Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, created log


  • This topic is locked This topic is locked
70 replies to this topic

#1 iamnothing

iamnothing

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 13 August 2012 - 02:34 AM

Hello,
I have been getting the google redirect virus/malware for the past few weeks. The redirect does not occur on every single search. Almost seems random. Happens both in explorer and chrome. I have tried malwarebytes and superantispyware, which have found some things, but it seems to keep coming back. Also looked through several topics in the forum regarding google redirect but it has lead me nowhere. I figured it was time to ask for help. Looking forward to talking to someone. Thanks so much!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brian at 3:14:16 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.1857 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = <local>;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify Web Helper] "C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9FA9618D-01F4-45A0-B9F9-BFA7B293F5B1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-23 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 21504]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d08e6d157c97;Google Update Service (gupdate1c9d08e6d157c97);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-9 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-15 250056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-9 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-9-26 167424]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-5-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-5-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-5-9 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-5-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-5-9 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S3 wdfsgusbV2;Stenograph WDF USB Writer Service V2;C:\Windows\system32\DRIVERS\wdfsgusb.sys --> C:\Windows\system32\DRIVERS\wdfsgusb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-13 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-13 05:46:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78881CFB-2571-477B-B811-7A0BC5E7561C}\offreg.dll
2012-08-12 19:39:06 116016 ----a-w- C:\Windows\System32\drivers\04004226.sys
2012-08-11 18:56:29 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-10 06:10:45 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78881CFB-2571-477B-B811-7A0BC5E7561C}\mpengine.dll
2012-07-31 13:28:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-31 10:15:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-31 10:15:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-15 21:51:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-02 23:14:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 3:14:54.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 13 August 2012 - 04:01 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 13 August 2012 - 10:59 AM

Gringo,
Thanks for the quick reply!! I am a little confused already. When you said the following:


It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>


Please remove all but one of them.

By remove do you mean to uninstall, or something else? Also, my understanding of what I am running is Superantispyware and Malwarebytes. Am I running something else that I'm not aware of?

Lastly, is it okay to do my normal computing while we are working on this? Sorry for all the questions, just want to make sure I am doing what you want me to. Thanks again.

Brian

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 13 August 2012 - 12:41 PM

sorry that was a mistake - please run combofix for me now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 13 August 2012 - 02:12 PM

Gringo,
Ran checkup and combofix. Did a few quick searches and was redirected several times. Thanks again.



Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 19
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


ComboFix 12-08-13.01 - Brian 08/13/2012 14:30:30.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2199 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2809086545
c:\programdata\2886491261
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 19:03 . 2012-08-13 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 19:03 . 2012-08-13 19:03 -------- d-----w- c:\users\Brian\AppData\Local\temp
2012-08-12 19:39 . 2012-08-12 19:39 116016 ----a-w- c:\windows\system32\drivers\04004226.sys
2012-08-11 18:56 . 2012-08-11 18:56 -------- d-----w- c:\program files (x86)\ESET
2012-08-10 06:10 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78881CFB-2571-477B-B811-7A0BC5E7561C}\mpengine.dll
2012-07-31 13:28 . 2012-07-31 13:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-31 10:15 . 2012-07-31 13:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-31 10:15 . 2012-07-31 13:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-15 21:51 . 2012-08-02 23:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:14 . 2011-05-16 15:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-02-21 22:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 07:16 . 2012-06-25 07:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-19 00:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:05 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:05 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:04 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 00:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 00:04 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:05 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 00:04 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-19 00:04 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:19 . 2012-06-19 00:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 00:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-19 00:04 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 16:25 . 2009-11-24 18:10 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]
"Spotify Web Helper"="c:\users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-08 932528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-11 61440]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 23:14]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 10:10]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 10:10]
.
2012-07-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7b3951b1-f9a1-4a54-a2df-8db383254661.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task bf8cafad-68ff-4fff-a7b1-4d9bba4311d9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-aaa - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-08-13 15:05:27
ComboFix-quarantined-files.txt 2012-08-13 19:05
.
Pre-Run: 206,153,408,512 bytes free
Post-Run: 206,094,577,664 bytes free
.
- - End Of File - - 73BD5C56F72CB7951AF76513ACD6DDAE

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 13 August 2012 - 02:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 13 August 2012 - 08:18 PM

Gringo,
I had a little trouble running the aswMBR, but eventually got it. It seemed to freeze after running for about two hours. I tried it again, walked away from the computer, and when I came back the computer had rebooted. The TDSSKiller said that it did not find any threats. Thanks again!

Here are the logs:



15:45:48.0972 3336 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:45:49.0253 3336 ============================================================
15:45:49.0253 3336 Current date / time: 2012/08/13 15:45:49.0253
15:45:49.0253 3336 SystemInfo:
15:45:49.0253 3336
15:45:49.0253 3336 OS Version: 6.0.6002 ServicePack: 2.0
15:45:49.0253 3336 Product type: Workstation
15:45:49.0253 3336 ComputerName: BRIAN-PC
15:45:49.0253 3336 UserName: Brian
15:45:49.0253 3336 Windows directory: C:\Windows
15:45:49.0253 3336 System windows directory: C:\Windows
15:45:49.0253 3336 Running under WOW64
15:45:49.0253 3336 Processor architecture: Intel x64
15:45:49.0253 3336 Number of processors: 2
15:45:49.0253 3336 Page size: 0x1000
15:45:49.0253 3336 Boot type: Normal boot
15:45:49.0253 3336 ============================================================
15:45:49.0892 3336 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:49.0892 3336 ============================================================
15:45:49.0908 3336 \Device\Harddisk0\DR0:
15:45:49.0908 3336 MBR partitions:
15:45:49.0908 3336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1524000, BlocksNum 0x23F0A2B0
15:45:49.0908 3336 ============================================================
15:45:49.0939 3336 C: <-> \Device\Harddisk0\DR0\Partition0
15:45:49.0939 3336 ============================================================
15:45:49.0939 3336 Initialize success
15:45:49.0939 3336 ============================================================
15:45:53.0059 0272 ============================================================
15:45:53.0059 0272 Scan started
15:45:53.0059 0272 Mode: Manual;
15:45:53.0059 0272 ============================================================
15:45:54.0962 0272 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:45:54.0962 0272 !SASCORE - ok
15:45:55.0071 0272 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:45:55.0071 0272 ACDaemon - ok
15:45:55.0290 0272 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:45:55.0290 0272 ACPI - ok
15:45:55.0914 0272 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:45:55.0914 0272 AdobeFlashPlayerUpdateSvc - ok
15:45:55.0992 0272 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:45:56.0007 0272 adp94xx - ok
15:45:56.0054 0272 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:45:56.0054 0272 adpahci - ok
15:45:56.0085 0272 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:45:56.0085 0272 adpu160m - ok
15:45:56.0117 0272 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:45:56.0117 0272 adpu320 - ok
15:45:56.0148 0272 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:45:56.0148 0272 AeLookupSvc - ok
15:45:56.0226 0272 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:45:56.0241 0272 AFD - ok
15:45:56.0273 0272 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:45:56.0273 0272 agp440 - ok
15:45:56.0304 0272 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:45:56.0304 0272 aic78xx - ok
15:45:56.0335 0272 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:45:56.0335 0272 ALG - ok
15:45:56.0351 0272 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:45:56.0351 0272 aliide - ok
15:45:56.0382 0272 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:45:56.0382 0272 amdide - ok
15:45:56.0397 0272 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:45:56.0397 0272 AmdK8 - ok
15:45:56.0460 0272 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:45:56.0460 0272 ApfiltrService - ok
15:45:56.0475 0272 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:45:56.0475 0272 Appinfo - ok
15:45:56.0600 0272 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:45:56.0600 0272 Apple Mobile Device - ok
15:45:56.0647 0272 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:45:56.0647 0272 arc - ok
15:45:56.0663 0272 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:45:56.0663 0272 arcsas - ok
15:45:56.0709 0272 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:45:56.0709 0272 ArcSoftKsUFilter - ok
15:45:56.0725 0272 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:56.0725 0272 AsyncMac - ok
15:45:56.0756 0272 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:45:56.0756 0272 atapi - ok
15:45:56.0865 0272 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
15:45:56.0881 0272 athr - ok
15:45:56.0959 0272 Ati External Event Utility (20c8215ad926c2db4e4915ad7d24241e) C:\Windows\system32\Ati2evxx.exe
15:45:56.0975 0272 Ati External Event Utility - ok
15:45:57.0365 0272 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:45:57.0489 0272 atikmdag - ok
15:45:57.0630 0272 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:45:57.0630 0272 AudioEndpointBuilder - ok
15:45:57.0645 0272 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:45:57.0645 0272 AudioSrv - ok
15:45:57.0677 0272 Beep - ok
15:45:57.0739 0272 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:45:57.0755 0272 BFE - ok
15:45:57.0848 0272 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
15:45:57.0864 0272 BITS - ok
15:45:57.0926 0272 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:45:57.0926 0272 blbdrive - ok
15:45:58.0035 0272 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:45:58.0035 0272 Bonjour Service - ok
15:45:58.0098 0272 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:45:58.0098 0272 bowser - ok
15:45:58.0129 0272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:45:58.0129 0272 BrFiltLo - ok
15:45:58.0129 0272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:45:58.0145 0272 BrFiltUp - ok
15:45:58.0176 0272 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:45:58.0176 0272 Browser - ok
15:45:58.0191 0272 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:45:58.0207 0272 Brserid - ok
15:45:58.0223 0272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:45:58.0223 0272 BrSerWdm - ok
15:45:58.0254 0272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:45:58.0254 0272 BrUsbMdm - ok
15:45:58.0269 0272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:45:58.0269 0272 BrUsbSer - ok
15:45:58.0285 0272 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
15:45:58.0285 0272 BthEnum - ok
15:45:58.0316 0272 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:45:58.0316 0272 BTHMODEM - ok
15:45:58.0332 0272 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
15:45:58.0332 0272 BthPan - ok
15:45:58.0394 0272 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
15:45:58.0410 0272 BTHPORT - ok
15:45:58.0457 0272 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
15:45:58.0457 0272 BthServ - ok
15:45:58.0488 0272 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
15:45:58.0488 0272 BTHUSB - ok
15:45:58.0519 0272 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
15:45:58.0519 0272 btwaudio - ok
15:45:58.0566 0272 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
15:45:58.0566 0272 btwavdt - ok
15:45:58.0675 0272 btwdins (51871801ef4f79f22683abef7bea989b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:45:58.0691 0272 btwdins - ok
15:45:58.0706 0272 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:45:58.0706 0272 btwl2cap - ok
15:45:58.0722 0272 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
15:45:58.0722 0272 btwrchid - ok
15:45:58.0737 0272 catchme - ok
15:45:58.0784 0272 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:45:58.0800 0272 CAXHWAZL - ok
15:45:58.0847 0272 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:58.0847 0272 cdfs - ok
15:45:58.0878 0272 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:45:58.0878 0272 cdrom - ok
15:45:58.0909 0272 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:45:58.0909 0272 CertPropSvc - ok
15:45:58.0940 0272 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:45:58.0940 0272 circlass - ok
15:45:58.0987 0272 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:45:59.0003 0272 CLFS - ok
15:45:59.0065 0272 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:45:59.0081 0272 clr_optimization_v2.0.50727_32 - ok
15:45:59.0143 0272 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:45:59.0143 0272 clr_optimization_v2.0.50727_64 - ok
15:45:59.0221 0272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:45:59.0221 0272 clr_optimization_v4.0.30319_32 - ok
15:45:59.0252 0272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:45:59.0252 0272 clr_optimization_v4.0.30319_64 - ok
15:45:59.0283 0272 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:45:59.0299 0272 CmBatt - ok
15:45:59.0315 0272 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:45:59.0315 0272 cmdide - ok
15:45:59.0330 0272 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:45:59.0330 0272 Compbatt - ok
15:45:59.0330 0272 COMSysApp - ok
15:45:59.0346 0272 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:45:59.0346 0272 crcdisk - ok
15:45:59.0393 0272 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
15:45:59.0408 0272 CryptSvc - ok
15:45:59.0486 0272 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:45:59.0486 0272 DcomLaunch - ok
15:45:59.0549 0272 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:45:59.0549 0272 DfsC - ok
15:45:59.0798 0272 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:45:59.0845 0272 DFSR - ok
15:45:59.0985 0272 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:45:59.0985 0272 Dhcp - ok
15:46:00.0032 0272 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:46:00.0032 0272 disk - ok
15:46:00.0048 0272 DMICall - ok
15:46:00.0110 0272 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:46:00.0110 0272 Dnscache - ok
15:46:00.0157 0272 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:46:00.0173 0272 dot3svc - ok
15:46:00.0204 0272 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
15:46:00.0204 0272 Dot4 - ok
15:46:00.0251 0272 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:46:00.0251 0272 Dot4Print - ok
15:46:00.0266 0272 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
15:46:00.0266 0272 dot4usb - ok
15:46:00.0297 0272 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:46:00.0297 0272 DPS - ok
15:46:00.0329 0272 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:46:00.0329 0272 drmkaud - ok
15:46:00.0438 0272 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:00.0453 0272 DXGKrnl - ok
15:46:00.0469 0272 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:46:00.0469 0272 E1G60 - ok
15:46:00.0516 0272 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:46:00.0516 0272 EapHost - ok
15:46:00.0563 0272 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:46:00.0563 0272 Ecache - ok
15:46:00.0609 0272 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:46:00.0609 0272 ehRecvr - ok
15:46:00.0641 0272 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:46:00.0641 0272 ehSched - ok
15:46:00.0656 0272 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:46:00.0656 0272 ehstart - ok
15:46:00.0734 0272 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:46:00.0734 0272 elxstor - ok
15:46:00.0812 0272 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:46:00.0812 0272 EMDMgmt - ok
15:46:00.0828 0272 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:46:00.0828 0272 ErrDev - ok
15:46:00.0890 0272 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:46:00.0906 0272 EventSystem - ok
15:46:01.0155 0272 EvtEng (2898eec4ff1c8204222d266f48a35b7d) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:46:01.0171 0272 EvtEng - ok
15:46:01.0311 0272 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:46:01.0327 0272 exfat - ok
15:46:01.0358 0272 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:46:01.0374 0272 fastfat - ok
15:46:01.0405 0272 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:46:01.0405 0272 fdc - ok
15:46:01.0436 0272 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:46:01.0436 0272 fdPHost - ok
15:46:01.0436 0272 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:46:01.0436 0272 FDResPub - ok
15:46:01.0467 0272 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:46:01.0467 0272 FileInfo - ok
15:46:01.0499 0272 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:46:01.0499 0272 Filetrace - ok
15:46:01.0514 0272 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:01.0514 0272 flpydisk - ok
15:46:01.0577 0272 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:46:01.0577 0272 FltMgr - ok
15:46:01.0717 0272 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:46:01.0733 0272 FontCache - ok
15:46:01.0811 0272 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:01.0826 0272 FontCache3.0.0.0 - ok
15:46:01.0873 0272 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:01.0873 0272 Fs_Rec - ok
15:46:01.0889 0272 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:46:01.0889 0272 gagp30kx - ok
15:46:01.0920 0272 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:01.0920 0272 GEARAspiWDM - ok
15:46:02.0013 0272 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:46:02.0013 0272 gpsvc - ok
15:46:02.0091 0272 gupdate1c9d08e6d157c97 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:02.0091 0272 gupdate1c9d08e6d157c97 - ok
15:46:02.0091 0272 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:02.0107 0272 gupdatem - ok
15:46:02.0123 0272 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:46:02.0123 0272 gusvc - ok
15:46:02.0185 0272 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
15:46:02.0185 0272 HdAudAddService - ok
15:46:02.0279 0272 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:02.0294 0272 HDAudBus - ok
15:46:02.0310 0272 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:46:02.0325 0272 HidBth - ok
15:46:02.0341 0272 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:46:02.0341 0272 HidIr - ok
15:46:02.0403 0272 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
15:46:02.0403 0272 hidserv - ok
15:46:02.0435 0272 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:02.0435 0272 HidUsb - ok
15:46:02.0466 0272 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:46:02.0466 0272 hkmsvc - ok
15:46:02.0497 0272 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:46:02.0497 0272 HpCISSs - ok
15:46:02.0622 0272 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:46:02.0637 0272 hpqcxs08 - ok
15:46:02.0684 0272 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:46:02.0684 0272 hpqddsvc - ok
15:46:02.0731 0272 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:46:02.0747 0272 HSFHWAZL - ok
15:46:02.0887 0272 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:46:02.0918 0272 HSF_DPV - ok
15:46:03.0074 0272 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:46:03.0074 0272 HTTP - ok
15:46:03.0121 0272 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:46:03.0121 0272 i2omp - ok
15:46:03.0137 0272 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:03.0137 0272 i8042prt - ok
15:46:03.0199 0272 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:03.0215 0272 iaStor - ok
15:46:03.0246 0272 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:46:03.0261 0272 iaStorV - ok
15:46:03.0417 0272 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:03.0433 0272 idsvc - ok
15:46:03.0433 0272 igfx - ok
15:46:03.0480 0272 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:46:03.0480 0272 iirsp - ok
15:46:03.0542 0272 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:46:03.0542 0272 IKEEXT - ok
15:46:03.0667 0272 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
15:46:03.0698 0272 IntcAzAudAddService - ok
15:46:03.0792 0272 IntcHdmiAddService - ok
15:46:03.0823 0272 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:46:03.0823 0272 intelide - ok
15:46:03.0839 0272 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:03.0839 0272 intelppm - ok
15:46:03.0885 0272 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:46:03.0885 0272 IPBusEnum - ok
15:46:03.0932 0272 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:03.0932 0272 IpFilterDriver - ok
15:46:03.0979 0272 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:46:03.0979 0272 iphlpsvc - ok
15:46:03.0979 0272 IpInIp - ok
15:46:04.0010 0272 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:46:04.0010 0272 IPMIDRV - ok
15:46:04.0041 0272 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:46:04.0041 0272 IPNAT - ok
15:46:04.0166 0272 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:46:04.0166 0272 iPod Service - ok
15:46:04.0197 0272 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:46:04.0213 0272 IRENUM - ok
15:46:04.0229 0272 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:46:04.0229 0272 isapnp - ok
15:46:04.0260 0272 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:04.0275 0272 iScsiPrt - ok
15:46:04.0291 0272 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:46:04.0291 0272 iteatapi - ok
15:46:04.0307 0272 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:46:04.0307 0272 iteraid - ok
15:46:04.0385 0272 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:46:04.0385 0272 IviRegMgr - ok
15:46:04.0400 0272 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:04.0400 0272 kbdclass - ok
15:46:04.0431 0272 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:04.0431 0272 kbdhid - ok
15:46:04.0463 0272 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:46:04.0463 0272 KeyIso - ok
15:46:04.0509 0272 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:46:04.0525 0272 KSecDD - ok
15:46:04.0556 0272 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:46:04.0556 0272 ksthunk - ok
15:46:04.0619 0272 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:46:04.0619 0272 KtmRm - ok
15:46:04.0697 0272 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
15:46:04.0697 0272 LanmanServer - ok
15:46:04.0759 0272 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:46:04.0759 0272 LanmanWorkstation - ok
15:46:04.0775 0272 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:04.0790 0272 lltdio - ok
15:46:04.0853 0272 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:46:04.0853 0272 lltdsvc - ok
15:46:04.0884 0272 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:46:04.0884 0272 lmhosts - ok
15:46:04.0915 0272 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:46:04.0915 0272 LSI_FC - ok
15:46:04.0946 0272 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:46:04.0946 0272 LSI_SAS - ok
15:46:04.0962 0272 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:46:04.0962 0272 LSI_SCSI - ok
15:46:04.0993 0272 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:46:04.0993 0272 luafv - ok
15:46:05.0024 0272 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:46:05.0024 0272 Mcx2Svc - ok
15:46:05.0055 0272 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:46:05.0055 0272 mdmxsdk - ok
15:46:05.0087 0272 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:46:05.0087 0272 megasas - ok
15:46:05.0133 0272 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:46:05.0149 0272 MegaSR - ok
15:46:05.0180 0272 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:46:05.0180 0272 MMCSS - ok
15:46:05.0196 0272 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:46:05.0211 0272 Modem - ok
15:46:05.0227 0272 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:46:05.0227 0272 monitor - ok
15:46:05.0243 0272 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:05.0243 0272 mouclass - ok
15:46:05.0258 0272 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:05.0258 0272 mouhid - ok
15:46:05.0289 0272 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:46:05.0289 0272 MountMgr - ok
15:46:05.0305 0272 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:46:05.0305 0272 mpio - ok
15:46:05.0336 0272 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:46:05.0336 0272 mpsdrv - ok
15:46:05.0399 0272 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
15:46:05.0399 0272 MpsSvc - ok
15:46:05.0430 0272 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:46:05.0430 0272 Mraid35x - ok
15:46:05.0477 0272 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:46:05.0477 0272 MRxDAV - ok
15:46:05.0539 0272 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:05.0539 0272 mrxsmb - ok
15:46:05.0617 0272 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:05.0617 0272 mrxsmb10 - ok
15:46:05.0648 0272 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:05.0648 0272 mrxsmb20 - ok
15:46:05.0664 0272 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:46:05.0679 0272 msahci - ok
15:46:05.0695 0272 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:46:05.0695 0272 msdsm - ok
15:46:05.0742 0272 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:46:05.0742 0272 MSDTC - ok
15:46:05.0773 0272 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:46:05.0773 0272 Msfs - ok
15:46:05.0773 0272 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:46:05.0773 0272 msisadrv - ok
15:46:05.0820 0272 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:46:05.0820 0272 MSiSCSI - ok
15:46:05.0835 0272 msiserver - ok
15:46:05.0867 0272 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:05.0867 0272 MSKSSRV - ok
15:46:05.0898 0272 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:05.0898 0272 MSPCLOCK - ok
15:46:05.0913 0272 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:46:05.0913 0272 MSPQM - ok
15:46:05.0960 0272 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:46:05.0960 0272 MsRPC - ok
15:46:05.0991 0272 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:05.0991 0272 mssmbios - ok
15:46:06.0007 0272 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:46:06.0007 0272 MSTEE - ok
15:46:06.0038 0272 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:46:06.0038 0272 Mup - ok
15:46:06.0101 0272 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:46:06.0116 0272 napagent - ok
15:46:06.0163 0272 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:06.0163 0272 NativeWifiP - ok
15:46:06.0257 0272 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:46:06.0272 0272 NDIS - ok
15:46:06.0288 0272 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:06.0303 0272 NdisTapi - ok
15:46:06.0303 0272 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:06.0303 0272 Ndisuio - ok
15:46:06.0350 0272 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:06.0350 0272 NdisWan - ok
15:46:06.0366 0272 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:46:06.0366 0272 NDProxy - ok
15:46:06.0413 0272 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
15:46:06.0413 0272 Net Driver HPZ12 - ok
15:46:06.0428 0272 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:46:06.0428 0272 NetBIOS - ok
15:46:06.0475 0272 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:46:06.0491 0272 netbt - ok
15:46:06.0506 0272 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:46:06.0506 0272 Netlogon - ok
15:46:06.0553 0272 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:46:06.0569 0272 Netman - ok
15:46:06.0600 0272 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:46:06.0600 0272 netprofm - ok
15:46:06.0709 0272 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:06.0709 0272 NetTcpPortSharing - ok
15:46:07.0068 0272 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
15:46:07.0193 0272 NETw5v64 - ok
15:46:07.0302 0272 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:46:07.0302 0272 nfrd960 - ok
15:46:07.0349 0272 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:46:07.0349 0272 NlaSvc - ok
15:46:07.0380 0272 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:46:07.0395 0272 Npfs - ok
15:46:07.0411 0272 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:46:07.0411 0272 nsi - ok
15:46:07.0427 0272 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:46:07.0427 0272 nsiproxy - ok
15:46:07.0567 0272 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:46:07.0583 0272 Ntfs - ok
15:46:07.0676 0272 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:46:07.0676 0272 Null - ok
15:46:07.0707 0272 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:46:07.0707 0272 nvraid - ok
15:46:07.0723 0272 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:46:07.0723 0272 nvstor - ok
15:46:07.0770 0272 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:46:07.0785 0272 nv_agp - ok
15:46:07.0785 0272 NwlnkFlt - ok
15:46:07.0785 0272 NwlnkFwd - ok
15:46:07.0910 0272 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:46:07.0910 0272 odserv - ok
15:46:07.0957 0272 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:07.0957 0272 ohci1394 - ok
15:46:07.0988 0272 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:08.0004 0272 ose - ok
15:46:08.0082 0272 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:46:08.0097 0272 p2pimsvc - ok
15:46:08.0113 0272 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:46:08.0129 0272 p2psvc - ok
15:46:08.0207 0272 PACSPTISVR (b8040c5c1fc1fbbbe5c78cb9eda343ec) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:46:08.0207 0272 PACSPTISVR - ok
15:46:08.0253 0272 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:46:08.0253 0272 Parport - ok
15:46:08.0300 0272 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:46:08.0316 0272 partmgr - ok
15:46:08.0331 0272 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:46:08.0331 0272 PcaSvc - ok
15:46:08.0378 0272 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:46:08.0378 0272 pci - ok
15:46:08.0394 0272 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:46:08.0394 0272 pciide - ok
15:46:08.0441 0272 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:46:08.0456 0272 pcmcia - ok
15:46:08.0519 0272 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:46:08.0534 0272 PEAUTH - ok
15:46:08.0628 0272 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:46:08.0628 0272 PerfHost - ok
15:46:08.0737 0272 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:46:08.0768 0272 pla - ok
15:46:08.0831 0272 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:46:08.0831 0272 PlugPlay - ok
15:46:08.0877 0272 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
15:46:08.0877 0272 Pml Driver HPZ12 - ok
15:46:08.0971 0272 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:46:08.0987 0272 PNRPAutoReg - ok
15:46:08.0987 0272 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:46:09.0002 0272 PNRPsvc - ok
15:46:09.0080 0272 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:46:09.0080 0272 PolicyAgent - ok
15:46:09.0158 0272 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:09.0158 0272 PptpMiniport - ok
15:46:09.0189 0272 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:46:09.0205 0272 Processor - ok
15:46:09.0236 0272 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:46:09.0252 0272 ProfSvc - ok
15:46:09.0267 0272 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:46:09.0283 0272 ProtectedStorage - ok
15:46:09.0314 0272 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:46:09.0314 0272 PSched - ok
15:46:09.0345 0272 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:46:09.0345 0272 PxHlpa64 - ok
15:46:09.0439 0272 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:46:09.0439 0272 QBCFMonitorService - ok
15:46:09.0486 0272 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:46:09.0486 0272 QBFCService - ok
15:46:09.0611 0272 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:46:09.0642 0272 ql2300 - ok
15:46:09.0673 0272 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:46:09.0673 0272 ql40xx - ok
15:46:09.0720 0272 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:46:09.0735 0272 QWAVE - ok
15:46:09.0751 0272 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:46:09.0751 0272 QWAVEdrv - ok
15:46:09.0782 0272 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:09.0782 0272 RasAcd - ok
15:46:09.0813 0272 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:46:09.0813 0272 RasAuto - ok
15:46:09.0860 0272 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:09.0860 0272 Rasl2tp - ok
15:46:09.0907 0272 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:46:09.0907 0272 RasMan - ok
15:46:09.0938 0272 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:09.0938 0272 RasPppoe - ok
15:46:09.0985 0272 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:09.0985 0272 RasSstp - ok
15:46:10.0047 0272 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:10.0047 0272 rdbss - ok
15:46:10.0063 0272 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:10.0079 0272 RDPCDD - ok
15:46:10.0110 0272 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:46:10.0125 0272 rdpdr - ok
15:46:10.0125 0272 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:46:10.0125 0272 RDPENCDD - ok
15:46:10.0172 0272 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:46:10.0188 0272 RDPWD - ok
15:46:10.0328 0272 RegSrvc (9600567e331f5ae87d31b0a60763e48c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:46:10.0328 0272 RegSrvc - ok
15:46:10.0375 0272 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:46:10.0375 0272 RemoteAccess - ok
15:46:10.0437 0272 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:46:10.0437 0272 RemoteRegistry - ok
15:46:10.0515 0272 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:10.0531 0272 RFCOMM - ok
15:46:10.0562 0272 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
15:46:10.0562 0272 rimsptsk - ok
15:46:10.0593 0272 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
15:46:10.0593 0272 risdptsk - ok
15:46:10.0609 0272 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:46:10.0609 0272 RpcLocator - ok
15:46:10.0703 0272 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:46:10.0703 0272 RpcSs - ok
15:46:10.0749 0272 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:10.0749 0272 rspndr - ok
15:46:10.0796 0272 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
15:46:10.0796 0272 RTHDMIAzAudService - ok
15:46:10.0859 0272 RtkAudioService (bdd34a4a3725e3d527beda3c5fb67603) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
15:46:10.0859 0272 RtkAudioService - ok
15:46:10.0937 0272 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\Sony\VAIO Care\collsvc.exe
15:46:10.0937 0272 SampleCollector - ok
15:46:10.0968 0272 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:46:10.0983 0272 SamSs - ok
15:46:11.0061 0272 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:46:11.0077 0272 SASDIFSV - ok
15:46:11.0124 0272 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
15:46:11.0124 0272 SASENUM - ok
15:46:11.0139 0272 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:46:11.0139 0272 SASKUTIL - ok
15:46:11.0171 0272 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:46:11.0171 0272 sbp2port - ok
15:46:11.0217 0272 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:46:11.0217 0272 SCardSvr - ok
15:46:11.0327 0272 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:46:11.0342 0272 Schedule - ok
15:46:11.0373 0272 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:46:11.0373 0272 SCPolicySvc - ok
15:46:11.0405 0272 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
15:46:11.0405 0272 sdbus - ok
15:46:11.0436 0272 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:46:11.0436 0272 SDRSVC - ok
15:46:11.0451 0272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:11.0451 0272 secdrv - ok
15:46:11.0483 0272 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:46:11.0483 0272 seclogon - ok
15:46:11.0498 0272 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
15:46:11.0498 0272 SENS - ok
15:46:11.0529 0272 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:46:11.0529 0272 Serenum - ok
15:46:11.0545 0272 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:46:11.0561 0272 Serial - ok
15:46:11.0576 0272 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:46:11.0576 0272 sermouse - ok
15:46:11.0623 0272 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:46:11.0639 0272 SessionEnv - ok
15:46:11.0670 0272 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
15:46:11.0670 0272 SFEP - ok
15:46:11.0685 0272 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:46:11.0685 0272 sffdisk - ok
15:46:11.0717 0272 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:11.0717 0272 sffp_mmc - ok
15:46:11.0732 0272 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:46:11.0732 0272 sffp_sd - ok
15:46:11.0763 0272 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:11.0763 0272 sfloppy - ok
15:46:11.0826 0272 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:46:11.0826 0272 SharedAccess - ok
15:46:11.0919 0272 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:46:11.0919 0272 ShellHWDetection - ok
15:46:11.0951 0272 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:46:11.0966 0272 SiSRaid2 - ok
15:46:11.0982 0272 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:46:11.0982 0272 SiSRaid4 - ok
15:46:12.0185 0272 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:46:12.0247 0272 slsvc - ok
15:46:12.0356 0272 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:46:12.0372 0272 SLUINotify - ok
15:46:12.0419 0272 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:46:12.0419 0272 Smb - ok
15:46:12.0465 0272 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:46:12.0465 0272 SNMPTRAP - ok
15:46:12.0575 0272 SOHCImp (7b24efa2a60ba7388fecda63ab24560a) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:46:12.0575 0272 SOHCImp - ok
15:46:12.0606 0272 SOHDBSvr (140fcf5ffae4efba9740a9fd8b49e0bf) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
15:46:12.0606 0272 SOHDBSvr - ok
15:46:12.0653 0272 SOHDms (d8c244121a06b581b097d9617d94cff1) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:46:12.0653 0272 SOHDms - ok
15:46:12.0684 0272 SOHDs (2db561887ea122b946bbe2821473edd8) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:46:12.0699 0272 SOHDs - ok
15:46:12.0715 0272 SOHPlMgr (ab9ee246a1eb2c3c7c6cb16e0b9462f7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
15:46:12.0715 0272 SOHPlMgr - ok
15:46:12.0777 0272 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:46:12.0777 0272 spldr - ok
15:46:12.0855 0272 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:46:12.0855 0272 Spooler - ok
15:46:12.0933 0272 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:46:12.0949 0272 srv - ok
15:46:13.0011 0272 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:46:13.0011 0272 srv2 - ok
15:46:13.0043 0272 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:13.0043 0272 srvnet - ok
15:46:13.0089 0272 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:46:13.0089 0272 SSDPSRV - ok
15:46:13.0121 0272 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:46:13.0136 0272 SstpSvc - ok
15:46:13.0199 0272 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:46:13.0214 0272 stisvc - ok
15:46:13.0245 0272 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:46:13.0245 0272 swenum - ok
15:46:13.0323 0272 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:46:13.0323 0272 swprv - ok
15:46:13.0355 0272 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:46:13.0355 0272 Symc8xx - ok
15:46:13.0370 0272 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:46:13.0370 0272 Sym_hi - ok
15:46:13.0401 0272 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:46:13.0401 0272 Sym_u3 - ok
15:46:13.0495 0272 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:46:13.0495 0272 SysMain - ok
15:46:13.0542 0272 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:46:13.0542 0272 TabletInputService - ok
15:46:13.0604 0272 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:46:13.0620 0272 TapiSrv - ok
15:46:13.0635 0272 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:46:13.0635 0272 TBS - ok
15:46:13.0807 0272 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
15:46:13.0823 0272 Tcpip - ok
15:46:14.0072 0272 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:14.0088 0272 Tcpip6 - ok
15:46:14.0228 0272 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:46:14.0228 0272 tcpipreg - ok
15:46:14.0244 0272 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:46:14.0244 0272 TDPIPE - ok
15:46:14.0259 0272 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:46:14.0259 0272 TDTCP - ok
15:46:14.0306 0272 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:46:14.0306 0272 tdx - ok
15:46:14.0337 0272 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:46:14.0337 0272 TermDD - ok
15:46:14.0415 0272 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:46:14.0415 0272 TermService - ok
15:46:14.0493 0272 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:46:14.0493 0272 Themes - ok
15:46:14.0525 0272 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:46:14.0525 0272 THREADORDER - ok
15:46:14.0556 0272 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:46:14.0571 0272 TrkWks - ok
15:46:14.0634 0272 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:46:14.0634 0272 TrustedInstaller - ok
15:46:14.0665 0272 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:14.0665 0272 tssecsrv - ok
15:46:14.0681 0272 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:46:14.0681 0272 tunmp - ok
15:46:14.0727 0272 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:14.0727 0272 tunnel - ok
15:46:14.0759 0272 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:46:14.0759 0272 uagp35 - ok
15:46:14.0852 0272 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
15:46:14.0852 0272 uCamMonitor - ok
15:46:14.0915 0272 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:46:14.0915 0272 udfs - ok
15:46:14.0946 0272 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:46:14.0961 0272 UI0Detect - ok
15:46:14.0993 0272 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:46:14.0993 0272 uliagpkx - ok
15:46:15.0024 0272 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:46:15.0039 0272 uliahci - ok
15:46:15.0055 0272 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:46:15.0071 0272 UlSata - ok
15:46:15.0102 0272 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:46:15.0102 0272 ulsata2 - ok
15:46:15.0133 0272 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:46:15.0133 0272 umbus - ok
15:46:15.0180 0272 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:46:15.0180 0272 upnphost - ok
15:46:15.0227 0272 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:46:15.0227 0272 USBAAPL64 - ok
15:46:15.0258 0272 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:15.0258 0272 usbccgp - ok
15:46:15.0289 0272 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:46:15.0289 0272 usbcir - ok
15:46:15.0305 0272 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:46:15.0320 0272 usbehci - ok
15:46:15.0367 0272 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:15.0367 0272 usbhub - ok
15:46:15.0398 0272 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:46:15.0398 0272 usbohci - ok
15:46:15.0414 0272 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:15.0414 0272 usbprint - ok
15:46:15.0445 0272 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:46:15.0445 0272 usbscan - ok
15:46:15.0476 0272 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:15.0476 0272 USBSTOR - ok
15:46:15.0507 0272 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:15.0507 0272 usbuhci - ok
15:46:15.0539 0272 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:46:15.0539 0272 usbvideo - ok
15:46:15.0570 0272 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:46:15.0570 0272 UxSms - ok
15:46:15.0695 0272 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:46:15.0695 0272 VAIO Entertainment TV Device Arbitration Service - ok
15:46:15.0757 0272 VAIO Event Service (73328c784ecfe7072bd102f370076b50) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
15:46:15.0757 0272 VAIO Event Service - ok
15:46:15.0851 0272 VAIO Power Management (b63f63960e7254d9d9ed28474b40eb31) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:46:15.0851 0272 VAIO Power Management - ok
15:46:16.0209 0272 VCFw (0ed1d51dcec67f96cc313d02a1741cf3) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:46:16.0256 0272 VCFw - ok
15:46:16.0365 0272 VcmIAlzMgr (7295a2b5795e7b8aa128e5df5a29b656) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:46:16.0365 0272 VcmIAlzMgr - ok
15:46:16.0443 0272 VcmXmlIfHelper (76df898710495c5b1476719410d8b895) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:46:16.0443 0272 VcmXmlIfHelper - ok
15:46:16.0475 0272 Vcsw - ok
15:46:16.0615 0272 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:46:16.0631 0272 vds - ok
15:46:16.0677 0272 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:16.0677 0272 vga - ok
15:46:16.0693 0272 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:46:16.0693 0272 VgaSave - ok
15:46:16.0709 0272 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:46:16.0724 0272 viaide - ok
15:46:16.0740 0272 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:46:16.0755 0272 volmgr - ok
15:46:16.0802 0272 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:46:16.0802 0272 volmgrx - ok
15:46:16.0849 0272 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:46:16.0865 0272 volsnap - ok
15:46:16.0911 0272 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:46:16.0911 0272 vsmraid - ok
15:46:17.0036 0272 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:46:17.0067 0272 VSS - ok
15:46:17.0177 0272 VzCdbSvc (79eb419f4a694b4514249e0d3db16ecf) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
15:46:17.0177 0272 VzCdbSvc - ok
15:46:17.0317 0272 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:46:17.0317 0272 W32Time - ok
15:46:17.0364 0272 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:46:17.0364 0272 WacomPen - ok
15:46:17.0395 0272 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:17.0395 0272 Wanarp - ok
15:46:17.0411 0272 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:17.0411 0272 Wanarpv6 - ok
15:46:17.0457 0272 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:46:17.0473 0272 wcncsvc - ok
15:46:17.0504 0272 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:46:17.0504 0272 WcsPlugInService - ok
15:46:17.0535 0272 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:46:17.0535 0272 Wd - ok
15:46:17.0613 0272 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:46:17.0629 0272 Wdf01000 - ok
15:46:17.0660 0272 wdfsgusbV2 (ebc8e8f27e70a3dcaabd84a8611d3575) C:\Windows\system32\DRIVERS\wdfsgusb.sys
15:46:17.0660 0272 wdfsgusbV2 - ok
15:46:17.0691 0272 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:46:17.0707 0272 WdiServiceHost - ok
15:46:17.0707 0272 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:46:17.0707 0272 WdiSystemHost - ok
15:46:17.0754 0272 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:46:17.0754 0272 WebClient - ok
15:46:17.0816 0272 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:46:17.0832 0272 Wecsvc - ok
15:46:17.0847 0272 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:46:17.0847 0272 wercplsupport - ok
15:46:17.0879 0272 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:46:17.0879 0272 WerSvc - ok
15:46:17.0925 0272 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:46:17.0925 0272 WimFltr - ok
15:46:17.0988 0272 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:46:18.0003 0272 winachsf - ok
15:46:18.0050 0272 WinDefend - ok
15:46:18.0066 0272 WinHttpAutoProxySvc - ok
15:46:18.0144 0272 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:46:18.0144 0272 Winmgmt - ok
15:46:18.0315 0272 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:46:18.0347 0272 WinRM - ok
15:46:18.0471 0272 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
15:46:18.0471 0272 WinUSB - ok
15:46:18.0549 0272 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:46:18.0549 0272 Wlansvc - ok
15:46:18.0783 0272 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:46:18.0815 0272 wlidsvc - ok
15:46:18.0939 0272 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:46:18.0939 0272 WmiAcpi - ok
15:46:19.0017 0272 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:46:19.0033 0272 wmiApSrv - ok
15:46:19.0064 0272 WMPNetworkSvc - ok
15:46:19.0111 0272 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:46:19.0111 0272 WPCSvc - ok
15:46:19.0158 0272 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:46:19.0158 0272 WPDBusEnum - ok
15:46:19.0189 0272 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:46:19.0189 0272 WpdUsb - ok
15:46:19.0407 0272 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:46:19.0423 0272 WPFFontCache_v0400 - ok
15:46:19.0454 0272 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:19.0454 0272 ws2ifsl - ok
15:46:19.0485 0272 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
15:46:19.0501 0272 wscsvc - ok
15:46:19.0501 0272 WSearch - ok
15:46:19.0719 0272 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:46:19.0735 0272 wuauserv - ok
15:46:19.0860 0272 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:19.0860 0272 WUDFRd - ok
15:46:19.0875 0272 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:46:19.0891 0272 wudfsvc - ok
15:46:19.0907 0272 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
15:46:19.0907 0272 XAudio - ok
15:46:19.0953 0272 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
15:46:19.0953 0272 XAudioService - ok
15:46:20.0000 0272 yksvc (d433f6726a727b0528f6e39f423fe1fd) C:\Windows\System32\ykx64mpcoinst.dll
15:46:20.0000 0272 yksvc - ok
15:46:20.0047 0272 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
15:46:20.0047 0272 yukonx64 - ok
15:46:20.0078 0272 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:46:21.0045 0272 \Device\Harddisk0\DR0 - ok
15:46:21.0045 0272 Boot (0x1200) (5b0be995f05980492b1e209b972d842c) \Device\Harddisk0\DR0\Partition0
15:46:21.0045 0272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:21.0045 0272 ============================================================
15:46:21.0045 0272 Scan finished
15:46:21.0045 0272 ============================================================
15:46:21.0061 5612 Detected object count: 0
15:46:21.0061 5612 Actual detected object count: 0
15:47:05.0678 1248 ============================================================
15:47:05.0678 1248 Scan started
15:47:05.0678 1248 Mode: Manual; TDLFS;
15:47:05.0678 1248 ============================================================
15:47:06.0021 1248 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:47:06.0021 1248 !SASCORE - ok
15:47:06.0146 1248 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:47:06.0146 1248 ACDaemon - ok
15:47:06.0208 1248 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:47:06.0208 1248 ACPI - ok
15:47:06.0302 1248 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:47:06.0318 1248 AdobeFlashPlayerUpdateSvc - ok
15:47:06.0380 1248 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:47:06.0380 1248 adp94xx - ok
15:47:06.0427 1248 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:47:06.0427 1248 adpahci - ok
15:47:06.0442 1248 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:47:06.0442 1248 adpu160m - ok
15:47:06.0474 1248 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:47:06.0474 1248 adpu320 - ok
15:47:06.0505 1248 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:47:06.0505 1248 AeLookupSvc - ok
15:47:06.0598 1248 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:47:06.0598 1248 AFD - ok
15:47:06.0630 1248 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:47:06.0630 1248 agp440 - ok
15:47:06.0645 1248 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:47:06.0645 1248 aic78xx - ok
15:47:06.0676 1248 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:47:06.0676 1248 ALG - ok
15:47:06.0692 1248 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:47:06.0708 1248 aliide - ok
15:47:06.0723 1248 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:47:06.0723 1248 amdide - ok
15:47:06.0739 1248 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:47:06.0739 1248 AmdK8 - ok
15:47:06.0786 1248 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:47:06.0786 1248 ApfiltrService - ok
15:47:06.0817 1248 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:47:06.0817 1248 Appinfo - ok
15:47:06.0926 1248 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:47:06.0926 1248 Apple Mobile Device - ok
15:47:06.0973 1248 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:47:06.0973 1248 arc - ok
15:47:07.0004 1248 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:47:07.0004 1248 arcsas - ok
15:47:07.0035 1248 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:47:07.0035 1248 ArcSoftKsUFilter - ok
15:47:07.0051 1248 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:47:07.0051 1248 AsyncMac - ok
15:47:07.0082 1248 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:47:07.0082 1248 atapi - ok
15:47:07.0191 1248 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
15:47:07.0207 1248 athr - ok
15:47:07.0285 1248 Ati External Event Utility (20c8215ad926c2db4e4915ad7d24241e) C:\Windows\system32\Ati2evxx.exe
15:47:07.0285 1248 Ati External Event Utility - ok
15:47:07.0690 1248 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:47:07.0737 1248 atikmdag - ok
15:47:07.0878 1248 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:47:07.0878 1248 AudioEndpointBuilder - ok
15:47:07.0878 1248 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:47:07.0893 1248 AudioSrv - ok
15:47:07.0909 1248 Beep - ok
15:47:07.0956 1248 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:47:07.0971 1248 BFE - ok
15:47:08.0080 1248 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
15:47:08.0080 1248 BITS - ok
15:47:08.0127 1248 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:47:08.0127 1248 blbdrive - ok
15:47:08.0236 1248 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:47:08.0236 1248 Bonjour Service - ok
15:47:08.0299 1248 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:47:08.0299 1248 bowser - ok
15:47:08.0314 1248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:47:08.0314 1248 BrFiltLo - ok
15:47:08.0330 1248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:47:08.0330 1248 BrFiltUp - ok
15:47:08.0361 1248 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:47:08.0361 1248 Browser - ok
15:47:08.0392 1248 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:47:08.0392 1248 Brserid - ok
15:47:08.0408 1248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:47:08.0424 1248 BrSerWdm - ok
15:47:08.0439 1248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:47:08.0439 1248 BrUsbMdm - ok
15:47:08.0455 1248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:47:08.0455 1248 BrUsbSer - ok
15:47:08.0470 1248 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
15:47:08.0470 1248 BthEnum - ok
15:47:08.0502 1248 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:47:08.0502 1248 BTHMODEM - ok
15:47:08.0517 1248 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
15:47:08.0517 1248 BthPan - ok
15:47:08.0580 1248 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
15:47:08.0595 1248 BTHPORT - ok
15:47:08.0626 1248 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
15:47:08.0626 1248 BthServ - ok
15:47:08.0658 1248 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
15:47:08.0658 1248 BTHUSB - ok
15:47:08.0689 1248 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
15:47:08.0689 1248 btwaudio - ok
15:47:08.0736 1248 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
15:47:08.0736 1248 btwavdt - ok
15:47:08.0845 1248 btwdins (51871801ef4f79f22683abef7bea989b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:47:08.0860 1248 btwdins - ok
15:47:08.0876 1248 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:47:08.0876 1248 btwl2cap - ok
15:47:08.0892 1248 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
15:47:08.0892 1248 btwrchid - ok
15:47:08.0892 1248 catchme - ok
15:47:08.0954 1248 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:47:08.0954 1248 CAXHWAZL - ok
15:47:09.0001 1248 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:47:09.0001 1248 cdfs - ok
15:47:09.0032 1248 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:47:09.0032 1248 cdrom - ok
15:47:09.0063 1248 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:47:09.0063 1248 CertPropSvc - ok
15:47:09.0094 1248 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:47:09.0094 1248 circlass - ok
15:47:09.0141 1248 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:47:09.0141 1248 CLFS - ok
15:47:09.0219 1248 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:09.0219 1248 clr_optimization_v2.0.50727_32 - ok
15:47:09.0297 1248 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:47:09.0297 1248 clr_optimization_v2.0.50727_64 - ok
15:47:09.0360 1248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:47:09.0360 1248 clr_optimization_v4.0.30319_32 - ok
15:47:09.0406 1248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:47:09.0406 1248 clr_optimization_v4.0.30319_64 - ok
15:47:09.0438 1248 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:47:09.0438 1248 CmBatt - ok
15:47:09.0453 1248 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:47:09.0453 1248 cmdide - ok
15:47:09.0469 1248 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:47:09.0469 1248 Compbatt - ok
15:47:09.0469 1248 COMSysApp - ok
15:47:09.0484 1248 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:47:09.0484 1248 crcdisk - ok
15:47:09.0531 1248 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
15:47:09.0531 1248 CryptSvc - ok
15:47:09.0625 1248 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:47:09.0625 1248 DcomLaunch - ok
15:47:09.0687 1248 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:47:09.0687 1248 DfsC - ok
15:47:09.0937 1248 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:47:09.0968 1248 DFSR - ok
15:47:10.0093 1248 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:47:10.0093 1248 Dhcp - ok
15:47:10.0140 1248 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:47:10.0140 1248 disk - ok
15:47:10.0155 1248 DMICall - ok
15:47:10.0218 1248 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:47:10.0218 1248 Dnscache - ok
15:47:10.0264 1248 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:47:10.0264 1248 dot3svc - ok
15:47:10.0311 1248 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
15:47:10.0311 1248 Dot4 - ok
15:47:10.0342 1248 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:47:10.0342 1248 Dot4Print - ok
15:47:10.0358 1248 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
15:47:10.0358 1248 dot4usb - ok
15:47:10.0405 1248 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:47:10.0405 1248 DPS - ok
15:47:10.0420 1248 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:47:10.0420 1248 drmkaud - ok
15:47:10.0530 1248 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:47:10.0545 1248 DXGKrnl - ok
15:47:10.0576 1248 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:47:10.0576 1248 E1G60 - ok
15:47:10.0608 1248 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:47:10.0608 1248 EapHost - ok
15:47:10.0639 1248 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:47:10.0654 1248 Ecache - ok
15:47:10.0686 1248 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:47:10.0701 1248 ehRecvr - ok
15:47:10.0732 1248 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:47:10.0732 1248 ehSched - ok
15:47:10.0748 1248 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:47:10.0748 1248 ehstart - ok
15:47:10.0810 1248 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:47:10.0826 1248 elxstor - ok
15:47:10.0888 1248 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:47:10.0904 1248 EMDMgmt - ok
15:47:10.0920 1248 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:47:10.0920 1248 ErrDev - ok
15:47:10.0982 1248 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:47:10.0982 1248 EventSystem - ok
15:47:11.0138 1248 EvtEng (2898eec4ff1c8204222d266f48a35b7d) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:47:11.0154 1248 EvtEng - ok
15:47:11.0294 1248 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:47:11.0294 1248 exfat - ok
15:47:11.0341 1248 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:47:11.0341 1248 fastfat - ok
15:47:11.0372 1248 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:47:11.0372 1248 fdc - ok
15:47:11.0388 1248 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:47:11.0403 1248 fdPHost - ok
15:47:11.0403 1248 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:47:11.0403 1248 FDResPub - ok
15:47:11.0434 1248 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:47:11.0434 1248 FileInfo - ok
15:47:11.0450 1248 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:47:11.0450 1248 Filetrace - ok
15:47:11.0466 1248 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:47:11.0466 1248 flpydisk - ok
15:47:11.0528 1248 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:47:11.0528 1248 FltMgr - ok
15:47:11.0653 1248 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:47:11.0668 1248 FontCache - ok
15:47:11.0746 1248 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:47:11.0746 1248 FontCache3.0.0.0 - ok
15:47:11.0793 1248 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:47:11.0793 1248 Fs_Rec - ok
15:47:11.0824 1248 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:47:11.0824 1248 gagp30kx - ok
15:47:11.0856 1248 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:47:11.0856 1248 GEARAspiWDM - ok
15:47:11.0949 1248 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:47:11.0949 1248 gpsvc - ok
15:47:12.0027 1248 gupdate1c9d08e6d157c97 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:47:12.0043 1248 gupdate1c9d08e6d157c97 - ok
15:47:12.0043 1248 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:47:12.0043 1248 gupdatem - ok
15:47:12.0058 1248 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:47:12.0074 1248 gusvc - ok
15:47:12.0121 1248 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
15:47:12.0121 1248 HdAudAddService - ok
15:47:12.0230 1248 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:47:12.0230 1248 HDAudBus - ok
15:47:12.0261 1248 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:47:12.0261 1248 HidBth - ok
15:47:12.0277 1248 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:47:12.0277 1248 HidIr - ok
15:47:12.0324 1248 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
15:47:12.0324 1248 hidserv - ok
15:47:12.0370 1248 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:47:12.0370 1248 HidUsb - ok
15:47:12.0402 1248 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:47:12.0402 1248 hkmsvc - ok
15:47:12.0433 1248 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:47:12.0433 1248 HpCISSs - ok
15:47:12.0542 1248 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:47:12.0542 1248 hpqcxs08 - ok
15:47:12.0589 1248 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:47:12.0589 1248 hpqddsvc - ok
15:47:12.0651 1248 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:47:12.0651 1248 HSFHWAZL - ok
15:47:12.0792 1248 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:47:12.0792 1248 HSF_DPV - ok
15:47:12.0948 1248 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:47:12.0948 1248 HTTP - ok
15:47:12.0979 1248 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:47:12.0979 1248 i2omp - ok
15:47:13.0010 1248 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:47:13.0010 1248 i8042prt - ok
15:47:13.0072 1248 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
15:47:13.0072 1248 iaStor - ok
15:47:13.0119 1248 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:47:13.0119 1248 iaStorV - ok
15:47:13.0275 1248 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:47:13.0291 1248 idsvc - ok
15:47:13.0291 1248 igfx - ok
15:47:13.0322 1248 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:47:13.0322 1248 iirsp - ok
15:47:13.0400 1248 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:47:13.0400 1248 IKEEXT - ok
15:47:13.0540 1248 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
15:47:13.0556 1248 IntcAzAudAddService - ok
15:47:13.0634 1248 IntcHdmiAddService - ok
15:47:13.0665 1248 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:47:13.0665 1248 intelide - ok
15:47:13.0681 1248 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:47:13.0696 1248 intelppm - ok
15:47:13.0728 1248 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:47:13.0728 1248 IPBusEnum - ok
15:47:13.0759 1248 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:47:13.0759 1248 IpFilterDriver - ok
15:47:13.0806 1248 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:47:13.0806 1248 iphlpsvc - ok
15:47:13.0821 1248 IpInIp - ok
15:47:13.0837 1248 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:47:13.0837 1248 IPMIDRV - ok
15:47:13.0868 1248 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:47:13.0868 1248 IPNAT - ok
15:47:13.0993 1248 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:47:14.0008 1248 iPod Service - ok
15:47:14.0040 1248 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:47:14.0040 1248 IRENUM - ok
15:47:14.0055 1248 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:47:14.0055 1248 isapnp - ok
15:47:14.0102 1248 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:47:14.0102 1248 iScsiPrt - ok
15:47:14.0118 1248 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:47:14.0118 1248 iteatapi - ok
15:47:14.0149 1248 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:47:14.0149 1248 iteraid - ok
15:47:14.0211 1248 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:47:14.0227 1248 IviRegMgr - ok
15:47:14.0242 1248 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:47:14.0242 1248 kbdclass - ok
15:47:14.0274 1248 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:47:14.0274 1248 kbdhid - ok
15:47:14.0289 1248 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:47:14.0305 1248 KeyIso - ok
15:47:14.0352 1248 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:47:14.0352 1248 KSecDD - ok
15:47:14.0367 1248 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:47:14.0367 1248 ksthunk - ok
15:47:14.0430 1248 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:47:14.0430 1248 KtmRm - ok
15:47:14.0492 1248 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
15:47:14.0492 1248 LanmanServer - ok
15:47:14.0539 1248 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:47:14.0554 1248 LanmanWorkstation - ok
15:47:14.0586 1248 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:47:14.0586 1248 lltdio - ok
15:47:14.0648 1248 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:47:14.0648 1248 lltdsvc - ok
15:47:14.0679 1248 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:47:14.0679 1248 lmhosts - ok
15:47:14.0710 1248 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:47:14.0710 1248 LSI_FC - ok
15:47:14.0726 1248 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:47:14.0726 1248 LSI_SAS - ok
15:47:14.0757 1248 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:47:14.0757 1248 LSI_SCSI - ok
15:47:14.0788 1248 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:47:14.0788 1248 luafv - ok
15:47:14.0820 1248 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:47:14.0820 1248 Mcx2Svc - ok
15:47:14.0851 1248 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:47:14.0851 1248 mdmxsdk - ok
15:47:14.0882 1248 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:47:14.0882 1248 megasas - ok
15:47:14.0929 1248 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:47:14.0944 1248 MegaSR - ok
15:47:14.0976 1248 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:47:14.0976 1248 MMCSS - ok
15:47:15.0007 1248 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:47:15.0007 1248 Modem - ok
15:47:15.0022 1248 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:47:15.0022 1248 monitor - ok
15:47:15.0038 1248 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:47:15.0038 1248 mouclass - ok
15:47:15.0069 1248 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:47:15.0069 1248 mouhid - ok
15:47:15.0085 1248 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:47:15.0085 1248 MountMgr - ok
15:47:15.0116 1248 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:47:15.0116 1248 mpio - ok
15:47:15.0147 1248 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:47:15.0147 1248 mpsdrv - ok
15:47:15.0210 1248 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
15:47:15.0225 1248 MpsSvc - ok
15:47:15.0241 1248 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:47:15.0241 1248 Mraid35x - ok
15:47:15.0288 1248 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:47:15.0288 1248 MRxDAV - ok
15:47:15.0334 1248 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:47:15.0350 1248 mrxsmb - ok
15:47:15.0412 1248 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:47:15.0428 1248 mrxsmb10 - ok
15:47:15.0444 1248 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:47:15.0444 1248 mrxsmb20 - ok
15:47:15.0475 1248 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:47:15.0475 1248 msahci - ok
15:47:15.0490 1248 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:47:15.0506 1248 msdsm - ok
15:47:15.0537 1248 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:47:15.0537 1248 MSDTC - ok
15:47:15.0568 1248 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:47:15.0568 1248 Msfs - ok
15:47:15.0584 1248 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:47:15.0584 1248 msisadrv - ok
15:47:15.0631 1248 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:47:15.0631 1248 MSiSCSI - ok
15:47:15.0631 1248 msiserver - ok
15:47:15.0678 1248 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:47:15.0678 1248 MSKSSRV - ok
15:47:15.0693 1248 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:47:15.0709 1248 MSPCLOCK - ok
15:47:15.0709 1248 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:47:15.0724 1248 MSPQM - ok
15:47:15.0771 1248 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:47:15.0771 1248 MsRPC - ok
15:47:15.0802 1248 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:47:15.0802 1248 mssmbios - ok
15:47:15.0818 1248 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:47:15.0818 1248 MSTEE - ok
15:47:15.0849 1248 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:47:15.0849 1248 Mup - ok
15:47:15.0912 1248 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:47:15.0912 1248 napagent - ok
15:47:15.0974 1248 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:47:15.0974 1248 NativeWifiP - ok
15:47:16.0052 1248 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:47:16.0068 1248 NDIS - ok
15:47:16.0099 1248 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:47:16.0099 1248 NdisTapi - ok
15:47:16.0114 1248 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:47:16.0114 1248 Ndisuio - ok
15:47:16.0146 1248 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:47:16.0146 1248 NdisWan - ok
15:47:16.0177 1248 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:47:16.0177 1248 NDProxy - ok
15:47:16.0208 1248 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
15:47:16.0208 1248 Net Driver HPZ12 - ok
15:47:16.0224 1248 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:47:16.0224 1248 NetBIOS - ok
15:47:16.0286 1248 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:47:16.0286 1248 netbt - ok
15:47:16.0302 1248 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:47:16.0302 1248 Netlogon - ok
15:47:16.0364 1248 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:47:16.0380 1248 Netman - ok
15:47:16.0411 1248 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:47:16.0411 1248 netprofm - ok
15:47:16.0504 1248 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:16.0504 1248 NetTcpPortSharing - ok
15:47:16.0863 1248 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
15:47:16.0910 1248 NETw5v64 - ok
15:47:17.0035 1248 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:47:17.0035 1248 nfrd960 - ok
15:47:17.0082 1248 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:47:17.0082 1248 NlaSvc - ok
15:47:17.0113 1248 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:47:17.0113 1248 Npfs - ok
15:47:17.0128 1248 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:47:17.0128 1248 nsi - ok
15:47:17.0144 1248 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:47:17.0144 1248 nsiproxy - ok
15:47:17.0284 1248 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:47:17.0300 1248 Ntfs - ok
15:47:17.0409 1248 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:47:17.0409 1248 Null - ok
15:47:17.0440 1248 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:47:17.0440 1248 nvraid - ok
15:47:17.0456 1248 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:47:17.0456 1248 nvstor - ok
15:47:17.0487 1248 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:47:17.0487 1248 nv_agp - ok
15:47:17.0487 1248 NwlnkFlt - ok
15:47:17.0503 1248 NwlnkFwd - ok
15:47:17.0628 1248 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:47:17.0643 1248 odserv - ok
15:47:17.0674 1248 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:47:17.0674 1248 ohci1394 - ok
15:47:17.0721 1248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:47:17.0721 1248 ose - ok
15:47:17.0799 1248 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:47:17.0815 1248 p2pimsvc - ok
15:47:17.0830 1248 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:47:17.0830 1248 p2psvc - ok
15:47:17.0908 1248 PACSPTISVR (b8040c5c1fc1fbbbe5c78cb9eda343ec) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:47:17.0908 1248 PACSPTISVR - ok
15:47:17.0971 1248 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:47:17.0971 1248 Parport - ok
15:47:18.0018 1248 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:47:18.0018 1248 partmgr - ok
15:47:18.0049 1248 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:47:18.0049 1248 PcaSvc - ok
15:47:18.0096 1248 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:47:18.0096 1248 pci - ok
15:47:18.0111 1248 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:47:18.0111 1248 pciide - ok
15:47:18.0158 1248 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:47:18.0158 1248 pcmcia - ok
15:47:18.0236 1248 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:47:18.0236 1248 PEAUTH - ok
15:47:18.0314 1248 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:47:18.0330 1248 PerfHost - ok
15:47:18.0439 1248 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:47:18.0454 1248 pla - ok
15:47:18.0532 1248 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:47:18.0532 1248 PlugPlay - ok
15:47:18.0579 1248 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
15:47:18.0579 1248 Pml Driver HPZ12 - ok
15:47:18.0673 1248 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:47:18.0688 1248 PNRPAutoReg - ok
15:47:18.0704 1248 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:47:18.0704 1248 PNRPsvc - ok
15:47:18.0766 1248 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:47:18.0782 1248 PolicyAgent - ok
15:47:18.0860 1248 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:47:18.0860 1248 PptpMiniport - ok
15:47:18.0891 1248 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:47:18.0891 1248 Processor - ok
15:47:18.0954 1248 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:47:18.0954 1248 ProfSvc - ok
15:47:19.0000 1248 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:47:19.0000 1248 ProtectedStorage - ok
15:47:19.0047 1248 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:47:19.0047 1248 PSched - ok
15:47:19.0063 1248 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:47:19.0063 1248 PxHlpa64 - ok
15:47:19.0172 1248 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:47:19.0172 1248 QBCFMonitorService - ok
15:47:19.0203 1248 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:47:19.0203 1248 QBFCService - ok
15:47:19.0328 1248 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:47:19.0344 1248 ql2300 - ok
15:47:19.0375 1248 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:47:19.0375 1248 ql40xx - ok
15:47:19.0422 1248 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:47:19.0437 1248 QWAVE - ok
15:47:19.0437 1248 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:47:19.0437 1248 QWAVEdrv - ok
15:47:19.0468 1248 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:47:19.0468 1248 RasAcd - ok
15:47:19.0484 1248 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:47:19.0484 1248 RasAuto - ok
15:47:19.0531 1248 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:47:19.0531 1248 Rasl2tp - ok
15:47:19.0562 1248 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:47:19.0578 1248 RasMan - ok
15:47:19.0609 1248 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:19.0609 1248 RasPppoe - ok
15:47:19.0640 1248 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:19.0656 1248 RasSstp - ok
15:47:19.0702 1248 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:19.0702 1248 rdbss - ok
15:47:19.0734 1248 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:19.0734 1248 RDPCDD - ok
15:47:19.0796 1248 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:47:19.0796 1248 rdpdr - ok
15:47:19.0796 1248 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:47:19.0796 1248 RDPENCDD - ok
15:47:19.0843 1248 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:47:19.0843 1248 RDPWD - ok
15:47:19.0999 1248 RegSrvc (9600567e331f5ae87d31b0a60763e48c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:47:19.0999 1248 RegSrvc - ok
15:47:20.0046 1248 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:47:20.0046 1248 RemoteAccess - ok
15:47:20.0092 1248 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:47:20.0108 1248 RemoteRegistry - ok
15:47:20.0186 1248 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
15:47:20.0186 1248 RFCOMM - ok
15:47:20.0233 1248 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
15:47:20.0233 1248 rimsptsk - ok
15:47:20.0248 1248 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
15:47:20.0248 1248 risdptsk - ok
15:47:20.0280 1248 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:47:20.0280 1248 RpcLocator - ok
15:47:20.0358 1248 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:47:20.0373 1248 RpcSs - ok
15:47:20.0404 1248 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:20.0420 1248 rspndr - ok
15:47:20.0451 1248 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
15:47:20.0451 1248 RTHDMIAzAudService - ok
15:47:20.0514 1248 RtkAudioService (bdd34a4a3725e3d527beda3c5fb67603) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
15:47:20.0529 1248 RtkAudioService - ok
15:47:20.0607 1248 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\Sony\VAIO Care\collsvc.exe
15:47:20.0607 1248 SampleCollector - ok
15:47:20.0638 1248 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
15:47:20.0638 1248 SamSs - ok
15:47:20.0732 1248 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:47:20.0732 1248 SASDIFSV - ok
15:47:20.0794 1248 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
15:47:20.0794 1248 SASENUM - ok
15:47:20.0810 1248 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:47:20.0810 1248 SASKUTIL - ok
15:47:20.0841 1248 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:47:20.0841 1248 sbp2port - ok
15:47:20.0888 1248 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:47:20.0904 1248 SCardSvr - ok
15:47:21.0013 1248 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:47:21.0013 1248 Schedule - ok
15:47:21.0060 1248 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:47:21.0060 1248 SCPolicySvc - ok
15:47:21.0091 1248 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
15:47:21.0091 1248 sdbus - ok
15:47:21.0122 1248 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:47:21.0122 1248 SDRSVC - ok
15:47:21.0138 1248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:47:21.0138 1248 secdrv - ok
15:47:21.0169 1248 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:47:21.0169 1248 seclogon - ok
15:47:21.0184 1248 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
15:47:21.0184 1248 SENS - ok
15:47:21.0216 1248 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:47:21.0216 1248 Serenum - ok
15:47:21.0247 1248 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:47:21.0247 1248 Serial - ok
15:47:21.0262 1248 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:47:21.0262 1248 sermouse - ok
15:47:21.0309 1248 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:47:21.0309 1248 SessionEnv - ok
15:47:21.0325 1248 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
15:47:21.0325 1248 SFEP - ok
15:47:21.0340 1248 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:47:21.0340 1248 sffdisk - ok
15:47:21.0356 1248 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:47:21.0356 1248 sffp_mmc - ok
15:47:21.0372 1248 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:47:21.0372 1248 sffp_sd - ok
15:47:21.0403 1248 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
15:47:21.0403 1248 sfloppy - ok
15:47:21.0465 1248 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:47:21.0465 1248 SharedAccess - ok
15:47:21.0543 1248 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:47:21.0543 1248 ShellHWDetection - ok
15:47:21.0574 1248 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:47:21.0574 1248 SiSRaid2 - ok
15:47:21.0606 1248 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:47:21.0606 1248 SiSRaid4 - ok
15:47:21.0808 1248 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:47:21.0824 1248 slsvc - ok
15:47:21.0949 1248 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:47:21.0949 1248 SLUINotify - ok
15:47:22.0011 1248 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:47:22.0011 1248 Smb - ok
15:47:22.0058 1248 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:47:22.0058 1248 SNMPTRAP - ok
15:47:22.0167 1248 SOHCImp (7b24efa2a60ba7388fecda63ab24560a) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:47:22.0167 1248 SOHCImp - ok
15:47:22.0183 1248 SOHDBSvr (140fcf5ffae4efba9740a9fd8b49e0bf) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
15:47:22.0183 1248 SOHDBSvr - ok
15:47:22.0245 1248 SOHDms (d8c244121a06b581b097d9617d94cff1) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:47:22.0245 1248 SOHDms - ok
15:47:22.0276 1248 SOHDs (2db561887ea122b946bbe2821473edd8) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:47:22.0276 1248 SOHDs - ok
15:47:22.0308 1248 SOHPlMgr (ab9ee246a1eb2c3c7c6cb16e0b9462f7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
15:47:22.0308 1248 SOHPlMgr - ok
15:47:22.0354 1248 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:47:22.0354 1248 spldr - ok
15:47:22.0432 1248 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:47:22.0432 1248 Spooler - ok
15:47:22.0510 1248 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:47:22.0510 1248 srv - ok
15:47:22.0573 1248 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:47:22.0588 1248 srv2 - ok
15:47:22.0604 1248 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:47:22.0604 1248 srvnet - ok
15:47:22.0635 1248 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:47:22.0651 1248 SSDPSRV - ok
15:47:22.0666 1248 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:47:22.0666 1248 SstpSvc - ok
15:47:22.0744 1248 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:47:22.0760 1248 stisvc - ok
15:47:22.0776 1248 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:47:22.0776 1248 swenum - ok
15:47:22.0854 1248 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:47:22.0854 1248 swprv - ok
15:47:22.0885 1248 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:47:22.0885 1248 Symc8xx - ok
15:47:22.0916 1248 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:47:22.0916 1248 Sym_hi - ok
15:47:22.0932 1248 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:47:22.0932 1248 Sym_u3 - ok
15:47:23.0041 1248 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:47:23.0041 1248 SysMain - ok
15:47:23.0072 1248 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:47:23.0088 1248 TabletInputService - ok
15:47:23.0150 1248 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:47:23.0150 1248 TapiSrv - ok
15:47:23.0166 1248 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:47:23.0166 1248 TBS - ok
15:47:23.0337 1248 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
15:47:23.0353 1248 Tcpip - ok
15:47:23.0618 1248 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
15:47:23.0634 1248 Tcpip6 - ok
15:47:23.0758 1248 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:47:23.0758 1248 tcpipreg - ok
15:47:23.0774 1248 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:47:23.0774 1248 TDPIPE - ok
15:47:23.0790 1248 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:47:23.0790 1248 TDTCP - ok
15:47:23.0836 1248 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:47:23.0836 1248 tdx - ok
15:47:23.0868 1248 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:47:23.0868 1248 TermDD - ok
15:47:23.0946 1248 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:47:23.0946 1248 TermService - ok
15:47:24.0024 1248 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:47:24.0039 1248 Themes - ok
15:47:24.0055 1248 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:47:24.0055 1248 THREADORDER - ok
15:47:24.0102 1248 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:47:24.0102 1248 TrkWks - ok
15:47:24.0164 1248 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:47:24.0164 1248 TrustedInstaller - ok
15:47:24.0195 1248 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:24.0195 1248 tssecsrv - ok
15:47:24.0226 1248 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:47:24.0226 1248 tunmp - ok
15:47:24.0258 1248 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:47:24.0258 1248 tunnel - ok
15:47:24.0289 1248 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:47:24.0289 1248 uagp35 - ok
15:47:24.0382 1248 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
15:47:24.0382 1248 uCamMonitor - ok
15:47:24.0429 1248 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:47:24.0429 1248 udfs - ok
15:47:24.0476 1248 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:47:24.0476 1248 UI0Detect - ok
15:47:24.0507 1248 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:47:24.0523 1248 uliagpkx - ok
15:47:24.0554 1248 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:47:24.0554 1248 uliahci - ok
15:47:24.0585 1248 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:47:24.0585 1248 UlSata - ok
15:47:24.0616 1248 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:47:24.0616 1248 ulsata2 - ok
15:47:24.0648 1248 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:47:24.0648 1248 umbus - ok
15:47:24.0694 1248 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:47:24.0694 1248 upnphost - ok
15:47:24.0726 1248 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:47:24.0726 1248 USBAAPL64 - ok
15:47:24.0772 1248 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:47:24.0772 1248 usbccgp - ok
15:47:24.0804 1248 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:47:24.0804 1248 usbcir - ok
15:47:24.0819 1248 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:47:24.0819 1248 usbehci - ok
15:47:24.0866 1248 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:47:24.0882 1248 usbhub - ok
15:47:24.0897 1248 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:47:24.0897 1248 usbohci - ok
15:47:24.0913 1248 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:47:24.0913 1248 usbprint - ok
15:47:24.0944 1248 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:47:24.0944 1248 usbscan - ok
15:47:24.0975 1248 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:24.0975 1248 USBSTOR - ok
15:47:25.0006 1248 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:47:25.0006 1248 usbuhci - ok
15:47:25.0038 1248 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:47:25.0038 1248 usbvideo - ok
15:47:25.0069 1248 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:47:25.0069 1248 UxSms - ok
15:47:25.0194 1248 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:47:25.0194 1248 VAIO Entertainment TV Device Arbitration Service - ok
15:47:25.0256 1248 VAIO Event Service (73328c784ecfe7072bd102f370076b50) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
15:47:25.0256 1248 VAIO Event Service - ok
15:47:25.0350 1248 VAIO Power Management (b63f63960e7254d9d9ed28474b40eb31) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:47:25.0350 1248 VAIO Power Management - ok
15:47:25.0708 1248 VCFw (0ed1d51dcec67f96cc313d02a1741cf3) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:47:25.0755 1248 VCFw - ok
15:47:25.0864 1248 VcmIAlzMgr (7295a2b5795e7b8aa128e5df5a29b656) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:47:25.0880 1248 VcmIAlzMgr - ok
15:47:25.0942 1248 VcmXmlIfHelper (76df898710495c5b1476719410d8b895) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:47:25.0942 1248 VcmXmlIfHelper - ok
15:47:25.0989 1248 Vcsw - ok
15:47:26.0130 1248 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:47:26.0130 1248 vds - ok
15:47:26.0176 1248 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:26.0176 1248 vga - ok
15:47:26.0192 1248 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:47:26.0192 1248 VgaSave - ok
15:47:26.0223 1248 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:47:26.0223 1248 viaide - ok
15:47:26.0239 1248 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:47:26.0239 1248 volmgr - ok
15:47:26.0301 1248 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:47:26.0301 1248 volmgrx - ok
15:47:26.0348 1248 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:47:26.0364 1248 volsnap - ok
15:47:26.0395 1248 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:47:26.0395 1248 vsmraid - ok
15:47:26.0520 1248 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:47:26.0535 1248 VSS - ok
15:47:26.0660 1248 VzCdbSvc (79eb419f4a694b4514249e0d3db16ecf) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
15:47:26.0660 1248 VzCdbSvc - ok
15:47:26.0800 1248 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:47:26.0800 1248 W32Time - ok
15:47:26.0832 1248 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:47:26.0832 1248 WacomPen - ok
15:47:26.0878 1248 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:26.0878 1248 Wanarp - ok
15:47:26.0878 1248 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:26.0878 1248 Wanarpv6 - ok
15:47:26.0925 1248 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:47:26.0941 1248 wcncsvc - ok
15:47:26.0972 1248 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:47:26.0972 1248 WcsPlugInService - ok
15:47:26.0988 1248 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:47:27.0003 1248 Wd - ok
15:47:27.0081 1248 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:47:27.0081 1248 Wdf01000 - ok
15:47:27.0112 1248 wdfsgusbV2 (ebc8e8f27e70a3dcaabd84a8611d3575) C:\Windows\system32\DRIVERS\wdfsgusb.sys
15:47:27.0112 1248 wdfsgusbV2 - ok
15:47:27.0144 1248 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:47:27.0144 1248 WdiServiceHost - ok
15:47:27.0144 1248 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:47:27.0159 1248 WdiSystemHost - ok
15:47:27.0190 1248 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:47:27.0206 1248 WebClient - ok
15:47:27.0268 1248 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:47:27.0268 1248 Wecsvc - ok
15:47:27.0300 1248 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:47:27.0300 1248 wercplsupport - ok
15:47:27.0331 1248 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:47:27.0331 1248 WerSvc - ok
15:47:27.0378 1248 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:47:27.0378 1248 WimFltr - ok
15:47:27.0456 1248 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:47:27.0456 1248 winachsf - ok
15:47:27.0487 1248 WinDefend - ok
15:47:27.0502 1248 WinHttpAutoProxySvc - ok
15:47:27.0580 1248 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:47:27.0580 1248 Winmgmt - ok
15:47:27.0752 1248 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:47:27.0783 1248 WinRM - ok
15:47:27.0892 1248 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
15:47:27.0892 1248 WinUSB - ok
15:47:27.0970 1248 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:47:27.0970 1248 Wlansvc - ok
15:47:28.0189 1248 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:47:28.0220 1248 wlidsvc - ok
15:47:28.0329 1248 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:47:28.0329 1248 WmiAcpi - ok
15:47:28.0407 1248 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:47:28.0407 1248 wmiApSrv - ok
15:47:28.0438 1248 WMPNetworkSvc - ok
15:47:28.0485 1248 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:47:28.0485 1248 WPCSvc - ok
15:47:28.0532 1248 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:47:28.0532 1248 WPDBusEnum - ok
15:47:28.0563 1248 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:47:28.0563 1248 WpdUsb - ok
15:47:28.0797 1248 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:47:28.0813 1248 WPFFontCache_v0400 - ok
15:47:28.0844 1248 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:47:28.0844 1248 ws2ifsl - ok
15:47:28.0891 1248 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
15:47:28.0891 1248 wscsvc - ok
15:47:28.0891 1248 WSearch - ok
15:47:29.0125 1248 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:47:29.0156 1248 wuauserv - ok
15:47:29.0265 1248 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:29.0265 1248 WUDFRd - ok
15:47:29.0296 1248 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:47:29.0296 1248 wudfsvc - ok
15:47:29.0312 1248 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
15:47:29.0328 1248 XAudio - ok
15:47:29.0359 1248 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
15:47:29.0374 1248 XAudioService - ok
15:47:29.0421 1248 yksvc (d433f6726a727b0528f6e39f423fe1fd) C:\Windows\System32\ykx64mpcoinst.dll
15:47:29.0421 1248 yksvc - ok
15:47:29.0468 1248 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
15:47:29.0468 1248 yukonx64 - ok
15:47:29.0499 1248 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:47:30.0576 1248 \Device\Harddisk0\DR0 - ok
15:47:30.0576 1248 Boot (0x1200) (5b0be995f05980492b1e209b972d842c) \Device\Harddisk0\DR0\Partition0
15:47:30.0591 1248 \Device\Harddisk0\DR0\Partition0 - ok
15:47:30.0591 1248 ============================================================
15:47:30.0591 1248 Scan finished
15:47:30.0591 1248 ============================================================
15:47:30.0591 2516 Detected object count: 0
15:47:30.0591 2516 Actual detected object count: 0
15:47:56.0768 4708 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 20:29:46
-----------------------------
20:29:46.893 OS Version: Windows x64 6.0.6002 Service Pack 2
20:29:46.893 Number of processors: 2 586 0x170A
20:29:46.893 ComputerName: BRIAN-PC UserName: Brian
20:29:48.359 Initialize success
20:30:00.933 AVAST engine defs: 12081301
20:30:20.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:30:20.527 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
20:30:20.527 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
20:30:20.527 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
20:30:20.527 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000061
20:30:20.542 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:30:20.558 Disk 0 MBR read successfully
20:30:20.558 Disk 0 MBR scan
20:30:20.558 Disk 0 Windows VISTA default MBR code
20:30:20.573 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10823 MB offset 2048
20:30:20.620 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294420 MB offset 22167552
20:30:20.729 Disk 0 scanning C:\Windows\system32\drivers
20:30:39.917 Service scanning
20:31:24.970 Modules scanning
20:31:24.970 Disk 0 trace - called modules:
20:31:25.017 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:31:25.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066f85a0]
20:31:25.033 3 CLASSPNP.SYS[fffffa6000fcac33] -> nt!IofCallDriver -> [0xfffffa8004b999b0]
20:31:25.033 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c11050]
20:31:26.218 AVAST engine scan C:\Windows
20:31:31.741 AVAST engine scan C:\Windows\system32
20:37:39.358 AVAST engine scan C:\Windows\system32\drivers
20:38:14.660 AVAST engine scan C:\Users\Brian
20:52:42.286 AVAST engine scan C:\ProgramData
20:56:05.429 Scan finished successfully
20:56:26.068 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
20:56:26.068 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBRlog1.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 14 August 2012 - 12:29 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 August 2012 - 02:33 AM

Gringo,
Ran the combofix as you told me to. did a couple of searches and I am still getting redirected. Thanks again.


ComboFix 12-08-13.01 - Brian 08/14/2012 3:03.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2404 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\cfscript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 07:11 . 2012-08-14 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 07:11 . 2012-08-14 07:11 -------- d-----w- c:\users\Brian\AppData\Local\temp
2012-08-14 06:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4285CCA6-33EC-4527-AC58-D0577F1A860A}\mpengine.dll
2012-08-12 19:39 . 2012-08-12 19:39 116016 ----a-w- c:\windows\system32\drivers\04004226.sys
2012-08-11 18:56 . 2012-08-11 18:56 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 13:28 . 2012-07-31 13:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-31 10:15 . 2012-07-31 13:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-31 10:15 . 2012-07-31 13:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-15 21:51 . 2012-08-02 23:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:14 . 2011-05-16 15:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-02-21 22:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 07:16 . 2012-06-25 07:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-19 00:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:05 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:05 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:04 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 00:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 00:04 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:05 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 00:04 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-19 00:04 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:19 . 2012-06-19 00:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 00:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-19 00:04 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 16:25 . 2009-11-24 18:10 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_19.03.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-08-14 02:19 75134 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-14 02:19 89238 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-17 18:40 . 2012-08-14 02:19 20138 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-449548607-3680168409-1110270209-1000_UserData.bin
- 2009-05-09 09:43 . 2012-08-12 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-09 09:43 . 2012-08-14 01:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-09 09:43 . 2012-08-14 01:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-09 09:43 . 2012-08-12 21:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-09 09:43 . 2012-08-14 01:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-09 09:43 . 2012-08-12 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-13 15:35 . 2012-08-13 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-14 02:15 . 2012-08-14 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-14 02:15 . 2012-08-14 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-13 15:35 . 2012-08-13 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-18 02:07 . 2012-08-14 06:47 452622 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2012-08-14 02:23 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-13 15:42 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-13 15:42 104170 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-14 02:23 104170 c:\windows\system32\perfc009.dat
+ 2011-01-17 23:06 . 2012-08-14 02:10 333920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-01-17 23:06 . 2012-08-13 07:41 333920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-04 14:24 . 2012-08-14 02:10 50674604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-449548607-3680168409-1110270209-1000-4096.dat
- 2011-09-04 14:24 . 2012-08-13 07:41 50674604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-449548607-3680168409-1110270209-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]
"Spotify Web Helper"="c:\users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-08 932528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-11 61440]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINDEFEND
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 23:14]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 10:10]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 10:10]
.
2012-07-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7b3951b1-f9a1-4a54-a2df-8db383254661.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task bf8cafad-68ff-4fff-a7b1-4d9bba4311d9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-08-14 03:13:38
ComboFix-quarantined-files.txt 2012-08-14 07:13
ComboFix2.txt 2012-08-13 19:05
.
Pre-Run: 208,402,116,608 bytes free
Post-Run: 207,702,482,944 bytes free
.
- - End Of File - - 26DC2A599036F21AE36E30A30578A1C7

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 14 August 2012 - 12:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 August 2012 - 03:56 PM

Gringo,
Here are the newest logs. thanks again.



16:28:27.0573 1476 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:28:27.0838 1476 ============================================================
16:28:27.0838 1476 Current date / time: 2012/08/14 16:28:27.0838
16:28:27.0838 1476 SystemInfo:
16:28:27.0838 1476
16:28:27.0838 1476 OS Version: 6.0.6002 ServicePack: 2.0
16:28:27.0838 1476 Product type: Workstation
16:28:27.0838 1476 ComputerName: BRIAN-PC
16:28:27.0838 1476 UserName: Brian
16:28:27.0838 1476 Windows directory: C:\Windows
16:28:27.0838 1476 System windows directory: C:\Windows
16:28:27.0838 1476 Running under WOW64
16:28:27.0838 1476 Processor architecture: Intel x64
16:28:27.0838 1476 Number of processors: 2
16:28:27.0838 1476 Page size: 0x1000
16:28:27.0838 1476 Boot type: Normal boot
16:28:27.0838 1476 ============================================================
16:28:28.0493 1476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:28.0509 1476 ============================================================
16:28:28.0509 1476 \Device\Harddisk0\DR0:
16:28:28.0509 1476 MBR partitions:
16:28:28.0509 1476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1524000, BlocksNum 0x23F0A2B0
16:28:28.0509 1476 ============================================================
16:28:28.0555 1476 C: <-> \Device\Harddisk0\DR0\Partition1
16:28:28.0555 1476 ============================================================
16:28:28.0555 1476 Initialize success
16:28:28.0555 1476 ============================================================
16:28:30.0661 0400 ============================================================
16:28:30.0661 0400 Scan started
16:28:30.0661 0400 Mode: Manual;
16:28:30.0661 0400 ============================================================
16:28:33.0033 0400 ================ Scan services =============================
16:28:33.0189 0400 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:28:33.0189 0400 !SASCORE - ok
16:28:33.0345 0400 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:28:33.0345 0400 ACDaemon - ok
16:28:33.0532 0400 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:28:33.0532 0400 ACPI - ok
16:28:33.0766 0400 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:33.0766 0400 AdobeFlashPlayerUpdateSvc - ok
16:28:33.0813 0400 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:28:33.0813 0400 adp94xx - ok
16:28:33.0844 0400 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:28:33.0859 0400 adpahci - ok
16:28:33.0875 0400 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:28:33.0875 0400 adpu160m - ok
16:28:33.0922 0400 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:28:33.0937 0400 adpu320 - ok
16:28:33.0969 0400 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:33.0969 0400 AeLookupSvc - ok
16:28:34.0047 0400 [ 0cc146c4addea45791b18b1e2659f4a9 ] AFD C:\Windows\system32\drivers\afd.sys
16:28:34.0062 0400 AFD - ok
16:28:34.0093 0400 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:28:34.0093 0400 agp440 - ok
16:28:34.0109 0400 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:28:34.0125 0400 aic78xx - ok
16:28:34.0140 0400 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
16:28:34.0140 0400 ALG - ok
16:28:34.0203 0400 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:28:34.0218 0400 aliide - ok
16:28:34.0249 0400 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
16:28:34.0249 0400 amdide - ok
16:28:34.0312 0400 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:28:34.0312 0400 AmdK8 - ok
16:28:34.0359 0400 [ 2e0d64d672f9e3edd51531fa91f33da5 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:28:34.0359 0400 ApfiltrService - ok
16:28:34.0452 0400 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
16:28:34.0452 0400 Appinfo - ok
16:28:34.0546 0400 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:28:34.0546 0400 Apple Mobile Device - ok
16:28:34.0655 0400 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
16:28:34.0655 0400 arc - ok
16:28:34.0717 0400 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:28:34.0749 0400 arcsas - ok
16:28:34.0780 0400 [ 1ce3822b05a5e229286a15ea39369870 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:28:34.0780 0400 ArcSoftKsUFilter - ok
16:28:34.0811 0400 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:34.0811 0400 AsyncMac - ok
16:28:34.0827 0400 [ 1898fae8e07d97f2f6c2d5326c633fac ] atapi C:\Windows\system32\drivers\atapi.sys
16:28:34.0827 0400 atapi - ok
16:28:34.0936 0400 [ 390bc9b68e1ef2a299731bc775d43004 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:28:34.0951 0400 athr - ok
16:28:34.0998 0400 [ 20c8215ad926c2db4e4915ad7d24241e ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
16:28:35.0014 0400 Ati External Event Utility - ok
16:28:35.0232 0400 [ a0e8b71a181930338b45f371a25cdec4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:28:35.0388 0400 atikmdag - ok
16:28:35.0451 0400 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:35.0466 0400 AudioEndpointBuilder - ok
16:28:35.0466 0400 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:28:35.0482 0400 AudioSrv - ok
16:28:35.0513 0400 Beep - ok
16:28:35.0607 0400 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
16:28:35.0622 0400 BFE - ok
16:28:35.0716 0400 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
16:28:35.0731 0400 BITS - ok
16:28:35.0763 0400 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:28:35.0794 0400 blbdrive - ok
16:28:35.0887 0400 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:35.0887 0400 Bonjour Service - ok
16:28:35.0965 0400 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:35.0965 0400 bowser - ok
16:28:36.0012 0400 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:28:36.0012 0400 BrFiltLo - ok
16:28:36.0028 0400 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:28:36.0028 0400 BrFiltUp - ok
16:28:36.0059 0400 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
16:28:36.0059 0400 Browser - ok
16:28:36.0168 0400 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
16:28:36.0184 0400 Brserid - ok
16:28:36.0231 0400 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:28:36.0246 0400 BrSerWdm - ok
16:28:36.0277 0400 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:28:36.0277 0400 BrUsbMdm - ok
16:28:36.0293 0400 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:28:36.0293 0400 BrUsbSer - ok
16:28:36.0309 0400 [ 471ff09330a53177bbe9fd6ddf8a8259 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:28:36.0309 0400 BthEnum - ok
16:28:36.0324 0400 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:28:36.0324 0400 BTHMODEM - ok
16:28:36.0355 0400 [ befc5311736b475ac5b60c14ff7c775a ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:28:36.0355 0400 BthPan - ok
16:28:36.0418 0400 [ 7d104f22c04a76f0d2f96f789ac07fcb ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:28:36.0433 0400 BTHPORT - ok
16:28:36.0465 0400 [ 22e65ffd640f16968f855f5b3528d366 ] BthServ C:\Windows\System32\bthserv.dll
16:28:36.0465 0400 BthServ - ok
16:28:36.0480 0400 [ d9324f0c142267961ce900bfc3798bb1 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:28:36.0496 0400 BTHUSB - ok
16:28:36.0527 0400 [ 1abd26de34d3a5e346e96d721c0d67f8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:28:36.0558 0400 btwaudio - ok
16:28:36.0574 0400 [ 3081d3213a3d2df2f3e7bbd816c17225 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:28:36.0574 0400 btwavdt - ok
16:28:36.0652 0400 [ 51871801ef4f79f22683abef7bea989b ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:28:36.0652 0400 btwdins - ok
16:28:36.0683 0400 [ 0037cb116097e8e0ea77f3b13c50ff1e ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:28:36.0683 0400 btwl2cap - ok
16:28:36.0699 0400 [ 6921ad2faf1cb24b2ffc78104721d506 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:28:36.0699 0400 btwrchid - ok
16:28:36.0714 0400 catchme - ok
16:28:36.0761 0400 [ fdb53a8d3bc52dc29884587e768e3388 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:28:36.0777 0400 CAXHWAZL - ok
16:28:36.0823 0400 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:36.0823 0400 cdfs - ok
16:28:36.0870 0400 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:28:36.0870 0400 cdrom - ok
16:28:36.0933 0400 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:36.0964 0400 CertPropSvc - ok
16:28:36.0995 0400 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:28:37.0011 0400 circlass - ok
16:28:37.0042 0400 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
16:28:37.0042 0400 CLFS - ok
16:28:37.0120 0400 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:37.0120 0400 clr_optimization_v2.0.50727_32 - ok
16:28:37.0182 0400 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:37.0213 0400 clr_optimization_v2.0.50727_64 - ok
16:28:37.0291 0400 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:37.0291 0400 clr_optimization_v4.0.30319_32 - ok
16:28:37.0323 0400 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:37.0338 0400 clr_optimization_v4.0.30319_64 - ok
16:28:37.0385 0400 [ b52d9a14ce4101577900a364ba86f3df ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:37.0401 0400 CmBatt - ok
16:28:37.0432 0400 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:28:37.0463 0400 cmdide - ok
16:28:37.0494 0400 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:28:37.0494 0400 Compbatt - ok
16:28:37.0510 0400 COMSysApp - ok
16:28:37.0525 0400 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:28:37.0525 0400 crcdisk - ok
16:28:37.0557 0400 [ 18918613e63f387cde4d95ca7d49dcf7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:37.0557 0400 CryptSvc - ok
16:28:37.0619 0400 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:37.0635 0400 DcomLaunch - ok
16:28:37.0713 0400 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:28:37.0713 0400 DfsC - ok
16:28:37.0869 0400 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
16:28:38.0009 0400 DFSR - ok
16:28:38.0040 0400 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:28:38.0056 0400 Dhcp - ok
16:28:38.0087 0400 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
16:28:38.0087 0400 disk - ok
16:28:38.0087 0400 DMICall - ok
16:28:38.0181 0400 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:38.0181 0400 Dnscache - ok
16:28:38.0212 0400 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:38.0227 0400 dot3svc - ok
16:28:38.0290 0400 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:28:38.0290 0400 Dot4 - ok
16:28:38.0352 0400 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:28:38.0368 0400 Dot4Print - ok
16:28:38.0399 0400 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:28:38.0399 0400 dot4usb - ok
16:28:38.0430 0400 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
16:28:38.0430 0400 DPS - ok
16:28:38.0493 0400 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:38.0493 0400 drmkaud - ok
16:28:38.0633 0400 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:38.0649 0400 DXGKrnl - ok
16:28:38.0680 0400 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:28:38.0680 0400 E1G60 - ok
16:28:38.0711 0400 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
16:28:38.0711 0400 EapHost - ok
16:28:38.0789 0400 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
16:28:38.0789 0400 Ecache - ok
16:28:38.0836 0400 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:28:38.0836 0400 ehRecvr - ok
16:28:38.0851 0400 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
16:28:38.0867 0400 ehSched - ok
16:28:38.0914 0400 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
16:28:38.0914 0400 ehstart - ok
16:28:39.0007 0400 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:28:39.0007 0400 elxstor - ok
16:28:39.0117 0400 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:28:39.0117 0400 EMDMgmt - ok
16:28:39.0163 0400 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:28:39.0163 0400 ErrDev - ok
16:28:39.0226 0400 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
16:28:39.0226 0400 EventSystem - ok
16:28:39.0351 0400 [ 2898eec4ff1c8204222d266f48a35b7d ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:28:39.0366 0400 EvtEng - ok
16:28:39.0429 0400 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:39.0444 0400 exfat - ok
16:28:39.0491 0400 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:39.0491 0400 fastfat - ok
16:28:39.0585 0400 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:28:39.0600 0400 fdc - ok
16:28:39.0694 0400 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:39.0694 0400 fdPHost - ok
16:28:39.0709 0400 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:39.0709 0400 FDResPub - ok
16:28:39.0725 0400 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:39.0725 0400 FileInfo - ok
16:28:39.0787 0400 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:39.0787 0400 Filetrace - ok
16:28:39.0834 0400 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:39.0834 0400 flpydisk - ok
16:28:39.0959 0400 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:39.0959 0400 FltMgr - ok
16:28:40.0037 0400 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
16:28:40.0053 0400 FontCache - ok
16:28:40.0099 0400 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:40.0115 0400 FontCache3.0.0.0 - ok
16:28:40.0131 0400 [ 29d99e860a1ca0a03c6a733fdd0da703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:40.0131 0400 Fs_Rec - ok
16:28:40.0162 0400 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:28:40.0162 0400 gagp30kx - ok
16:28:40.0209 0400 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:40.0209 0400 GEARAspiWDM - ok
16:28:40.0318 0400 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:40.0318 0400 gpsvc - ok
16:28:40.0380 0400 [ 626a24ed1228580b9518c01930936df9 ] gupdate1c9d08e6d157c97 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:40.0396 0400 gupdate1c9d08e6d157c97 - ok
16:28:40.0396 0400 [ 626a24ed1228580b9518c01930936df9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:40.0396 0400 gupdatem - ok
16:28:40.0443 0400 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:40.0443 0400 gusvc - ok
16:28:40.0521 0400 [ df45f8142dc6df9d18c39b3effbd0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:40.0536 0400 HdAudAddService - ok
16:28:40.0645 0400 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:40.0661 0400 HDAudBus - ok
16:28:40.0677 0400 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:28:40.0677 0400 HidBth - ok
16:28:40.0723 0400 [ 4e77a77e2c986e8f88f996bb3e1ad829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:28:40.0739 0400 HidIr - ok
16:28:40.0801 0400 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
16:28:40.0801 0400 hidserv - ok
16:28:40.0848 0400 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:28:40.0848 0400 HidUsb - ok
16:28:40.0879 0400 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:40.0879 0400 hkmsvc - ok
16:28:40.0895 0400 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:28:40.0895 0400 HpCISSs - ok
16:28:41.0067 0400 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:28:41.0082 0400 hpqcxs08 - ok
16:28:41.0160 0400 [ df446ba625cc441617843e87798ce048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:28:41.0176 0400 hpqddsvc - ok
16:28:41.0223 0400 [ 57ba73b5b321291e5114cb21350e1ea0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:28:41.0238 0400 HSFHWAZL - ok
16:28:41.0363 0400 [ e90d0e3d9715f3bec7db2d6321dddee8 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:28:41.0394 0400 HSF_DPV - ok
16:28:41.0441 0400 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:41.0457 0400 HTTP - ok
16:28:41.0488 0400 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:28:41.0488 0400 i2omp - ok
16:28:41.0503 0400 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:28:41.0503 0400 i8042prt - ok
16:28:41.0550 0400 [ 8d58627fef3f8767665d9f4dc91cbd97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:28:41.0550 0400 iaStor - ok
16:28:41.0613 0400 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:28:41.0628 0400 iaStorV - ok
16:28:41.0737 0400 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:41.0753 0400 idsvc - ok
16:28:41.0769 0400 igfx - ok
16:28:41.0800 0400 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:28:41.0800 0400 iirsp - ok
16:28:41.0893 0400 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:41.0893 0400 IKEEXT - ok
16:28:41.0956 0400 [ 18f7691b18d4a93559d2a998ab2142bd ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:42.0003 0400 IntcAzAudAddService - ok
16:28:42.0003 0400 IntcHdmiAddService - ok
16:28:42.0034 0400 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
16:28:42.0034 0400 intelide - ok
16:28:42.0049 0400 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:28:42.0049 0400 intelppm - ok
16:28:42.0096 0400 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:28:42.0112 0400 IPBusEnum - ok
16:28:42.0159 0400 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:42.0159 0400 IpFilterDriver - ok
16:28:42.0205 0400 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:28:42.0205 0400 iphlpsvc - ok
16:28:42.0205 0400 IpInIp - ok
16:28:42.0252 0400 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:28:42.0252 0400 IPMIDRV - ok
16:28:42.0283 0400 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:28:42.0283 0400 IPNAT - ok
16:28:42.0393 0400 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:28:42.0408 0400 iPod Service - ok
16:28:42.0424 0400 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:42.0424 0400 IRENUM - ok
16:28:42.0439 0400 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:28:42.0439 0400 isapnp - ok
16:28:42.0471 0400 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:28:42.0486 0400 iScsiPrt - ok
16:28:42.0502 0400 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:28:42.0502 0400 iteatapi - ok
16:28:42.0517 0400 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:28:42.0517 0400 iteraid - ok
16:28:42.0549 0400 [ 213822072085b5bbad9af30ab577d817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:28:42.0549 0400 IviRegMgr - ok
16:28:42.0580 0400 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:42.0580 0400 kbdclass - ok
16:28:42.0627 0400 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:42.0627 0400 kbdhid - ok
16:28:42.0658 0400 [ 40348dcec0712ed42231c5f90a69a690 ] KeyIso C:\Windows\system32\lsass.exe
16:28:42.0658 0400 KeyIso - ok
16:28:42.0751 0400 [ 476e2c1dcea45895994bef11c2a98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:42.0767 0400 KSecDD - ok
16:28:42.0783 0400 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:28:42.0783 0400 ksthunk - ok
16:28:42.0814 0400 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:42.0829 0400 KtmRm - ok
16:28:42.0954 0400 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:28:43.0001 0400 LanmanServer - ok
16:28:43.0095 0400 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:43.0095 0400 LanmanWorkstation - ok
16:28:43.0157 0400 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:43.0188 0400 lltdio - ok
16:28:43.0235 0400 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:43.0251 0400 lltdsvc - ok
16:28:43.0266 0400 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:43.0266 0400 lmhosts - ok
16:28:43.0313 0400 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:28:43.0313 0400 LSI_FC - ok
16:28:43.0344 0400 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:28:43.0344 0400 LSI_SAS - ok
16:28:43.0391 0400 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:28:43.0391 0400 LSI_SCSI - ok
16:28:43.0453 0400 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:43.0453 0400 luafv - ok
16:28:43.0485 0400 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:28:43.0516 0400 Mcx2Svc - ok
16:28:43.0547 0400 [ e4f44ec214b3e381e1fc844a02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:28:43.0547 0400 mdmxsdk - ok
16:28:43.0609 0400 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
16:28:43.0609 0400 megasas - ok
16:28:43.0672 0400 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:28:43.0687 0400 MegaSR - ok
16:28:43.0719 0400 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
16:28:43.0719 0400 MMCSS - ok
16:28:43.0750 0400 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
16:28:43.0750 0400 Modem - ok
16:28:43.0765 0400 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:43.0765 0400 monitor - ok
16:28:43.0781 0400 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:28:43.0781 0400 mouclass - ok
16:28:43.0812 0400 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:28:43.0812 0400 mouhid - ok
16:28:43.0828 0400 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:28:43.0828 0400 MountMgr - ok
16:28:43.0843 0400 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:28:43.0843 0400 mpio - ok
16:28:43.0875 0400 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:43.0875 0400 mpsdrv - ok
16:28:43.0921 0400 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
16:28:43.0937 0400 MpsSvc - ok
16:28:43.0953 0400 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:28:43.0953 0400 Mraid35x - ok
16:28:43.0984 0400 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:43.0984 0400 MRxDAV - ok
16:28:44.0062 0400 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:44.0062 0400 mrxsmb - ok
16:28:44.0124 0400 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:44.0124 0400 mrxsmb10 - ok
16:28:44.0187 0400 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:44.0187 0400 mrxsmb20 - ok
16:28:44.0249 0400 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
16:28:44.0249 0400 msahci - ok
16:28:44.0311 0400 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:28:44.0327 0400 msdsm - ok
16:28:44.0358 0400 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
16:28:44.0358 0400 MSDTC - ok
16:28:44.0405 0400 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:44.0405 0400 Msfs - ok
16:28:44.0421 0400 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:28:44.0421 0400 msisadrv - ok
16:28:44.0467 0400 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:44.0467 0400 MSiSCSI - ok
16:28:44.0483 0400 msiserver - ok
16:28:44.0514 0400 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:44.0514 0400 MSKSSRV - ok
16:28:44.0577 0400 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:44.0592 0400 MSPCLOCK - ok
16:28:44.0623 0400 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:44.0623 0400 MSPQM - ok
16:28:44.0670 0400 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:44.0686 0400 MsRPC - ok
16:28:44.0717 0400 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:28:44.0717 0400 mssmbios - ok
16:28:44.0733 0400 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:44.0733 0400 MSTEE - ok
16:28:44.0795 0400 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:44.0795 0400 Mup - ok
16:28:44.0920 0400 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
16:28:44.0935 0400 napagent - ok
16:28:45.0029 0400 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:45.0029 0400 NativeWifiP - ok
16:28:45.0154 0400 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:45.0169 0400 NDIS - ok
16:28:45.0201 0400 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:45.0216 0400 NdisTapi - ok
16:28:45.0247 0400 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:45.0247 0400 Ndisuio - ok
16:28:45.0279 0400 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:45.0294 0400 NdisWan - ok
16:28:45.0341 0400 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:45.0341 0400 NDProxy - ok
16:28:45.0403 0400 [ 59267d2f0328599aa3b5408c2e06126f ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:28:45.0435 0400 Net Driver HPZ12 - ok
16:28:45.0466 0400 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:45.0466 0400 NetBIOS - ok
16:28:45.0513 0400 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:28:45.0528 0400 netbt - ok
16:28:45.0544 0400 [ 40348dcec0712ed42231c5f90a69a690 ] Netlogon C:\Windows\system32\lsass.exe
16:28:45.0544 0400 Netlogon - ok
16:28:45.0591 0400 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
16:28:45.0591 0400 Netman - ok
16:28:45.0637 0400 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
16:28:45.0637 0400 netprofm - ok
16:28:45.0700 0400 [ 74751dda198165947fd7454d83f49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:45.0700 0400 NetTcpPortSharing - ok
16:28:45.0918 0400 [ bfbd278f8c9bcec693345759ac278e14 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
16:28:46.0043 0400 NETw5v64 - ok
16:28:46.0090 0400 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:28:46.0105 0400 nfrd960 - ok
16:28:46.0137 0400 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:46.0137 0400 NlaSvc - ok
16:28:46.0183 0400 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:46.0183 0400 Npfs - ok
16:28:46.0261 0400 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
16:28:46.0261 0400 nsi - ok
16:28:46.0308 0400 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:46.0324 0400 nsiproxy - ok
16:28:46.0464 0400 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:46.0495 0400 Ntfs - ok
16:28:46.0542 0400 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
16:28:46.0542 0400 Null - ok
16:28:46.0573 0400 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:46.0573 0400 nvraid - ok
16:28:46.0620 0400 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:46.0620 0400 nvstor - ok
16:28:46.0667 0400 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:28:46.0683 0400 nv_agp - ok
16:28:46.0683 0400 NwlnkFlt - ok
16:28:46.0698 0400 NwlnkFwd - ok
16:28:46.0792 0400 [ 1f0e05dff4f5a833168e49be1256f002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:46.0807 0400 odserv - ok
16:28:46.0839 0400 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:28:46.0854 0400 ohci1394 - ok
16:28:46.0885 0400 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:46.0885 0400 ose - ok
16:28:46.0995 0400 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:28:47.0026 0400 p2pimsvc - ok
16:28:47.0041 0400 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:47.0041 0400 p2psvc - ok
16:28:47.0213 0400 [ b8040c5c1fc1fbbbe5c78cb9eda343ec ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:28:47.0213 0400 PACSPTISVR - ok
16:28:47.0291 0400 [ aecd57f94c887f58919f307c35498ea0 ] Parport C:\Windows\system32\drivers\parport.sys
16:28:47.0307 0400 Parport - ok
16:28:47.0353 0400 [ f9b5eda4c17a2be7663f064dbf0fe254 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:47.0369 0400 partmgr - ok
16:28:47.0416 0400 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:47.0431 0400 PcaSvc - ok
16:28:47.0509 0400 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
16:28:47.0525 0400 pci - ok
16:28:47.0556 0400 [ 8d618c829034479985a9ed56106cc732 ] pciide C:\Windows\system32\drivers\pciide.sys
16:28:47.0556 0400 pciide - ok
16:28:47.0603 0400 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:28:47.0603 0400 pcmcia - ok
16:28:47.0665 0400 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:47.0681 0400 PEAUTH - ok
16:28:47.0853 0400 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:28:47.0868 0400 PerfHost - ok
16:28:47.0977 0400 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
16:28:48.0009 0400 pla - ok
16:28:48.0040 0400 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:48.0055 0400 PlugPlay - ok
16:28:48.0071 0400 [ 5261a2fd55183ac6993145ab6662cddf ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:28:48.0071 0400 Pml Driver HPZ12 - ok
16:28:48.0258 0400 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:28:48.0274 0400 PNRPAutoReg - ok
16:28:48.0321 0400 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:28:48.0336 0400 PNRPsvc - ok
16:28:48.0430 0400 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:48.0445 0400 PolicyAgent - ok
16:28:48.0523 0400 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:48.0555 0400 PptpMiniport - ok
16:28:48.0601 0400 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
16:28:48.0601 0400 Processor - ok
16:28:48.0648 0400 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:48.0648 0400 ProfSvc - ok
16:28:48.0695 0400 [ 40348dcec0712ed42231c5f90a69a690 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:48.0695 0400 ProtectedStorage - ok
16:28:48.0773 0400 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:28:48.0789 0400 PSched - ok
16:28:48.0804 0400 [ fbf4db6d53585437e41a113300002a2b ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:28:48.0804 0400 PxHlpa64 - ok
16:28:48.0882 0400 [ 17996ca5c59259ae02ca95bd11d7beec ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:28:48.0882 0400 QBCFMonitorService - ok
16:28:48.0960 0400 [ 2241eaf40e472c471cb80cf6b97cca11 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:28:48.0960 0400 QBFCService - ok
16:28:49.0069 0400 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:28:49.0101 0400 ql2300 - ok
16:28:49.0147 0400 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:28:49.0147 0400 ql40xx - ok
16:28:49.0225 0400 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
16:28:49.0225 0400 QWAVE - ok
16:28:49.0272 0400 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:28:49.0272 0400 QWAVEdrv - ok
16:28:49.0303 0400 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:49.0303 0400 RasAcd - ok
16:28:49.0366 0400 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:49.0366 0400 RasAuto - ok
16:28:49.0413 0400 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:49.0428 0400 Rasl2tp - ok
16:28:49.0475 0400 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
16:28:49.0491 0400 RasMan - ok
16:28:49.0553 0400 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:49.0569 0400 RasPppoe - ok
16:28:49.0615 0400 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:49.0615 0400 RasSstp - ok
16:28:49.0693 0400 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:49.0693 0400 rdbss - ok
16:28:49.0709 0400 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:49.0725 0400 RDPCDD - ok
16:28:49.0771 0400 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:28:49.0787 0400 rdpdr - ok
16:28:49.0787 0400 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:28:49.0787 0400 RDPENCDD - ok
16:28:49.0865 0400 [ b1d741c87cea8d7282146366cc9c3f81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:28:49.0865 0400 RDPWD - ok
16:28:50.0021 0400 [ 9600567e331f5ae87d31b0a60763e48c ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:28:50.0037 0400 RegSrvc - ok
16:28:50.0083 0400 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:28:50.0099 0400 RemoteAccess - ok
16:28:50.0146 0400 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:28:50.0146 0400 RemoteRegistry - ok
16:28:50.0224 0400 [ 72c35598ba591abddc37fce7d26fe1c4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:50.0224 0400 RFCOMM - ok
16:28:50.0286 0400 [ 7eae3999b94a8ce60bfbaa83462b89a1 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
16:28:50.0302 0400 rimsptsk - ok
16:28:50.0333 0400 [ fa6d7cd63ad08a01d9259f58e0c5c09e ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
16:28:50.0349 0400 risdptsk - ok
16:28:50.0364 0400 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
16:28:50.0364 0400 RpcLocator - ok
16:28:50.0458 0400 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
16:28:50.0458 0400 RpcSs - ok
16:28:50.0489 0400 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:28:50.0489 0400 rspndr - ok
16:28:50.0536 0400 [ 67c7695d3b18682addf8419eda4bbfb8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:28:50.0536 0400 RTHDMIAzAudService - ok
16:28:50.0707 0400 [ bdd34a4a3725e3d527beda3c5fb67603 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:28:50.0707 0400 RtkAudioService - ok
16:28:50.0863 0400 [ 6b318f9443740a907d1c8f3460c19009 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
16:28:50.0863 0400 SampleCollector - ok
16:28:50.0926 0400 [ 40348dcec0712ed42231c5f90a69a690 ] SamSs C:\Windows\system32\lsass.exe
16:28:50.0926 0400 SamSs - ok
16:28:51.0019 0400 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:28:51.0019 0400 SASDIFSV - ok
16:28:51.0175 0400 [ 7ce61c25c159f50f9eaf6d77fc83fa35 ] SASENUM C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
16:28:51.0175 0400 SASENUM - ok
16:28:51.0191 0400 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:28:51.0191 0400 SASKUTIL - ok
16:28:51.0222 0400 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:28:51.0222 0400 sbp2port - ok
16:28:51.0269 0400 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:28:51.0269 0400 SCardSvr - ok
16:28:51.0534 0400 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
16:28:51.0534 0400 Schedule - ok
16:28:51.0612 0400 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:28:51.0612 0400 SCPolicySvc - ok
16:28:51.0675 0400 [ b42ee50f7d24f837f925332eb349eca5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:28:51.0690 0400 sdbus - ok
16:28:51.0784 0400 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:28:51.0799 0400 SDRSVC - ok
16:28:51.0846 0400 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:28:51.0846 0400 secdrv - ok
16:28:51.0893 0400 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
16:28:51.0909 0400 seclogon - ok
16:28:51.0971 0400 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
16:28:51.0971 0400 SENS - ok
16:28:51.0987 0400 [ f71bfe7ac6c52273b7c82cbf1bb2a222 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:28:51.0987 0400 Serenum - ok
16:28:52.0033 0400 [ e62fac91ee288db29a9696a9d279929c ] Serial C:\Windows\system32\drivers\serial.sys
16:28:52.0049 0400 Serial - ok
16:28:52.0111 0400 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:28:52.0143 0400 sermouse - ok
16:28:52.0205 0400 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:28:52.0221 0400 SessionEnv - ok
16:28:52.0252 0400 [ 70f9c476b62de4f2823e918a6c181ade ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
16:28:52.0252 0400 SFEP - ok
16:28:52.0267 0400 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:28:52.0267 0400 sffdisk - ok
16:28:52.0299 0400 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:28:52.0299 0400 sffp_mmc - ok
16:28:52.0314 0400 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:28:52.0314 0400 sffp_sd - ok
16:28:52.0361 0400 [ 40567781f0785c4a69411d1b40da8987 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:52.0361 0400 sfloppy - ok
16:28:52.0408 0400 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:28:52.0408 0400 SharedAccess - ok
16:28:52.0517 0400 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:52.0548 0400 ShellHWDetection - ok
16:28:52.0595 0400 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:28:52.0611 0400 SiSRaid2 - ok
16:28:52.0657 0400 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:28:52.0657 0400 SiSRaid4 - ok
16:28:52.0767 0400 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:28:52.0845 0400 slsvc - ok
16:28:52.0907 0400 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:28:52.0907 0400 SLUINotify - ok
16:28:52.0969 0400 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:28:53.0001 0400 Smb - ok
16:28:53.0079 0400 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:28:53.0094 0400 SNMPTRAP - ok
16:28:53.0141 0400 [ 7b24efa2a60ba7388fecda63ab24560a ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:28:53.0157 0400 SOHCImp - ok
16:28:53.0172 0400 [ 140fcf5ffae4efba9740a9fd8b49e0bf ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:28:53.0172 0400 SOHDBSvr - ok
16:28:53.0219 0400 [ d8c244121a06b581b097d9617d94cff1 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:28:53.0219 0400 SOHDms - ok
16:28:53.0266 0400 [ 2db561887ea122b946bbe2821473edd8 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:28:53.0266 0400 SOHDs - ok
16:28:53.0297 0400 [ ab9ee246a1eb2c3c7c6cb16e0b9462f7 ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:28:53.0297 0400 SOHPlMgr - ok
16:28:53.0359 0400 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
16:28:53.0359 0400 spldr - ok
16:28:53.0453 0400 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
16:28:53.0469 0400 Spooler - ok
16:28:53.0547 0400 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
16:28:53.0562 0400 srv - ok
16:28:53.0640 0400 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:28:53.0703 0400 srv2 - ok
16:28:53.0749 0400 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:28:53.0749 0400 srvnet - ok
16:28:53.0827 0400 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:28:53.0827 0400 SSDPSRV - ok
16:28:53.0890 0400 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:28:53.0890 0400 SstpSvc - ok
16:28:53.0968 0400 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
16:28:53.0983 0400 stisvc - ok
16:28:54.0030 0400 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:28:54.0030 0400 swenum - ok
16:28:54.0077 0400 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
16:28:54.0093 0400 swprv - ok
16:28:54.0202 0400 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:28:54.0217 0400 Symc8xx - ok
16:28:54.0280 0400 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:28:54.0280 0400 Sym_hi - ok
16:28:54.0342 0400 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:28:54.0358 0400 Sym_u3 - ok
16:28:54.0451 0400 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
16:28:54.0483 0400 SysMain - ok
16:28:54.0514 0400 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:54.0529 0400 TabletInputService - ok
16:28:54.0670 0400 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:28:54.0685 0400 TapiSrv - ok
16:28:54.0717 0400 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
16:28:54.0732 0400 TBS - ok
16:28:55.0091 0400 [ 4dad14118fbcf7c609f2a4ce21fbcc5f ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:28:55.0138 0400 Tcpip - ok
16:28:55.0169 0400 [ 4dad14118fbcf7c609f2a4ce21fbcc5f ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:28:55.0185 0400 Tcpip6 - ok
16:28:55.0263 0400 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:28:55.0263 0400 tcpipreg - ok
16:28:55.0278 0400 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:28:55.0278 0400 TDPIPE - ok
16:28:55.0294 0400 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:28:55.0294 0400 TDTCP - ok
16:28:55.0341 0400 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:28:55.0341 0400 tdx - ok
16:28:55.0419 0400 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:28:55.0434 0400 TermDD - ok
16:28:55.0481 0400 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
16:28:55.0481 0400 TermService - ok
16:28:55.0543 0400 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
16:28:55.0543 0400 Themes - ok
16:28:55.0606 0400 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
16:28:55.0606 0400 THREADORDER - ok
16:28:55.0637 0400 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
16:28:55.0637 0400 TrkWks - ok
16:28:55.0777 0400 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:55.0777 0400 TrustedInstaller - ok
16:28:55.0855 0400 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:55.0887 0400 tssecsrv - ok
16:28:55.0902 0400 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:28:55.0918 0400 tunmp - ok
16:28:55.0949 0400 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:28:55.0949 0400 tunnel - ok
16:28:55.0980 0400 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:28:55.0980 0400 uagp35 - ok
16:28:56.0043 0400 [ 63f6d08c54d5b3c1b12a6172032055c7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:28:56.0058 0400 uCamMonitor - ok
16:28:56.0183 0400 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:28:56.0214 0400 udfs - ok
16:28:56.0277 0400 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:28:56.0292 0400 UI0Detect - ok
16:28:56.0323 0400 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:28:56.0323 0400 uliagpkx - ok
16:28:56.0355 0400 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:28:56.0355 0400 uliahci - ok
16:28:56.0386 0400 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:28:56.0386 0400 UlSata - ok
16:28:56.0433 0400 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:28:56.0448 0400 ulsata2 - ok
16:28:56.0479 0400 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:28:56.0479 0400 umbus - ok
16:28:56.0526 0400 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
16:28:56.0542 0400 upnphost - ok
16:28:56.0620 0400 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:28:56.0620 0400 USBAAPL64 - ok
16:28:56.0682 0400 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:56.0682 0400 usbccgp - ok
16:28:56.0776 0400 [ 9247f7e0b65852c1f6631480984d6ed2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:28:56.0823 0400 usbcir - ok
16:28:56.0869 0400 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:28:56.0869 0400 usbehci - ok
16:28:56.0932 0400 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:28:56.0932 0400 usbhub - ok
16:28:56.0979 0400 [ eba14ef0c07cec233f1529c698d0d154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:28:56.0994 0400 usbohci - ok
16:28:57.0025 0400 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:28:57.0025 0400 usbprint - ok
16:28:57.0088 0400 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:28:57.0088 0400 usbscan - ok
16:28:57.0150 0400 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:57.0150 0400 USBSTOR - ok
16:28:57.0213 0400 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:28:57.0228 0400 usbuhci - ok
16:28:57.0244 0400 [ fc33099877790d51b0927b7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:28:57.0259 0400 usbvideo - ok
16:28:57.0322 0400 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
16:28:57.0322 0400 UxSms - ok
16:28:57.0415 0400 [ 4e7135d6d0127067e4cfee12259f895d ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
16:28:57.0415 0400 VAIO Entertainment TV Device Arbitration Service - ok
16:28:57.0525 0400 [ 73328c784ecfe7072bd102f370076b50 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
16:28:57.0525 0400 VAIO Event Service - ok
16:28:57.0618 0400 [ b63f63960e7254d9d9ed28474b40eb31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:28:57.0665 0400 VAIO Power Management - ok
16:28:58.0102 0400 [ 0ed1d51dcec67f96cc313d02a1741cf3 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:28:58.0258 0400 VCFw - ok
16:28:58.0383 0400 [ 7295a2b5795e7b8aa128e5df5a29b656 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:28:58.0398 0400 VcmIAlzMgr - ok
16:28:58.0461 0400 [ 76df898710495c5b1476719410d8b895 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:28:58.0461 0400 VcmXmlIfHelper - ok
16:28:58.0507 0400 Vcsw - ok
16:28:58.0617 0400 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
16:28:58.0632 0400 vds - ok
16:28:58.0695 0400 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:58.0710 0400 vga - ok
16:28:58.0726 0400 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:28:58.0726 0400 VgaSave - ok
16:28:58.0788 0400 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
16:28:58.0804 0400 viaide - ok
16:28:58.0835 0400 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:28:58.0835 0400 volmgr - ok
16:28:58.0897 0400 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:28:58.0897 0400 volmgrx - ok
16:28:59.0007 0400 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:28:59.0038 0400 volsnap - ok
16:28:59.0085 0400 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:28:59.0100 0400 vsmraid - ok
16:28:59.0428 0400 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
16:28:59.0443 0400 VSS - ok
16:28:59.0490 0400 [ 79eb419f4a694b4514249e0d3db16ecf ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
16:28:59.0521 0400 VzCdbSvc - ok
16:28:59.0568 0400 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
16:28:59.0584 0400 W32Time - ok
16:28:59.0631 0400 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:28:59.0631 0400 WacomPen - ok
16:28:59.0677 0400 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:28:59.0677 0400 Wanarp - ok
16:28:59.0677 0400 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:28:59.0677 0400 Wanarpv6 - ok
16:28:59.0740 0400 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:28:59.0755 0400 wcncsvc - ok
16:28:59.0787 0400 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:59.0787 0400 WcsPlugInService - ok
16:28:59.0833 0400 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
16:28:59.0833 0400 Wd - ok
16:28:59.0958 0400 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:28:59.0989 0400 Wdf01000 - ok
16:29:00.0021 0400 [ ebc8e8f27e70a3dcaabd84a8611d3575 ] wdfsgusbV2 C:\Windows\system32\DRIVERS\wdfsgusb.sys
16:29:00.0036 0400 wdfsgusbV2 - ok
16:29:00.0067 0400 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:29:00.0067 0400 WdiServiceHost - ok
16:29:00.0067 0400 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:29:00.0067 0400 WdiSystemHost - ok
16:29:00.0145 0400 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
16:29:00.0145 0400 WebClient - ok
16:29:00.0223 0400 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:29:00.0270 0400 Wecsvc - ok
16:29:00.0317 0400 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:29:00.0333 0400 wercplsupport - ok
16:29:00.0379 0400 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
16:29:00.0411 0400 WerSvc - ok
16:29:00.0457 0400 [ 52ded146e4797e6ccf94799e8e22bb2a ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:29:00.0457 0400 WimFltr - ok
16:29:00.0504 0400 [ 057b062cf9a11e04db45b8c3afc28b11 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:29:00.0520 0400 winachsf - ok
16:29:00.0551 0400 WinDefend - ok
16:29:00.0551 0400 WinHttpAutoProxySvc - ok
16:29:00.0676 0400 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:29:00.0676 0400 Winmgmt - ok
16:29:00.0816 0400 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:29:00.0863 0400 WinRM - ok
16:29:00.0925 0400 [ 7f2f9e48566b2087f2aaad258cb2a8d4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
16:29:00.0941 0400 WinUSB - ok
16:29:00.0972 0400 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:29:00.0988 0400 Wlansvc - ok
16:29:01.0347 0400 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:01.0378 0400 wlidsvc - ok
16:29:01.0425 0400 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:29:01.0440 0400 WmiAcpi - ok
16:29:01.0487 0400 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:29:01.0503 0400 wmiApSrv - ok
16:29:01.0549 0400 WMPNetworkSvc - ok
16:29:01.0643 0400 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:29:01.0643 0400 WPCSvc - ok
16:29:01.0721 0400 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:29:01.0768 0400 WPDBusEnum - ok
16:29:01.0799 0400 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:29:01.0799 0400 WpdUsb - ok
16:29:02.0205 0400 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:29:02.0220 0400 WPFFontCache_v0400 - ok
16:29:02.0251 0400 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:29:02.0267 0400 ws2ifsl - ok
16:29:02.0298 0400 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
16:29:02.0298 0400 wscsvc - ok
16:29:02.0314 0400 WSearch - ok
16:29:02.0735 0400 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:29:02.0797 0400 wuauserv - ok
16:29:02.0813 0400 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:02.0829 0400 WUDFRd - ok
16:29:02.0891 0400 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:29:02.0891 0400 wudfsvc - ok
16:29:02.0953 0400 [ 638c99d993afab0e1fab226e2bbe6d79 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
16:29:02.0953 0400 XAudio - ok
16:29:02.0985 0400 [ 3e775f0bd28ddeff53d78578b97a3cff ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
16:29:02.0985 0400 XAudioService - ok
16:29:03.0031 0400 [ d433f6726a727b0528f6e39f423fe1fd ] yksvc C:\Windows\System32\ykx64mpcoinst.dll
16:29:03.0031 0400 yksvc - ok
16:29:03.0078 0400 [ 4d7bd04b794478aba95ea1e03be39c47 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
16:29:03.0109 0400 yukonx64 - ok
16:29:03.0109 0400 ================ Scan global ===============================
16:29:03.0203 0400 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
16:29:03.0250 0400 (316fce1f71320844790e83b1c5cdea99) C:\Windows\system32\winsrv.dll
16:29:03.0281 0400 (316fce1f71320844790e83b1c5cdea99) C:\Windows\system32\winsrv.dll
16:29:03.0375 0400 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
16:29:03.0390 0400 [Global] - ok
16:29:03.0390 0400 ================ Scan MBR ==================================
16:29:03.0421 0400 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:29:04.0326 0400 \Device\Harddisk0\DR0 - ok
16:29:04.0326 0400 ================ Scan VBR ==================================
16:29:04.0373 0400 Boot (0x1200) (5b0be995f05980492b1e209b972d842c) \Device\Harddisk0\DR0\Partition1
16:29:04.0389 0400 \Device\Harddisk0\DR0\Partition1 - ok
16:29:04.0389 0400 ============================================================
16:29:04.0389 0400 Scan finished
16:29:04.0389 0400 ============================================================
16:29:04.0404 0324 Detected object count: 0
16:29:04.0404 0324 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 16:30:49
-----------------------------
16:30:49.982 OS Version: Windows x64 6.0.6002 Service Pack 2
16:30:49.982 Number of processors: 2 586 0x170A
16:30:49.982 ComputerName: BRIAN-PC UserName: Brian
16:30:51.245 Initialize success
16:31:30.753 AVAST engine defs: 12081401
16:31:40.721 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:31:40.721 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
16:31:40.721 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
16:31:40.721 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
16:31:40.737 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000061
16:31:40.737 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
16:31:40.799 Disk 0 MBR read successfully
16:31:40.799 Disk 0 MBR scan
16:31:40.799 Disk 0 Windows VISTA default MBR code
16:31:40.846 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10823 MB offset 2048
16:31:40.877 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294420 MB offset 22167552
16:31:40.908 Disk 0 scanning C:\Windows\system32\drivers
16:32:03.684 Service scanning
16:32:42.637 Modules scanning
16:32:42.637 Disk 0 trace - called modules:
16:32:42.684 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
16:32:42.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800662f790]
16:32:42.684 3 CLASSPNP.SYS[fffffa6000fcac33] -> nt!IofCallDriver -> [0xfffffa8004b7b860]
16:32:42.700 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf3050]
16:32:43.917 AVAST engine scan C:\Windows
16:32:51.732 AVAST engine scan C:\Windows\system32
16:39:07.134 AVAST engine scan C:\Windows\system32\drivers
16:39:23.607 AVAST engine scan C:\Users\Brian
16:50:04.675 AVAST engine scan C:\ProgramData
16:53:49.315 Scan finished successfully
16:54:13.588 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
16:54:13.604 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.14.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 14 August 2012 - 07:39 PM

Hello
are you still getting redirected?



Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 August 2012 - 09:02 PM

Gringo,
I am still getting redirected. Here is the log you requested. Thanks for hanging in there with me.



OTL logfile created on: 8/14/2012 9:33:04 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.74% Memory free
8.14 Gb Paging File | 6.54 Gb Available in Paging File | 80.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.52 Gb Total Space | 194.08 Gb Free Space | 67.50% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\ykx64mpcoinst.dll (Marvell)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (wdfsgusbV2) -- C:\Windows\SysNative\DRIVERS\wdfsgusb.sys (Stenograph, LLC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\DRIVERS\SFEP.sys (Sony Corporation)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimssn64.sys (REDC)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\DRIVERS\risdsn64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DMICall) -- C:\Windows\SysWOW64\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 96 42 32 19 7A CD 01 [binary data]
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS341
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 16:43:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 16:43:19 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U19 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

O1 HOSTS File: ([2012/08/13 15:03:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-449548607-3680168409-1110270209-1000..\Run: [Spotify Web Helper] C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-449548607-3680168409-1110270209-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449548607-3680168409-1110270209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FA9618D-01F4-45A0-B9F9-BFA7B293F5B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 20:46:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/08/14 16:25:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
[2012/08/14 16:15:13 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/08/14 03:38:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 03:13:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/14 03:13:40 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\temp
[2012/08/13 14:29:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/13 14:29:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/13 14:29:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/13 14:29:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/13 14:29:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 14:19:51 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/08/13 03:12:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.com
[2012/08/12 15:39:06 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04004226.sys
[2012/08/11 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/31 09:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/31 06:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/31 06:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2012/08/14 21:41:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 21:39:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 21:11:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 21:11:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 21:11:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 21:09:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 21:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 21:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 21:03:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 21:03:18 | 4260,392,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 21:02:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/14 20:46:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/08/14 16:54:13 | 000,000,512 | ---- | M] () -- C:\Users\Brian\Desktop\MBR.dat
[2012/08/14 16:26:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
[2012/08/14 16:15:13 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/08/14 16:10:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 16:10:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 15:03:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/13 14:19:51 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/08/13 14:19:06 | 000,881,494 | ---- | M] () -- C:\Users\Brian\Desktop\SecurityCheck.exe
[2012/08/13 03:12:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.com
[2012/08/12 15:39:06 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04004226.sys
[2012/08/08 01:06:53 | 000,053,240 | ---- | M] () -- C:\test.xml
[2012/07/31 09:28:49 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bf8cafad-68ff-4fff-a7b1-4d9bba4311d9.job
[2012/07/31 09:28:49 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b3951b1-f9a1-4a54-a2df-8db383254661.job
[2012/07/21 18:33:31 | 000,000,000 | ---- | M] () -- C:\Windows\V7PTMPPR.SGTMP

========== Files Created - No Company Name ==========

[2012/08/13 22:15:42 | 4260,392,960 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/13 19:51:53 | 000,000,512 | ---- | C] () -- C:\Users\Brian\Desktop\MBR.dat
[2012/08/13 14:29:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/13 14:29:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/13 14:29:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/13 14:29:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/13 14:29:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/13 14:19:06 | 000,881,494 | ---- | C] () -- C:\Users\Brian\Desktop\SecurityCheck.exe
[2012/07/31 09:28:49 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bf8cafad-68ff-4fff-a7b1-4d9bba4311d9.job
[2012/07/31 09:28:49 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b3951b1-f9a1-4a54-a2df-8db383254661.job
[2011/06/01 17:15:39 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\{C3A562A6-BED0-44ED-85C0-9E37BD516EBD}
[2011/03/04 10:31:04 | 000,010,184 | -HS- | C] () -- C:\Users\Brian\AppData\Local\2809086545
[2010/06/25 14:23:45 | 000,000,732 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps64.dat
[2010/04/13 23:02:23 | 000,000,680 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat
[2010/04/13 19:29:05 | 000,010,444 | -HS- | C] () -- C:\Users\Brian\AppData\Local\2886491261
[2010/04/13 18:19:22 | 000,000,120 | ---- | C] () -- C:\Users\Brian\AppData\Local\Gwetoco.dat
[2010/04/13 18:19:22 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\Owiyi.bin
[2010/04/13 18:17:39 | 000,010,496 | -HS- | C] () -- C:\Users\Brian\AppData\Local\7SkRgtbX5FlAM
[2010/04/13 18:17:39 | 000,010,496 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
[2010/02/10 22:40:43 | 000,001,492 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/08/17 10:55:29 | 000,064,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 14 August 2012 - 09:32 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    [2011/03/04 10:31:04 | 000,010,184 | -HS- | C] () -- C:\Users\Brian\AppData\Local\2809086545
    [2010/04/13 19:29:05 | 000,010,444 | -HS- | C] () -- C:\Users\Brian\AppData\Local\2886491261
    [2010/04/13 18:19:22 | 000,000,120 | ---- | C] () -- C:\Users\Brian\AppData\Local\Gwetoco.dat
    [2010/04/13 18:19:22 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\Owiyi.bin
    [2010/04/13 18:17:39 | 000,010,496 | -HS- | C] () -- C:\Users\Brian\AppData\Local\7SkRgtbX5FlAM
    [2010/04/13 18:17:39 | 000,010,496 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 iamnothing

iamnothing
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 August 2012 - 11:38 PM

Gringo,
Still getting redirected. here is the newest log. I did have one question though. when i ran the scan with the custom script that you gave me, I wasn't sure if I was supposed to do the following:

"Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox."

I know that "minimal output" was selected, the rest were defaults, I guess. Sorry if I did that wrong. Thanks again!


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb2\ deleted successfully.
File Protocol\Handler\intu-help-qb2 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
File Protocol\Handler\qbwc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\Users\Brian\AppData\Local\2809086545 moved successfully.
C:\Users\Brian\AppData\Local\2886491261 moved successfully.
C:\Users\Brian\AppData\Local\Gwetoco.dat moved successfully.
C:\Users\Brian\AppData\Local\Owiyi.bin moved successfully.
C:\Users\Brian\AppData\Local\7SkRgtbX5FlAM moved successfully.
C:\ProgramData\7SkRgtbX5FlAM moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brian\Desktop\cmd.bat deleted successfully.
C:\Users\Brian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Brian
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 52695 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08152012_001850




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users