:25.0993 0200 SENS - ok
17:59:26.0008 0200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:59:26.0024 0200 Serenum - ok
17:59:26.0414 0200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:59:26.0414 0200 Serial - ok
17:59:26.0429 0200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:59:26.0445 0200 sermouse - ok
17:59:26.0492 0200 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:59:26.0507 0200 SessionEnv - ok
17:59:26.0570 0200 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
17:59:26.0585 0200 SFEP - ok
17:59:26.0617 0200 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:59:26.0648 0200 sffdisk - ok
17:59:26.0741 0200 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:59:26.0757 0200 sffp_mmc - ok
17:59:26.0819 0200 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:59:26.0851 0200 sffp_sd - ok
17:59:26.0897 0200 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
17:59:26.0913 0200 sfloppy - ok
17:59:27.0069 0200 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:59:27.0100 0200 SharedAccess - ok
17:59:27.0303 0200 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
17:59:27.0334 0200 ShellHWDetection - ok
17:59:27.0724 0200 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:59:27.0724 0200 sisagp - ok
17:59:27.0755 0200 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:59:27.0771 0200 SiSRaid2 - ok
17:59:27.0802 0200 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:59:27.0833 0200 SiSRaid4 - ok
17:59:28.0379 0200 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
17:59:28.0457 0200 slsvc - ok
17:59:29.0144 0200 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
17:59:29.0159 0200 SLUINotify - ok
17:59:29.0456 0200 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:59:29.0518 0200 Smb - ok
17:59:29.0581 0200 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:59:29.0596 0200 SNMPTRAP - ok
17:59:29.0752 0200 SOHCImp (d07f3c6fe13d291a5c27e2d2e8ec7f52) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
17:59:29.0768 0200 SOHCImp - ok
17:59:30.0142 0200 SOHDms (e507433fc0237b9ffcb6f97235e8c47d) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
17:59:30.0173 0200 SOHDms - ok
17:59:30.0189 0200 SOHDs (e674417f83c45679cd9c804d77e485a3) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
17:59:30.0205 0200 SOHDs - ok
17:59:30.0236 0200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:59:30.0267 0200 spldr - ok
17:59:30.0345 0200 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
17:59:30.0361 0200 Spooler - ok
17:59:30.0470 0200 SPTISRV (cf7532b3d8061f3d0a9c6478850dabd4) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
17:59:30.0485 0200 SPTISRV - ok
17:59:30.0797 0200 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:59:30.0829 0200 srv - ok
17:59:30.0891 0200 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:59:30.0922 0200 srv2 - ok
17:59:30.0969 0200 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:59:31.0000 0200 srvnet - ok
17:59:31.0063 0200 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:59:31.0063 0200 SSDPSRV - ok
17:59:31.0453 0200 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:59:31.0453 0200 SstpSvc - ok
17:59:31.0531 0200 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
17:59:31.0546 0200 StillCam - ok
17:59:31.0609 0200 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
17:59:31.0640 0200 stisvc - ok
17:59:31.0655 0200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:59:31.0671 0200 swenum - ok
17:59:32.0045 0200 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
17:59:32.0061 0200 swprv - ok
17:59:32.0092 0200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:59:32.0108 0200 Symc8xx - ok
17:59:32.0217 0200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:59:32.0233 0200 Sym_hi - ok
17:59:32.0264 0200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:59:32.0279 0200 Sym_u3 - ok
17:59:32.0701 0200 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
17:59:32.0747 0200 SysMain - ok
17:59:32.0794 0200 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:59:32.0810 0200 TabletInputService - ok
17:59:32.0857 0200 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
17:59:32.0872 0200 TapiSrv - ok
17:59:32.0888 0200 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:59:32.0903 0200 TBS - ok
17:59:33.0340 0200 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:59:33.0371 0200 Tcpip - ok
17:59:33.0387 0200 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:59:33.0387 0200 Tcpip6 - ok
17:59:33.0449 0200 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:59:33.0481 0200 tcpipreg - ok
17:59:33.0512 0200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:59:33.0512 0200 TDPIPE - ok
17:59:33.0543 0200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:59:33.0559 0200 TDTCP - ok
17:59:33.0917 0200 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:59:33.0933 0200 tdx - ok
17:59:33.0949 0200 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:59:33.0964 0200 TermDD - ok
17:59:34.0604 0200 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
17:59:34.0651 0200 TermService - ok
17:59:35.0181 0200 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
17:59:35.0181 0200 Themes - ok
17:59:35.0259 0200 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:59:35.0259 0200 THREADORDER - ok
17:59:35.0368 0200 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
17:59:35.0415 0200 ti21sony - ok
17:59:35.0789 0200 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:59:35.0805 0200 TrkWks - ok
17:59:35.0867 0200 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
17:59:35.0867 0200 TrustedInstaller - ok
17:59:35.0899 0200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:35.0914 0200 tssecsrv - ok
17:59:35.0945 0200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:59:35.0961 0200 tunmp - ok
17:59:35.0977 0200 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:59:35.0977 0200 tunnel - ok
17:59:36.0008 0200 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:59:36.0023 0200 uagp35 - ok
17:59:36.0055 0200 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:59:36.0148 0200 udfs - ok
17:59:36.0226 0200 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:59:36.0226 0200 UI0Detect - ok
17:59:36.0257 0200 UIUSys - ok
17:59:36.0398 0200 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:59:36.0413 0200 uliagpkx - ok
17:59:36.0507 0200 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:59:36.0538 0200 uliahci - ok
17:59:36.0601 0200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:59:36.0632 0200 UlSata - ok
17:59:37.0006 0200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:59:37.0022 0200 ulsata2 - ok
17:59:37.0100 0200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:59:37.0115 0200 umbus - ok
17:59:37.0147 0200 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:59:37.0162 0200 upnphost - ok
17:59:37.0209 0200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:37.0225 0200 usbccgp - ok
17:59:37.0287 0200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:59:37.0287 0200 usbcir - ok
17:59:37.0568 0200 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:59:37.0583 0200 usbehci - ok
17:59:37.0661 0200 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:59:37.0693 0200 usbhub - ok
17:59:37.0724 0200 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:59:37.0739 0200 usbohci - ok
17:59:37.0771 0200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:59:37.0786 0200 usbprint - ok
17:59:37.0849 0200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:59:37.0880 0200 usbscan - ok
17:59:38.0051 0200 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:38.0083 0200 USBSTOR - ok
17:59:38.0285 0200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:59:38.0301 0200 usbuhci - ok
17:59:38.0379 0200 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
17:59:38.0410 0200 UxSms - ok
17:59:38.0535 0200 VAIO Entertainment TV Device Arbitration Service (d6e6bd77f4bedd695553d5ea1ffdfcdd) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
17:59:38.0551 0200 VAIO Entertainment TV Device Arbitration Service - ok
17:59:38.0925 0200 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
17:59:38.0941 0200 VAIO Event Service - ok
17:59:39.0003 0200 VcmIAlzMgr (9d1dd772dec13b0da3289a4b266b0767) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
17:59:39.0034 0200 VcmIAlzMgr - ok
17:59:39.0175 0200 VcmXmlIfHelper (c44a507b71eb90e8299d2af8fb05ae5b) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
17:59:39.0253 0200 VcmXmlIfHelper - ok
17:59:39.0253 0200 Vcsw - ok
17:59:39.0565 0200 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
17:59:39.0596 0200 vds - ok
17:59:39.0705 0200 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:39.0736 0200 vga - ok
17:59:39.0752 0200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:59:39.0767 0200 VgaSave - ok
17:59:39.0783 0200 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:59:39.0799 0200 viaagp - ok
17:59:40.0017 0200 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:59:40.0048 0200 ViaC7 - ok
17:59:40.0079 0200 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:59:40.0095 0200 viaide - ok
17:59:40.0142 0200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:59:40.0142 0200 volmgr - ok
17:59:40.0173 0200 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:59:40.0204 0200 volmgrx - ok
17:59:40.0235 0200 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:59:40.0251 0200 volsnap - ok
17:59:40.0282 0200 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:59:40.0313 0200 vsmraid - ok
17:59:41.0561 0200 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
17:59:41.0639 0200 VSS - ok
17:59:42.0061 0200 VzCdbSvc (0e2357bf1e70e17efb13d08fce74fcbc) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
17:59:42.0076 0200 VzCdbSvc - ok
17:59:42.0107 0200 VzFw (99bcbd7f13779ae06944776a8d4bb5c3) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
17:59:42.0139 0200 VzFw - ok
17:59:43.0277 0200 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
17:59:43.0309 0200 W32Time - ok
17:59:43.0387 0200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:59:43.0387 0200 WacomPen - ok
17:59:43.0543 0200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:43.0558 0200 Wanarp - ok
17:59:43.0558 0200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:43.0574 0200 Wanarpv6 - ok
17:59:43.0901 0200 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
17:59:43.0933 0200 wcncsvc - ok
17:59:44.0026 0200 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:59:44.0042 0200 WcsPlugInService - ok
17:59:44.0073 0200 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:59:44.0089 0200 Wd - ok
17:59:44.0135 0200 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:59:44.0276 0200 Wdf01000 - ok
17:59:44.0525 0200 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:59:44.0525 0200 WdiServiceHost - ok
17:59:44.0525 0200 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:59:44.0541 0200 WdiSystemHost - ok
17:59:44.0572 0200 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
17:59:44.0588 0200 WebClient - ok
17:59:44.0666 0200 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:59:44.0681 0200 Wecsvc - ok
17:59:44.0744 0200 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:59:44.0759 0200 wercplsupport - ok
17:59:45.0165 0200 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
17:59:45.0165 0200 WerSvc - ok
17:59:45.0212 0200 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
17:59:45.0243 0200 WimFltr - ok
17:59:45.0321 0200 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:59:45.0383 0200 winachsf - ok
17:59:45.0805 0200 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:59:45.0820 0200 WinDefend - ok
17:59:45.0836 0200 WinHttpAutoProxySvc - ok
17:59:46.0351 0200 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
17:59:46.0413 0200 Winmgmt - ok
17:59:46.0741 0200 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:59:47.0037 0200 WinRM - ok
17:59:47.0131 0200 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
17:59:47.0146 0200 Wlansvc - ok
17:59:47.0193 0200 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
17:59:47.0209 0200 WmiAcpi - ok
17:59:47.0677 0200 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
17:59:47.0692 0200 wmiApSrv - ok
17:59:47.0833 0200 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:59:47.0926 0200 WMPNetworkSvc - ok
17:59:48.0269 0200 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
17:59:48.0269 0200 WPCSvc - ok
17:59:48.0301 0200 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
17:59:48.0301 0200 WPDBusEnum - ok
17:59:48.0925 0200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:59:48.0987 0200 WPFFontCache_v0400 - ok
17:59:49.0081 0200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:59:49.0127 0200 ws2ifsl - ok
17:59:49.0502 0200 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
17:59:49.0517 0200 wscsvc - ok
17:59:49.0517 0200 WSearch - ok
17:59:50.0297 0200 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:59:50.0391 0200 wuauserv - ok
17:59:51.0389 0200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:51.0405 0200 WUDFRd - ok
17:59:51.0436 0200 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:59:51.0452 0200 wudfsvc - ok
17:59:51.0499 0200 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
17:59:51.0514 0200 XAudio - ok
17:59:51.0530 0200 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
17:59:51.0577 0200 XAudioService - ok
17:59:51.0639 0200 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
17:59:51.0670 0200 yukonwlh - ok
17:59:51.0717 0200 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:59:52.0279 0200 \Device\Harddisk0\DR0 - ok
17:59:52.0294 0200 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
17:59:52.0325 0200 \Device\Harddisk2\DR2 - ok
17:59:52.0341 0200 Boot (0x1200) (aa2342b00864965ee9d8c29f02946b6a) \Device\Harddisk0\DR0\Partition0
17:59:52.0372 0200 \Device\Harddisk0\DR0\Partition0 - ok
17:59:52.0372 0200 Boot (0x1200) (62955b552f1ae8a1cafcffda1d20d313) \Device\Harddisk2\DR2\Partition0
17:59:52.0372 0200 \Device\Harddisk2\DR2\Partition0 - ok
17:59:52.0372 0200 ============================================================
17:59:52.0372 0200 Scan finished
17:59:52.0372 0200 ============================================================
17:59:52.0388 1444 Detected object count: 0
17:59:52.0388 1444 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 18:01:54
-----------------------------
18:01:54.288 OS Version: Windows 6.0.6001 Service Pack 1
18:01:54.288 Number of processors: 2 586 0xF0D
18:01:54.288 ComputerName: PETER-PC UserName: Peter
18:02:27.657 Initialize success
18:04:54.006 AVAST engine defs: 12061901
18:04:57.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:04:57.344 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
18:04:57.344 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
18:04:57.344 Disk 1 Vendor: ( Size: 238475MB BusType: 0
18:04:57.344 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006c
18:04:57.360 Disk 2 Vendor: ( Size: 1945MB BusType: 0
18:04:57.391 Disk 0 MBR read successfully
18:04:57.406 Disk 0 MBR scan
18:04:57.406 Disk 0 Windows VISTA default MBR code
18:04:57.438 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9002 MB offset 2048
18:04:57.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229471 MB offset 18438144
18:04:57.484 Disk 0 scanning sectors +488395120
18:04:57.562 Disk 0 scanning C:\Windows\system32\drivers
18:05:28.731 Service scanning
18:05:53.239 Modules scanning
18:06:13.971 Disk 0 trace - called modules:
18:06:14.002 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:06:14.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c66ac8]
18:06:14.002 3 CLASSPNP.SYS[837aa745] -> nt!IofCallDriver -> [0x85d18020]
18:06:14.018 5 acpi.sys[806956a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d1f030]
18:06:17.076 AVAST engine scan C:\Windows
18:06:34.860 AVAST engine scan C:\Windows\system32
18:11:31.228 AVAST engine scan C:\Windows\system32\drivers
18:11:47.608 AVAST engine scan C:\Users\Peter
18:13:04.704 File: C:\Users\Peter\AppData\Local\czmcj.exe **INFECTED** Win32:FakeAV-DMN [Trj]
18:25:56.108 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
18:25:56.124 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 19 June 2012 - 06:29 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 19 June 2012 - 06:51 PM

Combofix still is not working, because it says Mcafee is still working. But I turned off the firewall and real time scanning. I read somewhere else that I should uninstall Mcafee. Is there a way to avoid having to do take this step?

Thanks

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 19 June 2012 - 09:02 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 June 2012 - 07:53 PM

I tried running OTL, but I've been having some trouble. How long should it be taking?

I've tried running it several times, and it seems to gets stuck on "Manual File Scan: Getting Folder Structure". Or maybe it is just taking a very long time (about 30 minutes the last time). Also, when my computer goes to the screen saver, it doesn't work at all with "Not Responding" appearing on the banner.

Other than Security Shield and not being able to do system restore, I have not noticed any other problems with the computer.

I appreciate your time and am happy to try out anything else you can suggest.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 20 June 2012 - 09:18 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 June 2012 - 08:52 AM

There is no "Repair your computer" option in the Advanced Boot Options Menu. I guess System Recovery Options has not been installed on the hard drive, or at least that's what I gather from what I've read online. I don' think I have the the Windows Vista DVD readily available, if at all.

Based on what you've already seen, do you have any suggestions on trying Rkill and Malwarebytes another time? Maybe run them in safemode for as long as it takes, even if that means several days?

If I can just regain the option to do system restore (in the event of any major problems that come up in the future) I'll be very happy. I haven't seen the Security Shield Pop-up since first posting in the forum.

Sorry for making things more difficult for you. I appreciate your patience and time.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 21 June 2012 - 08:47 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Users\Peter\AppData\Local\czmcj.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 meeps2012

meeps2012
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 22 June 2012 - 02:48 PM

I copy and pasted the text, but when I click Execute Now, I get the following message:

"Syntax error in line 2, Invalid File Path




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users