Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ATM Pin request Virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 pinkchink

pinkchink

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 01 July 2012 - 03:58 PM

Hi All,

Whilst processing a credit card recently i had a pop up asking for too much info so i ran a scan with Avast and it found a virus in a boot scan. It moved it to the virus chest but the problem is still happening. It has happened on Amazon and ebay tonight. I have attached the DDS logs and also i do have a screenshot of the problem in action during my earlier ebay search but could not upload it as not allowed. I was reading a post on something similar on majorgeeks and started to follow the suggestion, however i only uninstalled java and stopped there.

I am not wanting to log into any of my accounts on this machine now just in case it is taking all details.


Thank You in advance for any help in this matter.

pinkchink

Attached File  DDS.txt   20.81KB   8 downloads
Attached File  Attach.txt   12.57KB   2 downloads

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 AM

Posted 06 July 2012 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 pinkchink

pinkchink
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 July 2012 - 11:52 AM

Hi nasdaq,

Thank you for taking this on. I have to admit straight away that I have been impatient and a couple of days ago i installed Malwarebytes and ran it. It did find something and remove, I have included that log file as well as the ones you have requested. Also I have tried to attach the zip of Mbr.dat but i get his notification "Error You aren't permitted to upload this kind of file".

Hope this is all okay .

Thanks


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Richie :: VAIO-VPCCW1 [administrator]

05/07/2012 21:43:04
mbam-log-2012-07-05 (21-43-04).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335213
Time elapsed: 33 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)

12:37:10.0242 5680 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
12:37:10.0788 5680 ============================================================
12:37:10.0788 5680 Current date / time: 2012/07/07 12:37:10.0788
12:37:10.0788 5680 SystemInfo:
12:37:10.0788 5680
12:37:10.0788 5680 OS Version: 6.1.7601 ServicePack: 1.0
12:37:10.0788 5680 Product type: Workstation
12:37:10.0788 5680 ComputerName: VAIO-VPCCW1
12:37:10.0788 5680 UserName: Richie
12:37:10.0788 5680 Windows directory: C:\Windows
12:37:10.0788 5680 System windows directory: C:\Windows
12:37:10.0788 5680 Running under WOW64
12:37:10.0788 5680 Processor architecture: Intel x64
12:37:10.0788 5680 Number of processors: 2
12:37:10.0788 5680 Page size: 0x1000
12:37:10.0788 5680 Boot type: Normal boot
12:37:10.0788 5680 ============================================================
12:37:11.0537 5680 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:37:11.0553 5680 ============================================================
12:37:11.0553 5680 \Device\Harddisk0\DR0:
12:37:11.0553 5680 MBR partitions:
12:37:11.0553 5680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1979000, BlocksNum 0x32000
12:37:11.0553 5680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19AB000, BlocksNum 0x389DA830
12:37:11.0553 5680 ============================================================
12:37:11.0568 5680 C: <-> \Device\Harddisk0\DR0\Partition1
12:37:11.0568 5680 ============================================================
12:37:11.0568 5680 Initialize success
12:37:11.0568 5680 ============================================================
12:37:20.0367 6120 ============================================================
12:37:20.0367 6120 Scan started
12:37:20.0367 6120 Mode: Manual;
12:37:20.0367 6120 ============================================================
12:37:20.0788 6120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:37:20.0803 6120 1394ohci - ok
12:37:20.0928 6120 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:37:20.0944 6120 ACDaemon - ok
12:37:21.0022 6120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:37:21.0037 6120 ACPI - ok
12:37:21.0069 6120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:37:21.0084 6120 AcpiPmi - ok
12:37:21.0162 6120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:37:21.0178 6120 adp94xx - ok
12:37:21.0225 6120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:37:21.0240 6120 adpahci - ok
12:37:21.0287 6120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:37:21.0303 6120 adpu320 - ok
12:37:21.0334 6120 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:37:21.0334 6120 AeLookupSvc - ok
12:37:21.0427 6120 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:37:21.0443 6120 AFD - ok
12:37:21.0490 6120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:37:21.0505 6120 agp440 - ok
12:37:21.0537 6120 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:37:21.0537 6120 ALG - ok
12:37:21.0599 6120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:37:21.0599 6120 aliide - ok
12:37:21.0615 6120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:37:21.0615 6120 amdide - ok
12:37:21.0646 6120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:37:21.0661 6120 AmdK8 - ok
12:37:21.0677 6120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:37:21.0677 6120 AmdPPM - ok
12:37:21.0724 6120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:37:21.0739 6120 amdsata - ok
12:37:21.0771 6120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:37:21.0786 6120 amdsbs - ok
12:37:21.0833 6120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:37:21.0833 6120 amdxata - ok
12:37:21.0895 6120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:37:21.0895 6120 AppID - ok
12:37:21.0927 6120 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:37:21.0927 6120 AppIDSvc - ok
12:37:21.0973 6120 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:37:21.0973 6120 Appinfo - ok
12:37:22.0067 6120 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:37:22.0067 6120 Apple Mobile Device - ok
12:37:22.0114 6120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:37:22.0114 6120 arc - ok
12:37:22.0129 6120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:37:22.0129 6120 arcsas - ok
12:37:22.0192 6120 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:37:22.0192 6120 ArcSoftKsUFilter - ok
12:37:22.0239 6120 aswFsBlk (5d0fcd12a43e92409eb2ac88c6cf7d48) C:\Windows\system32\drivers\aswFsBlk.sys
12:37:22.0239 6120 aswFsBlk - ok
12:37:22.0285 6120 aswMonFlt (d51d963c2357b02a862f99bc0802aabb) C:\Windows\system32\drivers\aswMonFlt.sys
12:37:22.0285 6120 aswMonFlt - ok
12:37:22.0332 6120 aswRdr (f2a846c15ea4e35d0a8e53891abdf528) C:\Windows\System32\Drivers\aswrdr2.sys
12:37:22.0332 6120 aswRdr - ok
12:37:22.0488 6120 aswSnx (87542057e699eed8d1a545c75cef4547) C:\Windows\system32\drivers\aswSnx.sys
12:37:22.0504 6120 aswSnx - ok
12:37:22.0597 6120 aswSP (58143f82d886e10bafe33dc57eee53f9) C:\Windows\system32\drivers\aswSP.sys
12:37:22.0597 6120 aswSP - ok
12:37:22.0675 6120 aswTdi (c944767bd5e69bf3f49a6562abd4eaea) C:\Windows\system32\drivers\aswTdi.sys
12:37:22.0675 6120 aswTdi - ok
12:37:22.0707 6120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:37:22.0707 6120 AsyncMac - ok
12:37:22.0753 6120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:37:22.0769 6120 atapi - ok
12:37:22.0925 6120 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
12:37:22.0987 6120 athr - ok
12:37:23.0190 6120 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:37:23.0237 6120 AudioEndpointBuilder - ok
12:37:23.0253 6120 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:37:23.0268 6120 AudioSrv - ok
12:37:23.0346 6120 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:37:23.0346 6120 avast! Antivirus - ok
12:37:23.0393 6120 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:37:23.0409 6120 AxInstSV - ok
12:37:23.0518 6120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:37:23.0533 6120 b06bdrv - ok
12:37:23.0596 6120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:37:23.0611 6120 b57nd60a - ok
12:37:23.0674 6120 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:37:23.0689 6120 BDESVC - ok
12:37:23.0705 6120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:37:23.0705 6120 Beep - ok
12:37:23.0814 6120 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:37:23.0830 6120 BFE - ok
12:37:23.0939 6120 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:37:24.0001 6120 BITS - ok
12:37:24.0064 6120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:37:24.0079 6120 blbdrive - ok
12:37:24.0189 6120 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:37:24.0204 6120 Bonjour Service - ok
12:37:24.0251 6120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:37:24.0267 6120 bowser - ok
12:37:24.0313 6120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:37:24.0313 6120 BrFiltLo - ok
12:37:24.0313 6120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:37:24.0329 6120 BrFiltUp - ok
12:37:24.0376 6120 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:37:24.0391 6120 Browser - ok
12:37:24.0423 6120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:37:24.0438 6120 Brserid - ok
12:37:24.0469 6120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:37:24.0469 6120 BrSerWdm - ok
12:37:24.0485 6120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:37:24.0485 6120 BrUsbMdm - ok
12:37:24.0501 6120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:37:24.0501 6120 BrUsbSer - ok
12:37:24.0547 6120 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:37:24.0563 6120 BthEnum - ok
12:37:24.0579 6120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:37:24.0594 6120 BTHMODEM - ok
12:37:24.0625 6120 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:37:24.0641 6120 BthPan - ok
12:37:24.0735 6120 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:37:24.0766 6120 BTHPORT - ok
12:37:24.0797 6120 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:37:24.0828 6120 bthserv - ok
12:37:24.0875 6120 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:37:24.0875 6120 BTHUSB - ok
12:37:24.0937 6120 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
12:37:24.0937 6120 btwaudio - ok
12:37:24.0969 6120 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
12:37:24.0969 6120 btwavdt - ok
12:37:25.0140 6120 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:37:25.0171 6120 btwdins - ok
12:37:25.0187 6120 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:37:25.0187 6120 btwl2cap - ok
12:37:25.0203 6120 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
12:37:25.0203 6120 btwrchid - ok
12:37:25.0249 6120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:37:25.0265 6120 cdfs - ok
12:37:25.0343 6120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:37:25.0343 6120 cdrom - ok
12:37:25.0405 6120 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:37:25.0405 6120 CertPropSvc - ok
12:37:25.0437 6120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:37:25.0452 6120 circlass - ok
12:37:25.0515 6120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:37:25.0530 6120 CLFS - ok
12:37:25.0593 6120 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:37:25.0593 6120 clr_optimization_v2.0.50727_32 - ok
12:37:25.0639 6120 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:37:25.0655 6120 clr_optimization_v2.0.50727_64 - ok
12:37:25.0749 6120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:37:25.0749 6120 clr_optimization_v4.0.30319_32 - ok
12:37:25.0795 6120 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:37:25.0811 6120 clr_optimization_v4.0.30319_64 - ok
12:37:25.0842 6120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:37:25.0842 6120 CmBatt - ok
12:37:25.0873 6120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:37:25.0889 6120 cmdide - ok
12:37:25.0951 6120 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:37:25.0967 6120 CNG - ok
12:37:25.0998 6120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:37:26.0014 6120 Compbatt - ok
12:37:26.0061 6120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:37:26.0061 6120 CompositeBus - ok
12:37:26.0076 6120 COMSysApp - ok
12:37:26.0107 6120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:37:26.0107 6120 crcdisk - ok
12:37:26.0170 6120 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:37:26.0170 6120 CryptSvc - ok
12:37:26.0263 6120 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:37:26.0295 6120 DcomLaunch - ok
12:37:26.0357 6120 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:37:26.0373 6120 defragsvc - ok
12:37:26.0435 6120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:37:26.0451 6120 DfsC - ok
12:37:26.0529 6120 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:37:26.0544 6120 Dhcp - ok
12:37:26.0560 6120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:37:26.0560 6120 discache - ok
12:37:26.0591 6120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:37:26.0591 6120 Disk - ok
12:37:26.0653 6120 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:37:26.0653 6120 Dnscache - ok
12:37:26.0716 6120 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:37:26.0747 6120 dot3svc - ok
12:37:26.0778 6120 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:37:26.0794 6120 DPS - ok
12:37:26.0825 6120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:37:26.0841 6120 drmkaud - ok
12:37:26.0965 6120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:37:26.0981 6120 DXGKrnl - ok
12:37:27.0028 6120 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:37:27.0043 6120 EapHost - ok
12:37:27.0387 6120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:37:27.0496 6120 ebdrv - ok
12:37:27.0636 6120 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:37:27.0652 6120 EFS - ok
12:37:27.0761 6120 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:37:27.0792 6120 ehRecvr - ok
12:37:27.0839 6120 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:37:27.0855 6120 ehSched - ok
12:37:27.0964 6120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:37:27.0979 6120 elxstor - ok
12:37:28.0011 6120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:37:28.0011 6120 ErrDev - ok
12:37:28.0104 6120 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:37:28.0120 6120 EventSystem - ok
12:37:28.0167 6120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:37:28.0182 6120 exfat - ok
12:37:28.0213 6120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:37:28.0229 6120 fastfat - ok
12:37:28.0354 6120 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:37:28.0369 6120 Fax - ok
12:37:28.0401 6120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:37:28.0401 6120 fdc - ok
12:37:28.0432 6120 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:37:28.0432 6120 fdPHost - ok
12:37:28.0447 6120 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:37:28.0463 6120 FDResPub - ok
12:37:28.0494 6120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:37:28.0494 6120 FileInfo - ok
12:37:28.0510 6120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:37:28.0510 6120 Filetrace - ok
12:37:28.0525 6120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:37:28.0525 6120 flpydisk - ok
12:37:28.0588 6120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:37:28.0603 6120 FltMgr - ok
12:37:28.0759 6120 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:37:28.0806 6120 FontCache - ok
12:37:28.0869 6120 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:37:28.0884 6120 FontCache3.0.0.0 - ok
12:37:28.0931 6120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:37:28.0931 6120 FsDepends - ok
12:37:28.0978 6120 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:37:28.0978 6120 Fs_Rec - ok
12:37:29.0040 6120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:37:29.0056 6120 fvevol - ok
12:37:29.0087 6120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:37:29.0087 6120 gagp30kx - ok
12:37:29.0134 6120 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:37:29.0134 6120 GEARAspiWDM - ok
12:37:29.0259 6120 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:37:29.0290 6120 gpsvc - ok
12:37:29.0321 6120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:37:29.0321 6120 hcw85cir - ok
12:37:29.0399 6120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:37:29.0430 6120 HdAudAddService - ok
12:37:29.0493 6120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:37:29.0493 6120 HDAudBus - ok
12:37:29.0539 6120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:37:29.0539 6120 HidBatt - ok
12:37:29.0555 6120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:37:29.0571 6120 HidBth - ok
12:37:29.0586 6120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:37:29.0586 6120 HidIr - ok
12:37:29.0617 6120 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:37:29.0617 6120 hidserv - ok
12:37:29.0680 6120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:37:29.0695 6120 HidUsb - ok
12:37:29.0727 6120 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:37:29.0742 6120 hkmsvc - ok
12:37:29.0805 6120 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:37:29.0820 6120 HomeGroupListener - ok
12:37:29.0867 6120 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:37:29.0898 6120 HomeGroupProvider - ok
12:37:29.0945 6120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:37:29.0961 6120 HpSAMD - ok
12:37:30.0085 6120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:37:30.0117 6120 HTTP - ok
12:37:30.0148 6120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:37:30.0148 6120 hwpolicy - ok
12:37:30.0210 6120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:37:30.0226 6120 i8042prt - ok
12:37:30.0319 6120 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:37:30.0335 6120 IAANTMON - ok
12:37:30.0382 6120 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:37:30.0397 6120 iaStor - ok
12:37:30.0475 6120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:37:30.0491 6120 iaStorV - ok
12:37:30.0631 6120 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:37:30.0663 6120 idsvc - ok
12:37:30.0709 6120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:37:30.0725 6120 iirsp - ok
12:37:30.0834 6120 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:37:30.0865 6120 IKEEXT - ok
12:37:31.0099 6120 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
12:37:31.0131 6120 IntcAzAudAddService - ok
12:37:31.0287 6120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:37:31.0287 6120 intelide - ok
12:37:31.0333 6120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:37:31.0333 6120 intelppm - ok
12:37:31.0380 6120 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:37:31.0396 6120 IPBusEnum - ok
12:37:31.0443 6120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:37:31.0443 6120 IpFilterDriver - ok
12:37:31.0521 6120 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:37:31.0552 6120 iphlpsvc - ok
12:37:31.0614 6120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:37:31.0614 6120 IPMIDRV - ok
12:37:31.0661 6120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:37:31.0677 6120 IPNAT - ok
12:37:31.0801 6120 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:37:31.0848 6120 iPod Service - ok
12:37:31.0879 6120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:37:31.0879 6120 IRENUM - ok
12:37:31.0926 6120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:37:31.0926 6120 isapnp - ok
12:37:31.0973 6120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:37:31.0989 6120 iScsiPrt - ok
12:37:32.0082 6120 IviRegMgr (213822072085b5bbad9af30ab577d817) c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:37:32.0098 6120 IviRegMgr - ok
12:37:32.0160 6120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:37:32.0160 6120 kbdclass - ok
12:37:32.0207 6120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:37:32.0207 6120 kbdhid - ok
12:37:32.0254 6120 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:37:32.0254 6120 KeyIso - ok
12:37:32.0269 6120 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:37:32.0285 6120 KSecDD - ok
12:37:32.0316 6120 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:37:32.0332 6120 KSecPkg - ok
12:37:32.0363 6120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:37:32.0379 6120 ksthunk - ok
12:37:32.0441 6120 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:37:32.0472 6120 KtmRm - ok
12:37:32.0535 6120 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:37:32.0550 6120 LanmanServer - ok
12:37:32.0597 6120 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:37:32.0613 6120 LanmanWorkstation - ok
12:37:32.0659 6120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:37:32.0675 6120 lltdio - ok
12:37:32.0722 6120 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:37:32.0737 6120 lltdsvc - ok
12:37:32.0769 6120 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:37:32.0769 6120 lmhosts - ok
12:37:32.0815 6120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:37:32.0815 6120 LSI_FC - ok
12:37:32.0847 6120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:37:32.0862 6120 LSI_SAS - ok
12:37:32.0878 6120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:37:32.0878 6120 LSI_SAS2 - ok
12:37:32.0909 6120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:37:32.0925 6120 LSI_SCSI - ok
12:37:32.0956 6120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:37:32.0971 6120 luafv - ok
12:37:33.0018 6120 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:37:33.0034 6120 Mcx2Svc - ok
12:37:33.0065 6120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:37:33.0081 6120 megasas - ok
12:37:33.0127 6120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:37:33.0159 6120 MegaSR - ok
12:37:33.0268 6120 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:37:33.0268 6120 Microsoft Office Groove Audit Service - ok
12:37:33.0330 6120 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:37:33.0346 6120 MMCSS - ok
12:37:33.0361 6120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:37:33.0361 6120 Modem - ok
12:37:33.0393 6120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:37:33.0393 6120 monitor - ok
12:37:33.0439 6120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:37:33.0439 6120 mouclass - ok
12:37:33.0471 6120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:37:33.0486 6120 mouhid - ok
12:37:33.0533 6120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:37:33.0549 6120 mountmgr - ok
12:37:33.0611 6120 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:37:33.0627 6120 MozillaMaintenance - ok
12:37:33.0673 6120 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:37:33.0689 6120 MpFilter - ok
12:37:33.0736 6120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:37:33.0751 6120 mpio - ok
12:37:33.0783 6120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:37:33.0798 6120 mpsdrv - ok
12:37:33.0907 6120 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:37:33.0939 6120 MpsSvc - ok
12:37:33.0985 6120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:37:34.0001 6120 MRxDAV - ok
12:37:34.0048 6120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:37:34.0063 6120 mrxsmb - ok
12:37:34.0126 6120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:37:34.0141 6120 mrxsmb10 - ok
12:37:34.0188 6120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:37:34.0204 6120 mrxsmb20 - ok
12:37:34.0235 6120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:37:34.0251 6120 msahci - ok
12:37:34.0297 6120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:37:34.0313 6120 msdsm - ok
12:37:34.0360 6120 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:37:34.0375 6120 MSDTC - ok
12:37:34.0407 6120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:37:34.0407 6120 Msfs - ok
12:37:34.0438 6120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:37:34.0438 6120 mshidkmdf - ok
12:37:34.0485 6120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:37:34.0485 6120 msisadrv - ok
12:37:34.0531 6120 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:37:34.0547 6120 MSiSCSI - ok
12:37:34.0563 6120 msiserver - ok
12:37:34.0609 6120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:37:34.0609 6120 MSKSSRV - ok
12:37:34.0719 6120 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:37:34.0734 6120 MsMpSvc - ok
12:37:34.0750 6120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:37:34.0765 6120 MSPCLOCK - ok
12:37:34.0781 6120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:37:34.0781 6120 MSPQM - ok
12:37:34.0875 6120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:37:34.0890 6120 MsRPC - ok
12:37:34.0921 6120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:37:34.0937 6120 mssmbios - ok
12:37:34.0968 6120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:37:34.0968 6120 MSTEE - ok
12:37:34.0984 6120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:37:34.0984 6120 MTConfig - ok
12:37:35.0015 6120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:37:35.0015 6120 Mup - ok
12:37:35.0093 6120 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:37:35.0124 6120 napagent - ok
12:37:35.0187 6120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:37:35.0202 6120 NativeWifiP - ok
12:37:35.0343 6120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:37:35.0389 6120 NDIS - ok
12:37:35.0436 6120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:35.0436 6120 NdisCap - ok
12:37:35.0483 6120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:35.0483 6120 NdisTapi - ok
12:37:35.0514 6120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:35.0530 6120 Ndisuio - ok
12:37:35.0577 6120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:35.0592 6120 NdisWan - ok
12:37:35.0639 6120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:37:35.0639 6120 NDProxy - ok
12:37:35.0686 6120 Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
12:37:35.0748 6120 Net Driver HPZ12 - ok
12:37:35.0779 6120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:37:35.0779 6120 NetBIOS - ok
12:37:35.0826 6120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:37:35.0842 6120 NetBT - ok
12:37:35.0873 6120 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:37:35.0873 6120 Netlogon - ok
12:37:35.0920 6120 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:37:35.0935 6120 Netman - ok
12:37:35.0967 6120 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:37:35.0982 6120 netprofm - ok
12:37:36.0045 6120 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:37:36.0060 6120 NetTcpPortSharing - ok
12:37:36.0606 6120 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
12:37:36.0731 6120 netw5v64 - ok
12:37:36.0887 6120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:37:36.0887 6120 nfrd960 - ok
12:37:36.0934 6120 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:37:36.0949 6120 NisDrv - ok
12:37:37.0059 6120 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:37:37.0074 6120 NisSrv - ok
12:37:37.0168 6120 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:37:37.0183 6120 NlaSvc - ok
12:37:37.0230 6120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:37:37.0230 6120 Npfs - ok
12:37:37.0246 6120 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:37:37.0261 6120 nsi - ok
12:37:37.0277 6120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:37:37.0277 6120 nsiproxy - ok
12:37:37.0480 6120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:37:37.0542 6120 Ntfs - ok
12:37:37.0667 6120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:37:37.0667 6120 Null - ok
12:37:37.0729 6120 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers\nvhda64v.sys
12:37:37.0729 6120 NVHDA - ok
12:37:38.0821 6120 nvlddmkm (f6168edf9794b7a8d6d030cba5f6bf68) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:37:38.0884 6120 nvlddmkm - ok
12:37:39.0040 6120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:37:39.0055 6120 nvraid - ok
12:37:39.0087 6120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:37:39.0102 6120 nvstor - ok
12:37:39.0180 6120 nvsvc (ea94a1f7da5cf16d28e50511d010cd97) C:\Windows\system32\nvvsvc.exe
12:37:39.0196 6120 nvsvc - ok
12:37:39.0243 6120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:37:39.0258 6120 nv_agp - ok
12:37:39.0383 6120 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:37:39.0430 6120 odserv - ok
12:37:39.0477 6120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:37:39.0477 6120 ohci1394 - ok
12:37:39.0539 6120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:37:39.0555 6120 ose - ok
12:37:39.0617 6120 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:37:39.0648 6120 p2pimsvc - ok
12:37:39.0711 6120 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:37:39.0742 6120 p2psvc - ok
12:37:39.0773 6120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:37:39.0789 6120 Parport - ok
12:37:39.0835 6120 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:37:39.0851 6120 partmgr - ok
12:37:39.0882 6120 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:37:39.0913 6120 PcaSvc - ok
12:37:39.0960 6120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:37:39.0976 6120 pci - ok
12:37:40.0007 6120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:37:40.0007 6120 pciide - ok
12:37:40.0054 6120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:37:40.0085 6120 pcmcia - ok
12:37:40.0101 6120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:37:40.0116 6120 pcw - ok
12:37:40.0179 6120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:37:40.0210 6120 PEAUTH - ok
12:37:40.0288 6120 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:37:40.0303 6120 PerfHost - ok
12:37:40.0475 6120 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:37:40.0553 6120 pla - ok
12:37:40.0631 6120 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:37:40.0662 6120 PlugPlay - ok
12:37:40.0709 6120 Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
12:37:40.0771 6120 Pml Driver HPZ12 - ok
12:37:40.0803 6120 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:37:40.0803 6120 PNRPAutoReg - ok
12:37:40.0849 6120 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:37:40.0849 6120 PNRPsvc - ok
12:37:40.0943 6120 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:37:40.0959 6120 PolicyAgent - ok
12:37:41.0021 6120 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:37:41.0037 6120 Power - ok
12:37:41.0115 6120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:37:41.0130 6120 PptpMiniport - ok
12:37:41.0146 6120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:37:41.0161 6120 Processor - ok
12:37:41.0239 6120 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:37:41.0255 6120 ProfSvc - ok
12:37:41.0286 6120 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:37:41.0302 6120 ProtectedStorage - ok
12:37:41.0349 6120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:37:41.0364 6120 Psched - ok
12:37:41.0395 6120 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
12:37:41.0395 6120 PxHlpa64 - ok
12:37:41.0551 6120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:37:41.0598 6120 ql2300 - ok
12:37:41.0754 6120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:37:41.0770 6120 ql40xx - ok
12:37:41.0817 6120 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:37:41.0848 6120 QWAVE - ok
12:37:41.0863 6120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:37:41.0863 6120 QWAVEdrv - ok
12:37:41.0895 6120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:37:41.0895 6120 RasAcd - ok
12:37:41.0941 6120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:37:41.0941 6120 RasAgileVpn - ok
12:37:41.0973 6120 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:37:41.0988 6120 RasAuto - ok
12:37:42.0051 6120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:37:42.0066 6120 Rasl2tp - ok
12:37:42.0129 6120 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:37:42.0144 6120 RasMan - ok
12:37:42.0191 6120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:37:42.0191 6120 RasPppoe - ok
12:37:42.0207 6120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:37:42.0207 6120 RasSstp - ok
12:37:42.0285 6120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:37:42.0300 6120 rdbss - ok
12:37:42.0331 6120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:37:42.0331 6120 rdpbus - ok
12:37:42.0347 6120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:37:42.0363 6120 RDPCDD - ok
12:37:42.0378 6120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:37:42.0394 6120 RDPENCDD - ok
12:37:42.0409 6120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:37:42.0425 6120 RDPREFMP - ok
12:37:42.0472 6120 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:37:42.0503 6120 RDPWD - ok
12:37:42.0565 6120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:37:42.0581 6120 rdyboost - ok
12:37:42.0612 6120 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
12:37:42.0628 6120 regi - ok
12:37:42.0659 6120 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:37:42.0675 6120 RemoteAccess - ok
12:37:42.0753 6120 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:37:42.0768 6120 RemoteRegistry - ok
12:37:42.0831 6120 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:37:42.0846 6120 RFCOMM - ok
12:37:42.0877 6120 rimspci (5767961268aa43d9f3fa6d59ec8b7b12) C:\Windows\system32\DRIVERS\rimssne64.sys
12:37:42.0893 6120 rimspci - ok
12:37:42.0940 6120 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:37:42.0955 6120 RimUsb - ok
12:37:43.0002 6120 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:37:43.0018 6120 RimVSerPort - ok
12:37:43.0065 6120 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\DRIVERS\risdsne64.sys
12:37:43.0080 6120 risdsnpe - ok
12:37:43.0127 6120 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:37:43.0127 6120 ROOTMODEM - ok
12:37:43.0221 6120 Roxio UPnP Renderer 10 (d02e5a46f77c182ca1964080bcd586f7) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
12:37:43.0236 6120 Roxio UPnP Renderer 10 - ok
12:37:43.0283 6120 Roxio Upnp Server 10 (e5809597278802d09273ee07b5fc56e1) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
12:37:43.0314 6120 Roxio Upnp Server 10 - ok
12:37:43.0361 6120 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:37:43.0377 6120 RpcEptMapper - ok
12:37:43.0408 6120 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:37:43.0423 6120 RpcLocator - ok
12:37:43.0486 6120 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:37:43.0501 6120 RpcSs - ok
12:37:43.0548 6120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:37:43.0564 6120 rspndr - ok
12:37:43.0611 6120 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:37:43.0611 6120 SamSs - ok
12:37:43.0673 6120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:37:43.0689 6120 sbp2port - ok
12:37:43.0767 6120 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:37:43.0782 6120 SCardSvr - ok
12:37:43.0829 6120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:37:43.0829 6120 scfilter - ok
12:37:43.0969 6120 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:37:44.0032 6120 Schedule - ok
12:37:44.0063 6120 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:37:44.0063 6120 SCPolicySvc - ok
12:37:44.0141 6120 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:37:44.0157 6120 sdbus - ok
12:37:44.0188 6120 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:37:44.0219 6120 SDRSVC - ok
12:37:44.0266 6120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:37:44.0266 6120 secdrv - ok
12:37:44.0297 6120 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:37:44.0328 6120 seclogon - ok
12:37:44.0359 6120 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:37:44.0375 6120 SENS - ok
12:37:44.0406 6120 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:37:44.0422 6120 SensrSvc - ok
12:37:44.0453 6120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:37:44.0453 6120 Serenum - ok
12:37:44.0469 6120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:37:44.0484 6120 Serial - ok
12:37:44.0515 6120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:37:44.0531 6120 sermouse - ok
12:37:44.0593 6120 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:37:44.0609 6120 SessionEnv - ok
12:37:44.0656 6120 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
12:37:44.0656 6120 SFEP - ok
12:37:44.0734 6120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:37:44.0734 6120 sffdisk - ok
12:37:44.0749 6120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:37:44.0749 6120 sffp_mmc - ok
12:37:44.0781 6120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:37:44.0781 6120 sffp_sd - ok
12:37:44.0843 6120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:37:44.0843 6120 sfloppy - ok
12:37:44.0905 6120 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:37:44.0937 6120 SharedAccess - ok
12:37:44.0999 6120 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:37:45.0030 6120 ShellHWDetection - ok
12:37:45.0061 6120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:37:45.0061 6120 SiSRaid2 - ok
12:37:45.0093 6120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:37:45.0093 6120 SiSRaid4 - ok
12:37:45.0124 6120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:37:45.0124 6120 Smb - ok
12:37:45.0171 6120 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:37:45.0186 6120 SNMPTRAP - ok
12:37:45.0264 6120 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:37:45.0280 6120 SOHCImp - ok
12:37:45.0295 6120 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
12:37:45.0295 6120 SOHDBSvr - ok
12:37:45.0358 6120 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
12:37:45.0373 6120 SOHDms - ok
12:37:45.0389 6120 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:37:45.0389 6120 SOHDs - ok
12:37:45.0405 6120 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
12:37:45.0420 6120 SOHPlMgr - ok
12:37:45.0451 6120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:37:45.0451 6120 spldr - ok
12:37:45.0545 6120 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:37:45.0592 6120 Spooler - ok
12:37:45.0951 6120 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:37:46.0060 6120 sppsvc - ok
12:37:46.0185 6120 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:37:46.0216 6120 sppuinotify - ok
12:37:46.0309 6120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:37:46.0341 6120 srv - ok
12:37:46.0403 6120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:37:46.0419 6120 srv2 - ok
12:37:46.0450 6120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:37:46.0465 6120 srvnet - ok
12:37:46.0528 6120 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:37:46.0543 6120 SSDPSRV - ok
12:37:46.0559 6120 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:37:46.0575 6120 SstpSvc - ok
12:37:46.0606 6120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:37:46.0606 6120 stexstor - ok
12:37:46.0637 6120 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:37:46.0653 6120 StillCam - ok
12:37:46.0746 6120 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:37:46.0793 6120 stisvc - ok
12:37:47.0011 6120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:37:47.0011 6120 swenum - ok
12:37:47.0089 6120 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:37:47.0136 6120 swprv - ok
12:37:47.0199 6120 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
12:37:47.0214 6120 SynTP - ok
12:37:47.0417 6120 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:37:47.0464 6120 SysMain - ok
12:37:47.0604 6120 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:37:47.0620 6120 TabletInputService - ok
12:37:47.0667 6120 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:37:47.0698 6120 TapiSrv - ok
12:37:47.0729 6120 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:37:47.0729 6120 TBS - ok
12:37:47.0994 6120 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:37:48.0057 6120 Tcpip - ok
12:37:48.0384 6120 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:37:48.0415 6120 TCPIP6 - ok
12:37:48.0493 6120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:37:48.0493 6120 tcpipreg - ok
12:37:48.0540 6120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:37:48.0540 6120 TDPIPE - ok
12:37:48.0587 6120 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:37:48.0587 6120 TDTCP - ok
12:37:48.0649 6120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:37:48.0665 6120 tdx - ok
12:37:48.0712 6120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:37:48.0712 6120 TermDD - ok
12:37:48.0790 6120 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:37:48.0805 6120 TermService - ok
12:37:48.0837 6120 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:37:48.0852 6120 Themes - ok
12:37:48.0868 6120 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:37:48.0868 6120 THREADORDER - ok
12:37:48.0883 6120 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:37:48.0915 6120 TrkWks - ok
12:37:48.0961 6120 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:37:48.0977 6120 TrustedInstaller - ok
12:37:49.0024 6120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:37:49.0024 6120 tssecsrv - ok
12:37:49.0086 6120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:37:49.0102 6120 TsUsbFlt - ok
12:37:49.0180 6120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:37:49.0195 6120 tunnel - ok
12:37:49.0227 6120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:37:49.0242 6120 uagp35 - ok
12:37:49.0320 6120 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:37:49.0336 6120 uCamMonitor - ok
12:37:49.0398 6120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:37:49.0414 6120 udfs - ok
12:37:49.0461 6120 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:37:49.0476 6120 UI0Detect - ok
12:37:49.0523 6120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:37:49.0539 6120 uliagpkx - ok
12:37:49.0585 6120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:37:49.0601 6120 umbus - ok
12:37:49.0632 6120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:37:49.0632 6120 UmPass - ok
12:37:49.0695 6120 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:37:49.0710 6120 upnphost - ok
12:37:49.0757 6120 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:37:49.0773 6120 USBAAPL64 - ok
12:37:49.0819 6120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:37:49.0835 6120 usbccgp - ok
12:37:49.0882 6120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:37:49.0913 6120 usbcir - ok
12:37:49.0944 6120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:37:49.0944 6120 usbehci - ok
12:37:50.0022 6120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:37:50.0022 6120 usbhub - ok
12:37:50.0053 6120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:37:50.0053 6120 usbohci - ok
12:37:50.0085 6120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:37:50.0085 6120 usbprint - ok
12:37:50.0100 6120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:37:50.0116 6120 USBSTOR - ok
12:37:50.0147 6120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:37:50.0147 6120 usbuhci - ok
12:37:50.0209 6120 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:37:50.0225 6120 usbvideo - ok
12:37:50.0256 6120 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:37:50.0272 6120 UxSms - ok
12:37:50.0365 6120 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
12:37:50.0381 6120 VAIO Entertainment TV Device Arbitration Service - ok
12:37:50.0443 6120 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
12:37:50.0459 6120 VAIO Event Service - ok
12:37:50.0584 6120 VAIO Power Management (2d6605c1f0bbd0f71a4cb3a5b1e07240) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:37:50.0615 6120 VAIO Power Management - ok
12:37:50.0646 6120 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:37:50.0662 6120 VaultSvc - ok
12:37:50.0771 6120 VCFw (06fe5beddadb158d84e6de33cbe19f3e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:37:50.0787 6120 VCFw - ok
12:37:50.0896 6120 VcmIAlzMgr (34063c0b842e73662067f9b03947c55c) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:37:50.0911 6120 VcmIAlzMgr - ok
12:37:50.0989 6120 VcmINSMgr (a8f5d1651a324abc6c308891a1252ee3) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:37:51.0005 6120 VcmINSMgr - ok
12:37:51.0130 6120 VcmXmlIfHelper (db544b487f360128dc1c383e0a6fcc2f) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:37:51.0130 6120 VcmXmlIfHelper - ok
12:37:51.0177 6120 Vcsw - ok
12:37:51.0348 6120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:37:51.0348 6120 vdrvroot - ok
12:37:51.0426 6120 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:37:51.0473 6120 vds - ok
12:37:51.0520 6120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:37:51.0520 6120 vga - ok
12:37:51.0535 6120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:37:51.0551 6120 VgaSave - ok
12:37:51.0598 6120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:37:51.0613 6120 vhdmp - ok
12:37:51.0660 6120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:37:51.0660 6120 viaide - ok
12:37:51.0691 6120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:37:51.0707 6120 volmgr - ok
12:37:51.0769 6120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:37:51.0801 6120 volmgrx - ok
12:37:51.0847 6120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:37:51.0863 6120 volsnap - ok
12:37:51.0925 6120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:37:51.0941 6120 vsmraid - ok
12:37:52.0081 6120 VSNService (e9638e51373d527e22438b80126b64f9) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
12:37:52.0144 6120 VSNService - ok
12:37:52.0315 6120 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:37:52.0393 6120 VSS - ok
12:37:52.0534 6120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:37:52.0534 6120 vwifibus - ok
12:37:52.0565 6120 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:37:52.0581 6120 vwififlt - ok
12:37:52.0674 6120 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
12:37:52.0783 6120 VzCdbSvc - ok
12:37:52.0846 6120 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:37:52.0861 6120 W32Time - ok
12:37:52.0908 6120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:37:52.0908 6120 WacomPen - ok
12:37:52.0971 6120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:37:52.0986 6120 WANARP - ok
12:37:53.0002 6120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:37:53.0002 6120 Wanarpv6 - ok
12:37:53.0173 6120 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:37:53.0220 6120 WatAdminSvc - ok
12:37:53.0407 6120 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:37:53.0470 6120 wbengine - ok
12:37:53.0641 6120 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:37:53.0657 6120 WbioSrvc - ok
12:37:53.0719 6120 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:37:53.0751 6120 wcncsvc - ok
12:37:53.0782 6120 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:37:53.0813 6120 WcsPlugInService - ok
12:37:53.0860 6120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:37:53.0860 6120 Wd - ok
12:37:53.0953 6120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:37:53.0985 6120 Wdf01000 - ok
12:37:54.0016 6120 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:37:54.0031 6120 WdiServiceHost - ok
12:37:54.0047 6120 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:37:54.0063 6120 WdiSystemHost - ok
12:37:54.0094 6120 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:37:54.0125 6120 WebClient - ok
12:37:54.0172 6120 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:37:54.0187 6120 Wecsvc - ok
12:37:54.0219 6120 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:37:54.0234 6120 wercplsupport - ok
12:37:54.0265 6120 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:37:54.0297 6120 WerSvc - ok
12:37:54.0359 6120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:37:54.0359 6120 WfpLwf - ok
12:37:54.0375 6120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:37:54.0390 6120 WIMMount - ok
12:37:54.0421 6120 WinDefend - ok
12:37:54.0437 6120 WinHttpAutoProxySvc - ok
12:37:54.0499 6120 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:37:54.0531 6120 Winmgmt - ok
12:37:54.0749 6120 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:37:54.0827 6120 WinRM - ok
12:37:55.0014 6120 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:37:55.0014 6120 WinUsb - ok
12:37:55.0139 6120 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:37:55.0186 6120 Wlansvc - ok
12:37:55.0233 6120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:37:55.0233 6120 WmiAcpi - ok
12:37:55.0295 6120 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:37:55.0311 6120 wmiApSrv - ok
12:37:55.0357 6120 WMPNetworkSvc - ok
12:37:55.0404 6120 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:37:55.0420 6120 WPCSvc - ok
12:37:55.0467 6120 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:37:55.0498 6120 WPDBusEnum - ok
12:37:55.0529 6120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:37:55.0529 6120 ws2ifsl - ok
12:37:55.0560 6120 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:37:55.0576 6120 wscsvc - ok
12:37:55.0591 6120 WSearch - ok
12:37:55.0857 6120 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:37:55.0966 6120 wuauserv - ok
12:37:56.0106 6120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:37:56.0122 6120 WudfPf - ok
12:37:56.0169 6120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:37:56.0184 6120 WUDFRd - ok
12:37:56.0231 6120 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:37:56.0247 6120 wudfsvc - ok
12:37:56.0293 6120 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:37:56.0325 6120 WwanSvc - ok
12:37:56.0418 6120 yksvc (ad4617b499f900ebb56b0afab627b243) C:\Windows\System32\yk62x64.dll
12:37:56.0449 6120 yksvc - ok
12:37:56.0512 6120 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
12:37:56.0527 6120 yukonw7 - ok
12:37:56.0590 6120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:37:56.0917 6120 \Device\Harddisk0\DR0 - ok
12:37:56.0917 6120 Boot (0x1200) (38699d3818701a1ba5f5665d132d7d82) \Device\Harddisk0\DR0\Partition0
12:37:56.0917 6120 \Device\Harddisk0\DR0\Partition0 - ok
12:37:56.0949 6120 Boot (0x1200) (f35eba7ef7b066a994b4ebc381e8291b) \Device\Harddisk0\DR0\Partition1
12:37:56.0949 6120 \Device\Harddisk0\DR0\Partition1 - ok
12:37:56.0949 6120 ============================================================
12:37:56.0949 6120 Scan finished
12:37:56.0949 6120 ============================================================
12:37:57.0011 2848 Detected object count: 0
12:37:57.0011 2848 Actual detected object count: 0
12:38:06.0340 5500 Deinitialize success

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 AM

Posted 07 July 2012 - 01:39 PM

Run these tools for now.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 pinkchink

pinkchink
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 July 2012 - 02:18 PM

Hi Nasdaq,

Thanks for the response. I have run those two. Hope it is correct.


Thanks

ComboFix 12-07-07.04 - Richie 07/07/2012 20:00:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3039.1792 [GMT 1:00]
Running from: C:\Users\Richie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Windows
C:\Users\Richie\700_b060_multilanguage.exe
C:\Users\Richie\9800jAllLang_PBr6.0.0_rel3106_PL6.6.0.248_A6.0.0.723_SK_Telecom__.exe
C:\Users\Richie\AppData\Roaming\.#


((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))


2012-07-07 19:05:42 . 2012-07-07 19:05:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-07 18:49:56 . 2012-07-07 18:49:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D224F69E-56EB-4775-B1A3-2B49693D7581}\offreg.dll
2012-07-07 11:24:29 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D224F69E-56EB-4775-B1A3-2B49693D7581}\mpengine.dll
2012-07-05 20:41:59 . 2012-07-05 20:41:59 -------- d-----w- C:\Users\Richie\AppData\Roaming\Malwarebytes
2012-07-05 20:41:55 . 2012-07-05 20:41:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-05 20:41:54 . 2012-07-05 20:41:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 20:41:54 . 2012-04-04 14:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-05 20:06:55 . 2012-02-09 12:17:24 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D068841C-C158-4180-955E-9B98351F36B9}\gapaengine.dll
2012-07-05 19:58:43 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 20:40:10 . 2012-06-28 12:52:36 355856 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-06-21 20:40:10 . 2012-06-28 12:52:34 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-06-21 20:40:09 . 2012-06-28 12:52:39 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-06-21 20:40:09 . 2012-06-28 12:52:36 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-06-21 20:40:07 . 2012-06-28 12:52:36 958912 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-06-21 20:40:03 . 2012-06-28 12:52:35 71064 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-06-21 20:40:02 . 2012-06-28 12:51:33 285328 ----a-w- C:\Windows\system32\aswBoot.exe
2012-06-21 20:39:12 . 2012-06-28 12:52:20 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-21 20:39:11 . 2012-06-28 12:51:49 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-06-21 20:38:58 . 2012-06-21 20:38:58 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-21 20:38:58 . 2012-06-21 20:38:58 -------- d-----w- C:\Program Files\AVAST Software
2012-06-21 20:01:27 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-21 20:01:27 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-21 20:01:27 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-21 20:01:26 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-21 20:01:15 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-21 20:01:15 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-21 20:01:15 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-21 20:00:59 . 2012-06-02 14:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-21 20:00:59 . 2012-06-02 14:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-17 09:57:24 . 2012-06-17 10:01:37 -------- d-----w- C:\Users\Richie\Maverick Sabre - Lonely Are The Brave [CD-Rip][2012]
2012-06-16 11:41:17 . 2012-02-09 12:17:24 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-15 22:38:54 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-10 17:01:15 . 2011-07-20 13:58:22 44032 ----a-w- C:\Windows\system32\drivers\RimSerial_AMD64.sys
2012-06-10 17:00:39 . 2012-06-10 17:00:39 -------- d-----w- C:\ProgramData\Research In Motion
2012-06-10 16:59:47 . 2012-06-10 17:00:41 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-06-10 16:59:47 . 2012-06-10 16:59:47 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-06-10 16:55:48 . 2012-06-10 16:56:34 256 ----a-w- C:\Windows\SysWow64\pool.bin
2012-06-10 16:55:48 . 2012-06-10 16:55:48 -------- d-----w- C:\Users\Richie\AppData\Roaming\Research In Motion
2012-06-10 16:53:43 . 2012-06-10 17:00:43 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-06-09 17:00:18 . 2012-06-09 17:00:18 -------- d-----w- C:\Users\Richie\AppData\Local\Macromedia
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-09 16:59:17 . 2012-05-10 23:07:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 16:59:17 . 2012-05-10 23:07:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-12 11:37:28 . 2012-05-12 11:37:37 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-12 11:37:28 . 2012-04-14 12:21:33 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-22 08:14:35 . 2012-04-22 08:14:35 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-04-22 08:14:35 . 2012-04-22 08:14:35 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-04-22 08:14:35 . 2012-04-22 08:14:35 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-04-22 08:14:35 . 2012-04-22 08:14:35 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-04-22 08:14:35 . 2012-04-22 08:14:35 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-04-22 08:14:35 . 2012-04-22 08:14:35 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-04-22 08:14:35 . 2012-04-22 08:14:35 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-04-22 08:14:35 . 2012-04-22 08:14:35 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-04-22 08:14:34 . 2012-04-22 08:14:34 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 448512 ----a-w- C:\Windows\system32\html.iec
2012-04-22 08:14:34 . 2012-04-22 08:14:34 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-04-22 08:14:34 . 2012-04-22 08:14:34 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-04-22 08:14:34 . 2012-04-22 08:14:34 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-04-22 08:14:33 . 2012-04-22 08:14:33 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-04-22 08:14:33 . 2012-04-22 08:14:33 603648 ----a-w- C:\Windows\system32\vbscript.dll
2012-04-22 08:14:33 . 2012-04-22 08:14:33 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-04-22 08:14:33 . 2012-04-22 08:14:33 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-04-22 08:14:33 . 2012-04-22 08:14:33 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-04-18 22:44:48 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-18 22:44:47 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 86120 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2012-04-15 23:09:37 . 2012-04-15 23:09:37 65128 ----a-w- C:\Windows\system32\OpenCL.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 6117992 ----a-w- C:\Windows\system32\nvcuda.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 56936 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 5109352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 4554856 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 383080 ----a-w- C:\Windows\system32\nvdecodemft.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 314984 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 3089512 ----a-w- C:\Windows\system32\nvcuvid.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 29288 ----a-w- C:\Windows\system32\nvhdap64.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 2893928 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 2761832 ----a-w- C:\Windows\system32\nvcuvenc.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 2506856 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 19117160 ----a-w- C:\Windows\system32\nvoglv64.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 14092904 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:37 12500840 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2012-04-15 23:09:37 . 2012-04-15 23:09:37 12482664 ----a-w- C:\Windows\system32\nvd3dumx.dll
2012-04-15 23:09:37 . 2012-04-15 23:09:36 10267240 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-04-15 23:09:37 . 2009-08-20 21:57:26 657512 ----a-w- C:\Windows\system32\nvuhda6.exe
2012-04-15 23:09:37 . 2009-08-20 21:57:25 255592 ----a-w- C:\Windows\system32\nvcohda6.dll
2012-04-15 23:09:37 . 2009-08-20 21:57:24 7004264 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2012-04-15 23:09:37 . 2009-08-20 21:57:23 660072 ----a-w- C:\Windows\system32\nvudisp.exe
2012-04-15 23:09:37 . 2009-08-20 21:57:17 9828456 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-04-15 23:09:36 . 2012-04-15 23:09:36 263272 ----a-w- C:\Windows\system32\nvcod1925.dll
2012-04-15 23:09:36 . 2012-04-15 23:09:36 263272 ----a-w- C:\Windows\system32\nvcod.dll
2012-04-15 23:09:36 . 2012-04-15 23:09:36 14513768 ----a-w- C:\Windows\system32\nvcompiler.dll
2012-04-15 23:09:36 . 2009-08-20 21:57:11 2040936 ----a-w- C:\Windows\system32\nvapi64.dll
2012-04-15 23:09:36 . 2009-08-20 21:57:11 1628264 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-04-13 08:46:11 . 2012-04-20 20:40:45 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFECBE28-63D2-40AD-9E35-1F221E9C675F}\mpengine.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 00:10:28 35696]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 16:23:14 317288]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 20:28:32 59240]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 04:09:24 421736]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 15:46:10 1159168]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 09:26:54 114688]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 01:00:44 90448]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-06-28 12:51:51 4273976]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49:36 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-08-04 02:04:25 35104]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-11 20:01:29 129976]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 19:44:12 98688]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 17:49:56 291696]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 10:01:50 52736]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 21:35:04 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 21:56:10 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 01:50:30 110888]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-14 15:46:09 1255736]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 18:25:24 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 18:25:36 362992]
R4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 23:58:36 120104]
R4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 23:58:38 70952]
R4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 23:58:38 427304]
R4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 23:58:38 75048]
R4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 23:58:40 91432]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-05-20 10:00:00 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-06-28 12:52:35 71064]
S2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 03:51:50 14112]
S2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys [2009-07-31 20:10:18 91648]
S2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsne64.sys [2009-07-31 20:10:23 75776]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 17:59:10 104960]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 16:36:56 411496]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 22:03:04 642920]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2009-08-13 06:11:54 522240]
S2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 21:32:04 19968]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-05 20:04:10 5435904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2012-04-15 23:09:37 86120]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2009-06-11 20:19:09 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-07-31 20:02:03 393216]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - 30476704
*NewlyCreated* - ASWMBR
*Deregistered* - 30476704
*Deregistered* - aswMBR

Contents of the 'Scheduled Tasks' folder

2012-07-07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-461477665-297847086-3255847364-1000Core.job
- C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18 18:07:00 . 2012-04-18 18:07:00]

2012-07-07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-461477665-297847086-3255847364-1000UA.job
- C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18 18:07:00 . 2012-04-18 18:07:00]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51:30 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 04:34:01 7938080]
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 04:35:03 1833504]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-26 17:54:34 1271168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 212.139.132.8 212.139.132.9
FF - ProfilePath - C:\Users\Richie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jbcp6h.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk

- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 AM

Posted 08 July 2012 - 08:25 AM

Looking good.

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.257 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

====
http://securitygarden.blogspot.ca/2012/06/flash-player-update-causes-firefox.html
it appears that the Adobe Flash Player update including Flash Player Protected Mode for Firefox is causing Firefox to freeze or crash.
====

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Any remaining issues?

#7 pinkchink

pinkchink
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 10 July 2012 - 11:52 AM

Hi Nasdaq,

I cant really speak of any problems as I have not use this machine for anything other than to run the scans and to report back to you. I would like to ask a couple of quick questions before i resume using this machine. What should i do regarding my existing external pen drives as i am dubious as to connecting them to this after we have dis-infected. Do i need anything ither than avast and Malwarebytes like a firewall. I was going to to do a reinstall from the recovery partitiion just to remove any paranoia around using this for any online transactions. Lastly do you have a donate, in return for your help ??

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 AM

Posted 11 July 2012 - 07:51 AM

What should i do regarding my existing external pen drives as i am dubious as to connecting them to this after we have dis-infected.


When you uninstall ComboFix a Restore point will be created.
Do not use the pen drive until you have remove Combofix.

If by any change your pen drive is infected you could reinfect your computer but having a good restore point will help in restoring to a good point.

===

Do i need anything ither than avast and Malwarebytes like a firewall.

You already have the Windows Firewall.

But it's disabled. See the security Check list.
Windows Firewall Disabled!
http://windows.microsoft.com/en-us/windows-vista/Turn-Windows-Firewall-on-or-off
===

Lastly do you have a donate, in return for your help ??

No! My services are free.
Thank you.

==

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 AM

Posted 17 July 2012 - 09:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users