Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google returning white screen or unable to connect to servers


  • This topic is locked This topic is locked
8 replies to this topic

#1 with2fs

with2fs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:49 PM

Posted 22 August 2012 - 02:28 PM

Hello,

I am having some Google Search issues. Just today, my Google searches are returning a blank white screen. For a few days, I get an error saying "Firefox is unable to connect with the servers at www.google.com" when I search with Google. I've also noticed that when I search Google Images, I am redirected away to another site.

I just downloaded and tried to run dds and gmer and both failed to run with the error message... "a device attached to the system is not functioning". I went to my device manager, but everything seemed to be working. I am sorry that I cannot load the log files for you.

Thank you in advance,

Steffany

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 AM

Posted 27 August 2012 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I can suggest any remedial action I need to see these logs.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 with2fs

with2fs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:49 PM

Posted 27 August 2012 - 01:30 PM

Thank you so much for your time!!

************************************
DDS
************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Steffany at 11:22:32 on 2012-08-27
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1405 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Steffany\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Users\Steffany\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\steffany\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Akamai NetSession Interface] "c:\users\steffany\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DRCU] "c:\program files\sony\drcu\DRCU.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: cengage.com\access
Trusted Zone: cengage.com\contractoraccess
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\steffany\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\steffany\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\steffany\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\steffany\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\steffany\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\steffany\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\steffany\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {81F30245-2419-4B8F-85AC-DE13CD0659D7} - hxxp://173.8.77.233/RtspVaPgDec.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\steffany\appdata\local\temp\f5tmp\urxshost.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\steffany\appdata\local\temp\f5tmp\urxhost.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - c:\users\steffany\appdata\local\temp\f5tmp\f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\steffany\appdata\local\temp\f5tmp\f5opswati.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8D7EDA5C-C17D-4CCB-9A1A-32AD7D2D97AD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FFEE47FA-DF21-4717-AB98-5B991CC5F97B} : DhcpNameServer = 192.168.1.254
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steffany\appdata\roaming\mozilla\firefox\profiles\5lwilbvi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\users\steffany\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\steffany\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-12-14 21408]
R1 MpKslf38abc79;MpKslf38abc79;c:\programdata\microsoft\microsoft antimalware\definition updates\{6dbf59d9-5058-4d31-a2db-7c737a605de4}\MpKslf38abc79.sys [2012-8-27 29904]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-8-24 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-24 21504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2010-5-3 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2010-5-3 125440]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-5-3 17920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-14 28464]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-6-15 6638080]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-14 75392]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-14 43904]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-14 9344]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2007-12-14 14720]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-14 812544]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-1-25 34944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2010-9-3 13952]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2010-5-3 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2010-5-3 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2010-5-3 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-12-14 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-12-14 79136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-08-27 18:12:32 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6dbf59d9-5058-4d31-a2db-7c737a605de4}\MpKslf38abc79.sys
2012-08-27 18:06:48 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6dbf59d9-5058-4d31-a2db-7c737a605de4}\offreg.dll
2012-08-27 17:59:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-22 19:29:26 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6dbf59d9-5058-4d31-a2db-7c737a605de4}\mpengine.dll
2012-08-19 15:05:59 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-07 03:33:09 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-01 21:10:16 -------- d-----w- c:\programdata\WeCareReminder
.
==================== Find3M ====================
.
2012-08-22 19:15:35 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 19:15:35 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 03:32:48 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-24 15:35:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-24 15:35:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-24 15:35:59 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-24 15:35:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-24 15:35:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-24 15:35:59 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-24 15:35:58 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
.
============= FINISH: 11:26:20.25 ===============

*******************************************
TDSSKiller
*******************************************
11:09:27.0868 3640 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:09:28.0436 3640 ============================================================
11:09:28.0437 3640 Current date / time: 2012/08/27 11:09:28.0436
11:09:28.0437 3640 SystemInfo:
11:09:28.0437 3640
11:09:28.0437 3640 OS Version: 6.0.6002 ServicePack: 2.0
11:09:28.0437 3640 Product type: Workstation
11:09:28.0437 3640 ComputerName: NOTEBOOK-SC
11:09:28.0438 3640 UserName: Steffany
11:09:28.0438 3640 Windows directory: C:\Windows
11:09:28.0438 3640 System windows directory: C:\Windows
11:09:28.0438 3640 Processor architecture: Intel x86
11:09:28.0438 3640 Number of processors: 2
11:09:28.0438 3640 Page size: 0x1000
11:09:28.0438 3640 Boot type: Normal boot
11:09:28.0438 3640 ============================================================
11:09:35.0020 3640 BG loaded
11:09:36.0324 3640 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:09:36.0364 3640 Drive \Device\Harddisk2\DR2 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:09:36.0368 3640 ============================================================
11:09:36.0368 3640 \Device\Harddisk0\DR0:
11:09:36.0375 3640 MBR partitions:
11:09:36.0375 3640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14F4800, BlocksNum 0x300000
11:09:36.0375 3640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17F4800, BlocksNum 0x15CAA1B0
11:09:36.0375 3640 \Device\Harddisk2\DR2:
11:09:36.0377 3640 MBR partitions:
11:09:36.0377 3640 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
11:09:36.0377 3640 ============================================================
11:09:36.0510 3640 C: <-> \Device\Harddisk0\DR0\Partition2
11:09:36.0629 3640 S: <-> \Device\Harddisk0\DR0\Partition1
11:09:36.0629 3640 ============================================================
11:09:36.0629 3640 Initialize success
11:09:36.0629 3640 ============================================================
11:09:51.0123 4864 ============================================================
11:09:51.0123 4864 Scan started
11:09:51.0123 4864 Mode: Manual;
11:09:51.0123 4864 ============================================================
11:09:53.0518 4864 ================ Scan system memory ========================
11:09:53.0518 4864 System memory - ok
11:09:53.0519 4864 ================ Scan services =============================
11:09:54.0127 4864 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:09:54.0155 4864 ACPI - ok
11:09:54.0307 4864 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
11:09:54.0309 4864 AdobeActiveFileMonitor6.0 - ok
11:09:54.0363 4864 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:09:54.0389 4864 adp94xx - ok
11:09:54.0424 4864 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:09:54.0431 4864 adpahci - ok
11:09:54.0458 4864 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:09:54.0470 4864 adpu160m - ok
11:09:54.0501 4864 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:09:54.0521 4864 adpu320 - ok
11:09:54.0569 4864 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:09:54.0570 4864 AeLookupSvc - ok
11:09:54.0660 4864 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
11:09:54.0665 4864 AFD - ok
11:09:54.0708 4864 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:09:54.0753 4864 agp440 - ok
11:09:54.0777 4864 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:09:54.0780 4864 aic78xx - ok
11:09:55.0295 4864 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
11:09:55.0295 4864 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
11:09:55.0306 4864 Akamai ( HiddenFile.Multi.Generic ) - warning
11:09:55.0306 4864 Akamai - detected HiddenFile.Multi.Generic (1)
11:09:55.0389 4864 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:09:55.0398 4864 ALG - ok
11:09:55.0458 4864 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
11:09:55.0459 4864 aliide - ok
11:09:55.0492 4864 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:09:55.0509 4864 amdagp - ok
11:09:55.0553 4864 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
11:09:55.0565 4864 amdide - ok
11:09:55.0592 4864 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
11:09:55.0593 4864 AmdK7 - ok
11:09:55.0619 4864 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:09:55.0621 4864 AmdK8 - ok
11:09:55.0709 4864 [ 18BFF317BDB10C64A35E1CA85F1EC051 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
11:09:55.0711 4864 ApfiltrService - ok
11:09:55.0914 4864 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
11:09:55.0916 4864 Appinfo - ok
11:09:56.0104 4864 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:09:56.0107 4864 Apple Mobile Device - ok
11:09:56.0353 4864 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
11:09:56.0355 4864 AppMgmt - ok
11:09:56.0384 4864 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
11:09:56.0419 4864 arc - ok
11:09:56.0498 4864 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:09:56.0544 4864 arcsas - ok
11:09:56.0592 4864 [ 97422DA56910A24B7AC8D295F5FD9535 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:09:56.0593 4864 ArcSoftKsUFilter - ok
11:09:56.0945 4864 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:09:57.0150 4864 aspnet_state - ok
11:09:57.0228 4864 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:57.0244 4864 AsyncMac - ok
11:09:57.0309 4864 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
11:09:57.0310 4864 atapi - ok
11:09:57.0439 4864 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:09:57.0443 4864 AudioEndpointBuilder - ok
11:09:57.0459 4864 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:09:57.0463 4864 Audiosrv - ok
11:09:57.0660 4864 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:09:57.0662 4864 BcmSqlStartupSvc - ok
11:09:57.0746 4864 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
11:09:57.0747 4864 Beep - ok
11:09:58.0024 4864 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
11:09:58.0029 4864 BFE - ok
11:09:58.0118 4864 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\System32\bgsvcgen.exe
11:09:58.0120 4864 bgsvcgen - ok
11:09:58.0262 4864 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
11:09:58.0275 4864 BITS - ok
11:09:58.0281 4864 blbdrive - ok
11:09:58.0470 4864 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:09:58.0475 4864 Bonjour Service - ok
11:09:58.0558 4864 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:09:58.0560 4864 bowser - ok
11:09:58.0599 4864 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:09:58.0600 4864 BrFiltLo - ok
11:09:58.0637 4864 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:09:58.0656 4864 BrFiltUp - ok
11:09:58.0698 4864 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
11:09:58.0700 4864 Browser - ok
11:09:58.0746 4864 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:09:58.0937 4864 Brserid - ok
11:09:58.0963 4864 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:09:58.0985 4864 BrSerWdm - ok
11:09:59.0012 4864 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:09:59.0025 4864 BrUsbMdm - ok
11:09:59.0059 4864 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:09:59.0062 4864 BrUsbSer - ok
11:09:59.0129 4864 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
11:09:59.0152 4864 BthEnum - ok
11:09:59.0225 4864 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:09:59.0230 4864 BTHMODEM - ok
11:09:59.0298 4864 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:09:59.0300 4864 BthPan - ok
11:09:59.0333 4864 [ 5A3ABAA2F8EECE7AEFB942773766E3DB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
11:09:59.0339 4864 BTHPORT - ok
11:09:59.0389 4864 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
11:09:59.0390 4864 BthServ - ok
11:09:59.0402 4864 [ 94E2941280E3756A5E0BCB467865C43A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
11:09:59.0403 4864 BTHUSB - ok
11:09:59.0448 4864 [ 7F256D9FFF384FAA40DF5DB1CB8531D9 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:09:59.0449 4864 btwaudio - ok
11:09:59.0475 4864 [ D87D990131AAABB27D4046790292366D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:09:59.0477 4864 btwavdt - ok
11:09:59.0506 4864 [ D02F4D18AA4A38F781BEEFEB1892E144 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:09:59.0507 4864 btwl2cap - ok
11:09:59.0526 4864 [ E1771C0FB49E747AB2B2D29DA50510F9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:09:59.0528 4864 btwrchid - ok
11:09:59.0577 4864 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:09:59.0578 4864 cdfs - ok
11:09:59.0614 4864 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
11:09:59.0662 4864 cdrbsdrv - ok
11:09:59.0722 4864 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:09:59.0723 4864 cdrom - ok
11:09:59.0750 4864 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
11:09:59.0760 4864 CertPropSvc - ok
11:09:59.0804 4864 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
11:09:59.0837 4864 circlass - ok
11:09:59.0951 4864 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
11:10:00.0032 4864 CLFS - ok
11:10:00.0090 4864 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:10:00.0099 4864 clr_optimization_v2.0.50727_32 - ok
11:10:00.0202 4864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:10:00.0524 4864 clr_optimization_v4.0.30319_32 - ok
11:10:00.0581 4864 CLTNetCnService - ok
11:10:00.0640 4864 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:10:00.0641 4864 CmBatt - ok
11:10:00.0675 4864 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:10:00.0690 4864 cmdide - ok
11:10:00.0743 4864 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:10:00.0746 4864 Compbatt - ok
11:10:00.0752 4864 COMSysApp - ok
11:10:00.0817 4864 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
11:10:00.0910 4864 cpudrv - ok
11:10:00.0936 4864 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:10:00.0963 4864 crcdisk - ok
11:10:00.0988 4864 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
11:10:00.0991 4864 Crusoe - ok
11:10:01.0064 4864 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:10:01.0066 4864 CryptSvc - ok
11:10:01.0099 4864 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
11:10:01.0104 4864 CSC - ok
11:10:01.0160 4864 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
11:10:01.0165 4864 CscService - ok
11:10:01.0272 4864 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:10:01.0281 4864 DcomLaunch - ok
11:10:01.0337 4864 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:10:01.0338 4864 DfsC - ok
11:10:01.0448 4864 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
11:10:01.0504 4864 DFSR - ok
11:10:01.0593 4864 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:10:01.0597 4864 Dhcp - ok
11:10:01.0738 4864 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
11:10:01.0757 4864 disk - ok
11:10:01.0816 4864 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
11:10:01.0817 4864 DMICall - ok
11:10:01.0922 4864 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:10:01.0925 4864 Dnscache - ok
11:10:02.0012 4864 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:10:02.0025 4864 dot3svc - ok
11:10:02.0098 4864 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
11:10:02.0102 4864 DPS - ok
11:10:02.0168 4864 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:10:02.0170 4864 drmkaud - ok
11:10:02.0253 4864 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:10:02.0266 4864 DXGKrnl - ok
11:10:02.0302 4864 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:10:02.0309 4864 E1G60 - ok
11:10:02.0376 4864 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
11:10:02.0379 4864 EapHost - ok
11:10:02.0444 4864 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
11:10:02.0464 4864 Ecache - ok
11:10:02.0539 4864 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:10:02.0663 4864 ehRecvr - ok
11:10:02.0703 4864 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
11:10:02.0771 4864 ehSched - ok
11:10:02.0902 4864 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
11:10:02.0948 4864 ehstart - ok
11:10:03.0197 4864 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:10:03.0214 4864 elxstor - ok
11:10:03.0362 4864 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:10:03.0372 4864 EMDMgmt - ok
11:10:03.0420 4864 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
11:10:03.0426 4864 EventSystem - ok
11:10:03.0478 4864 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
11:10:03.0483 4864 exfat - ok
11:10:03.0554 4864 [ AC29508411E25DB9CD7BF0C56AB5DC5B ] f5ipfw C:\Windows\system32\drivers\urfltwlh.sys
11:10:03.0563 4864 f5ipfw - ok
11:10:03.0618 4864 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:10:03.0621 4864 fastfat - ok
11:10:03.0794 4864 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
11:10:03.0804 4864 Fax - ok
11:10:03.0858 4864 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:10:03.0862 4864 fdc - ok
11:10:03.0972 4864 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
11:10:03.0975 4864 fdPHost - ok
11:10:04.0043 4864 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
11:10:04.0046 4864 FDResPub - ok
11:10:04.0092 4864 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:10:04.0095 4864 FileInfo - ok
11:10:04.0117 4864 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:10:04.0138 4864 Filetrace - ok
11:10:04.0256 4864 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:10:04.0282 4864 FLEXnet Licensing Service - ok
11:10:04.0310 4864 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:10:04.0341 4864 flpydisk - ok
11:10:04.0446 4864 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:10:04.0450 4864 FltMgr - ok
11:10:04.0588 4864 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
11:10:04.0609 4864 FontCache - ok
11:10:04.0737 4864 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:10:04.0772 4864 FontCache3.0.0.0 - ok
11:10:04.0827 4864 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:10:04.0838 4864 Fs_Rec - ok
11:10:04.0873 4864 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:10:04.0935 4864 fvevol - ok
11:10:05.0113 4864 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:10:05.0128 4864 gagp30kx - ok
11:10:05.0175 4864 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:10:05.0177 4864 GEARAspiWDM - ok
11:10:05.0410 4864 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
11:10:05.0421 4864 gpsvc - ok
11:10:05.0473 4864 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:10:05.0502 4864 HdAudAddService - ok
11:10:05.0570 4864 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:10:05.0579 4864 HDAudBus - ok
11:10:05.0610 4864 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:10:05.0625 4864 HidBth - ok
11:10:05.0657 4864 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:10:05.0674 4864 HidIr - ok
11:10:05.0761 4864 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
11:10:05.0765 4864 hidserv - ok
11:10:05.0935 4864 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:10:05.0937 4864 HidUsb - ok
11:10:06.0032 4864 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:10:06.0037 4864 hkmsvc - ok
11:10:06.0091 4864 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:10:06.0189 4864 HpCISSs - ok
11:10:06.0583 4864 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:10:06.0588 4864 hpqcxs08 - ok
11:10:06.0647 4864 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:10:06.0649 4864 hpqddsvc - ok
11:10:06.0704 4864 [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:10:06.0713 4864 HPSLPSVC - ok
11:10:06.0766 4864 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:10:06.0780 4864 HSFHWAZL - ok
11:10:06.0941 4864 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:10:06.0950 4864 HSF_DPV - ok
11:10:07.0111 4864 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:10:07.0114 4864 HSXHWAZL - ok
11:10:07.0254 4864 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:10:07.0258 4864 HTTP - ok
11:10:07.0300 4864 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:10:07.0303 4864 i2omp - ok
11:10:07.0397 4864 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:10:07.0399 4864 i8042prt - ok
11:10:07.0492 4864 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:10:07.0533 4864 iaStorV - ok
11:10:07.0583 4864 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:10:07.0588 4864 IDriverT - ok
11:10:08.0066 4864 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:10:08.0216 4864 idsvc - ok
11:10:08.0434 4864 [ 1B954F2BCB244596DA704DC8C7729930 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:10:08.0489 4864 igfx - ok
11:10:08.0534 4864 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:10:08.0550 4864 iirsp - ok
11:10:08.0742 4864 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
11:10:08.0748 4864 IKEEXT - ok
11:10:08.0824 4864 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
11:10:08.0839 4864 intelide - ok
11:10:08.0859 4864 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:10:08.0860 4864 intelppm - ok
11:10:08.0913 4864 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:10:08.0916 4864 IPBusEnum - ok
11:10:08.0963 4864 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:10:09.0113 4864 IpFilterDriver - ok
11:10:09.0200 4864 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:10:09.0206 4864 iphlpsvc - ok
11:10:09.0219 4864 IpInIp - ok
11:10:09.0309 4864 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:10:09.0356 4864 IPMIDRV - ok
11:10:09.0428 4864 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:10:09.0453 4864 IPNAT - ok
11:10:09.0699 4864 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:10:09.0736 4864 iPod Service - ok
11:10:09.0800 4864 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:10:09.0801 4864 IRENUM - ok
11:10:09.0847 4864 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:10:09.0865 4864 isapnp - ok
11:10:09.0941 4864 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:10:09.0944 4864 iScsiPrt - ok
11:10:09.0977 4864 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:10:09.0994 4864 iteatapi - ok
11:10:10.0022 4864 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:10:10.0027 4864 iteraid - ok
11:10:10.0208 4864 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:10:10.0210 4864 IviRegMgr - ok
11:10:10.0267 4864 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:10:10.0268 4864 kbdclass - ok
11:10:10.0382 4864 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:10:10.0383 4864 kbdhid - ok
11:10:10.0497 4864 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
11:10:10.0502 4864 KeyIso - ok
11:10:10.0634 4864 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:10:10.0660 4864 KSecDD - ok
11:10:10.0778 4864 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:10:10.0800 4864 KtmRm - ok
11:10:10.0836 4864 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
11:10:10.0844 4864 LanmanServer - ok
11:10:10.0900 4864 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:10:10.0909 4864 LanmanWorkstation - ok
11:10:10.0994 4864 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:10:10.0996 4864 lltdio - ok
11:10:11.0041 4864 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:10:11.0080 4864 lltdsvc - ok
11:10:11.0141 4864 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:10:11.0146 4864 lmhosts - ok
11:10:11.0274 4864 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:10:11.0277 4864 LSI_FC - ok
11:10:11.0294 4864 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:10:11.0297 4864 LSI_SAS - ok
11:10:11.0305 4864 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:10:11.0307 4864 LSI_SCSI - ok
11:10:11.0349 4864 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
11:10:11.0351 4864 luafv - ok
11:10:11.0408 4864 [ F7E15F2FE7790733DF86E95A76556389 ] LVUSBSta C:\Windows\system32\DRIVERS\LVUSBSta.sys
11:10:11.0409 4864 LVUSBSta - ok
11:10:11.0703 4864 [ 92D03DC19EAE9D0A86735705E374FDAD ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
11:10:11.0755 4864 LVUVC - ok
11:10:11.0808 4864 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:10:11.0813 4864 Mcx2Svc - ok
11:10:11.0907 4864 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:10:11.0910 4864 MDM - ok
11:10:11.0954 4864 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:10:11.0955 4864 mdmxsdk - ok
11:10:11.0994 4864 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
11:10:11.0996 4864 megasas - ok
11:10:12.0039 4864 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
11:10:12.0054 4864 MMCSS - ok
11:10:12.0082 4864 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
11:10:12.0084 4864 Modem - ok
11:10:12.0195 4864 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:10:12.0196 4864 monitor - ok
11:10:12.0364 4864 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:10:12.0366 4864 mouclass - ok
11:10:12.0419 4864 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:10:12.0420 4864 mouhid - ok
11:10:12.0526 4864 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:10:12.0536 4864 MountMgr - ok
11:10:12.0661 4864 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:10:12.0666 4864 MozillaMaintenance - ok
11:10:12.0739 4864 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:10:12.0743 4864 MpFilter - ok
11:10:12.0836 4864 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
11:10:12.0893 4864 mpio - ok
11:10:12.0919 4864 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:10:12.0921 4864 mpsdrv - ok
11:10:13.0022 4864 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
11:10:13.0032 4864 MpsSvc - ok
11:10:13.0081 4864 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:10:13.0084 4864 Mraid35x - ok
11:10:13.0094 4864 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:10:13.0097 4864 MRxDAV - ok
11:10:13.0131 4864 [ 454341E652BDF5E01B0F2140232B073E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:10:13.0133 4864 mrxsmb - ok
11:10:13.0253 4864 [ 2A4901AFF069944FA945ED5BBF4DCDE3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:10:13.0257 4864 mrxsmb10 - ok
11:10:13.0343 4864 [ 28B3F1AB44BDD4432C041581412F17D9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:10:13.0345 4864 mrxsmb20 - ok
11:10:13.0380 4864 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
11:10:13.0383 4864 msahci - ok
11:10:13.0438 4864 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
11:10:13.0441 4864 MSCSPTISRV - ok
11:10:13.0466 4864 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:10:13.0485 4864 msdsm - ok
11:10:13.0557 4864 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
11:10:13.0575 4864 MSDTC - ok
11:10:13.0634 4864 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:10:13.0635 4864 Msfs - ok
11:10:13.0733 4864 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:10:13.0759 4864 msisadrv - ok
11:10:13.0812 4864 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:10:13.0841 4864 MSiSCSI - ok
11:10:13.0849 4864 msiserver - ok
11:10:13.0877 4864 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:10:13.0879 4864 MSKSSRV - ok
11:10:13.0958 4864 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:10:13.0959 4864 MsMpSvc - ok
11:10:14.0039 4864 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:10:14.0042 4864 MSPCLOCK - ok
11:10:14.0071 4864 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:10:14.0074 4864 MSPQM - ok
11:10:14.0136 4864 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:10:14.0141 4864 MsRPC - ok
11:10:14.0173 4864 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:10:14.0174 4864 mssmbios - ok
11:10:14.0384 4864 MSSQL$MSSMLBIZ - ok
11:10:14.0555 4864 MSSQL$SQLEXPRESS - ok
11:10:14.0665 4864 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:10:14.0667 4864 MSSQLServerADHelper - ok
11:10:14.0803 4864 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
11:10:14.0827 4864 MSSQLServerADHelper100 - ok
11:10:14.0879 4864 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:10:14.0881 4864 MSTEE - ok
11:10:14.0910 4864 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
11:10:14.0913 4864 Mup - ok
11:10:14.0996 4864 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
11:10:15.0006 4864 napagent - ok
11:10:15.0057 4864 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:10:15.0060 4864 NativeWifiP - ok
11:10:15.0149 4864 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:10:15.0164 4864 NDIS - ok
11:10:15.0221 4864 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:10:15.0224 4864 NdisTapi - ok
11:10:15.0254 4864 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:10:15.0256 4864 Ndisuio - ok
11:10:15.0317 4864 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:10:15.0320 4864 NdisWan - ok
11:10:15.0443 4864 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:10:15.0445 4864 NDProxy - ok
11:10:15.0496 4864 [ 19715A9A573DAD2521348ABC74266A48 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:10:15.0500 4864 Net Driver HPZ12 - ok
11:10:15.0600 4864 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:10:15.0602 4864 NetBIOS - ok
11:10:15.0773 4864 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:10:15.0776 4864 netbt - ok
11:10:15.0797 4864 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
11:10:15.0802 4864 Netlogon - ok
11:10:15.0846 4864 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
11:10:15.0855 4864 Netman - ok
11:10:15.0889 4864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:15.0966 4864 NetMsmqActivator - ok
11:10:15.0972 4864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:15.0974 4864 NetPipeActivator - ok
11:10:16.0039 4864 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
11:10:16.0045 4864 netprofm - ok
11:10:16.0072 4864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:16.0074 4864 NetTcpActivator - ok
11:10:16.0079 4864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:16.0081 4864 NetTcpPortSharing - ok
11:10:16.0572 4864 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
11:10:16.0681 4864 NETw4v32 - ok
11:10:17.0162 4864 [ 72466ACB50784545689EAD2473003CB5 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
11:10:17.0231 4864 NETw5v32 - ok
11:10:17.0339 4864 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:10:17.0373 4864 nfrd960 - ok
11:10:17.0434 4864 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:10:17.0457 4864 NisDrv - ok
11:10:17.0512 4864 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:10:17.0544 4864 NisSrv - ok
11:10:17.0603 4864 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:10:17.0608 4864 NlaSvc - ok
11:10:17.0694 4864 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:10:17.0695 4864 Npfs - ok
11:10:17.0835 4864 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
11:10:17.0841 4864 nsi - ok
11:10:17.0861 4864 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:10:17.0863 4864 nsiproxy - ok
11:10:18.0120 4864 [ C2B4B5D4B2EBCB3EC7B32104D244A570 ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
11:10:18.0124 4864 NSUService - ok
11:10:18.0379 4864 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:10:18.0643 4864 Ntfs - ok
11:10:18.0668 4864 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
11:10:18.0670 4864 ntrigdigi - ok
11:10:18.0717 4864 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
11:10:18.0718 4864 Null - ok
11:10:18.0924 4864 [ 39D8F5A92427C57309355199592EAD9F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:10:18.0990 4864 nvlddmkm - ok
11:10:19.0027 4864 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:10:19.0036 4864 nvraid - ok
11:10:19.0061 4864 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:10:19.0079 4864 nvstor - ok
11:10:19.0134 4864 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:10:19.0157 4864 nv_agp - ok
11:10:19.0208 4864 [ AA62BA29EF342D805555196F46FCAA4E ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
11:10:19.0210 4864 NWADI - ok
11:10:19.0216 4864 NwlnkFlt - ok
11:10:19.0223 4864 NwlnkFwd - ok
11:10:19.0330 4864 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:10:19.0452 4864 odserv - ok
11:10:19.0555 4864 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:10:19.0557 4864 ohci1394 - ok
11:10:19.0715 4864 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:10:19.0762 4864 ose - ok
11:10:20.0102 4864 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:10:20.0117 4864 p2pimsvc - ok
11:10:20.0411 4864 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
11:10:20.0425 4864 p2psvc - ok
11:10:20.0536 4864 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
11:10:20.0629 4864 PACSPTISVR - ok
11:10:20.0670 4864 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
11:10:20.0672 4864 Parport - ok
11:10:20.0718 4864 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:10:20.0748 4864 partmgr - ok
11:10:20.0768 4864 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:10:20.0770 4864 Parvdm - ok
11:10:20.0813 4864 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
11:10:20.0819 4864 PcaSvc - ok
11:10:20.0937 4864 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
11:10:21.0019 4864 pci - ok
11:10:21.0058 4864 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
11:10:21.0061 4864 pciide - ok
11:10:21.0168 4864 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:10:21.0198 4864 pcmcia - ok
11:10:21.0507 4864 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:10:21.0519 4864 PEAUTH - ok
11:10:21.0763 4864 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
11:10:21.0790 4864 pla - ok
11:10:21.0929 4864 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:10:21.0939 4864 PlugPlay - ok
11:10:22.0179 4864 [ B36CD3F2ECA751C0CA8B8868BD1C5449 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:10:22.0182 4864 Pml Driver HPZ12 - ok
11:10:22.0232 4864 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:10:22.0247 4864 PNRPAutoReg - ok
11:10:22.0269 4864 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:10:22.0284 4864 PNRPsvc - ok
11:10:22.0464 4864 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:10:22.0471 4864 PolicyAgent - ok
11:10:22.0600 4864 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:10:22.0601 4864 PptpMiniport - ok
11:10:22.0738 4864 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
11:10:22.0742 4864 Processor - ok
11:10:22.0820 4864 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
11:10:22.0829 4864 ProfSvc - ok
11:10:22.0886 4864 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
11:10:22.0891 4864 ProtectedStorage - ok
11:10:23.0066 4864 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
11:10:23.0084 4864 ProtexisLicensing - ok
11:10:23.0164 4864 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:10:23.0166 4864 PSched - ok
11:10:23.0209 4864 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
11:10:23.0238 4864 PxHelp20 - ok
11:10:23.0291 4864 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:10:23.0293 4864 QBCFMonitorService - ok
11:10:23.0507 4864 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:10:23.0727 4864 QBFCService - ok
11:10:24.0033 4864 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:10:24.0409 4864 ql2300 - ok
11:10:24.0855 4864 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:10:24.0991 4864 ql40xx - ok
11:10:25.0183 4864 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
11:10:25.0192 4864 QWAVE - ok
11:10:25.0287 4864 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:10:25.0289 4864 QWAVEdrv - ok
11:10:25.0356 4864 [ 50F35D449E84D74D3E06E89E62365108 ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
11:10:25.0368 4864 R5U870FLx86 - ok
11:10:25.0402 4864 [ 093E7B7F21DDB79DA81B07E660DA22F7 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
11:10:25.0405 4864 R5U870FUx86 - ok
11:10:25.0526 4864 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:10:25.0528 4864 RasAcd - ok
11:10:25.0630 4864 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
11:10:25.0637 4864 RasAuto - ok
11:10:25.0782 4864 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:10:25.0785 4864 Rasl2tp - ok
11:10:26.0078 4864 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
11:10:26.0087 4864 RasMan - ok
11:10:26.0113 4864 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:10:26.0115 4864 RasPppoe - ok
11:10:26.0167 4864 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:10:26.0169 4864 RasSstp - ok
11:10:26.0279 4864 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:10:26.0283 4864 rdbss - ok
11:10:26.0349 4864 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:10:26.0401 4864 RDPCDD - ok
11:10:26.0583 4864 [ 3A3A4C256B91276210D3A2FAF019313D ] RDPDISPM C:\Windows\system32\DRIVERS\rdpdispm.sys
11:10:26.0584 4864 RDPDISPM - ok
11:10:26.0728 4864 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
11:10:26.0732 4864 rdpdr - ok
11:10:26.0784 4864 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:10:26.0786 4864 RDPENCDD - ok
11:10:26.0993 4864 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:10:27.0019 4864 RDPWD - ok
11:10:27.0141 4864 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
11:10:27.0143 4864 regi - ok
11:10:27.0253 4864 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:10:27.0259 4864 RemoteAccess - ok
11:10:27.0330 4864 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:10:27.0338 4864 RemoteRegistry - ok
11:10:27.0443 4864 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:10:27.0446 4864 RFCOMM - ok
11:10:27.0621 4864 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
11:10:27.0627 4864 RpcLocator - ok
11:10:28.0014 4864 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
11:10:28.0030 4864 RpcSs - ok
11:10:28.0193 4864 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
11:10:28.0241 4864 RsFx0103 - ok
11:10:28.0304 4864 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:10:28.0306 4864 rspndr - ok
11:10:28.0406 4864 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
11:10:28.0440 4864 RTL8169 - ok
11:10:28.0469 4864 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
11:10:28.0473 4864 SamSs - ok
11:10:28.0543 4864 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:10:28.0593 4864 sbp2port - ok
11:10:28.0674 4864 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:10:28.0682 4864 SCardSvr - ok
11:10:29.0065 4864 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
11:10:29.0080 4864 Schedule - ok
11:10:29.0178 4864 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:10:29.0180 4864 SCPolicySvc - ok
11:10:29.0206 4864 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:10:29.0213 4864 SDRSVC - ok
11:10:29.0254 4864 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:10:29.0256 4864 secdrv - ok
11:10:29.0283 4864 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
11:10:29.0290 4864 seclogon - ok
11:10:29.0358 4864 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
11:10:29.0365 4864 SENS - ok
11:10:29.0398 4864 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:10:29.0424 4864 Serenum - ok
11:10:29.0462 4864 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
11:10:29.0486 4864 Serial - ok
11:10:29.0518 4864 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:10:29.0536 4864 sermouse - ok
11:10:29.0648 4864 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
11:10:29.0653 4864 SessionEnv - ok
11:10:29.0867 4864 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
11:10:29.0868 4864 SFEP - ok
11:10:30.0043 4864 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:10:30.0062 4864 sffdisk - ok
11:10:30.0079 4864 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:10:30.0081 4864 sffp_mmc - ok
11:10:30.0103 4864 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:10:30.0105 4864 sffp_sd - ok
11:10:30.0318 4864 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:10:30.0357 4864 sfloppy - ok
11:10:30.0459 4864 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:10:30.0464 4864 SharedAccess - ok
11:10:30.0518 4864 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:10:30.0525 4864 ShellHWDetection - ok
11:10:30.0682 4864 [ 5B36E43A535345599515D20FA77C8026 ] shpf C:\Windows\system32\DRIVERS\shpf.sys
11:10:30.0796 4864 shpf - ok
11:10:30.0861 4864 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:10:30.0881 4864 sisagp - ok
11:10:30.0968 4864 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:10:30.0979 4864 SiSRaid2 - ok
11:10:31.0005 4864 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:10:31.0022 4864 SiSRaid4 - ok
11:10:32.0072 4864 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
11:10:32.0107 4864 slsvc - ok
11:10:32.0198 4864 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:10:32.0205 4864 SLUINotify - ok
11:10:32.0261 4864 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:10:32.0262 4864 Smb - ok
11:10:32.0322 4864 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:10:32.0331 4864 SNMPTRAP - ok
11:10:32.0362 4864 [ 225A17C6AD0207A058D728C0FA87E61D ] SPI C:\Windows\system32\DRIVERS\SonyPI.sys
11:10:32.0364 4864 SPI - ok
11:10:32.0423 4864 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
11:10:32.0440 4864 spldr - ok
11:10:32.0502 4864 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
11:10:32.0509 4864 Spooler - ok
11:10:32.0625 4864 [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd C:\Windows\System32\Drivers\sptd.sys
11:10:32.0625 4864 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
11:10:32.0627 4864 sptd ( LockedFile.Multi.Generic ) - warning
11:10:32.0627 4864 sptd - detected LockedFile.Multi.Generic (1)
11:10:32.0725 4864 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
11:10:32.0755 4864 SPTISRV - ok
11:10:32.0990 4864 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
11:10:33.0066 4864 SQLAgent$SQLEXPRESS - ok
11:10:33.0172 4864 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:10:33.0176 4864 SQLBrowser - ok
11:10:33.0246 4864 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:10:33.0248 4864 SQLWriter - ok
11:10:33.0553 4864 [ FF3CBC13DB84D81F56931BC922CC37C4 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:10:33.0557 4864 srv - ok
11:10:33.0667 4864 [ D15959D9F69F0D39A0153E9C244F20DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:10:33.0671 4864 srv2 - ok
11:10:33.0699 4864 [ FAA0D553A49E85008C6BB3781987C574 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:10:33.0701 4864 srvnet - ok
11:10:33.0791 4864 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:10:33.0799 4864 SSDPSRV - ok
11:10:33.0836 4864 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:10:33.0841 4864 SstpSvc - ok
11:10:33.0959 4864 [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV C:\Windows\system32\stacsv.exe
11:10:33.0966 4864 STacSV - ok
11:10:34.0166 4864 [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA C:\Windows\system32\drivers\stwrt.sys
11:10:34.0171 4864 STHDA - ok
11:10:34.0283 4864 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:10:34.0285 4864 StillCam - ok
11:10:34.0406 4864 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
11:10:34.0419 4864 stisvc - ok
11:10:34.0445 4864 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:10:34.0451 4864 swenum - ok
11:10:34.0567 4864 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:10:34.0575 4864 SwitchBoard - ok
11:10:34.0734 4864 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
11:10:34.0746 4864 swprv - ok
11:10:34.0799 4864 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:10:34.0824 4864 Symc8xx - ok
11:10:34.0845 4864 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:10:34.0847 4864 Sym_hi - ok
11:10:34.0885 4864 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:10:34.0901 4864 Sym_u3 - ok
11:10:35.0165 4864 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
11:10:35.0179 4864 SysMain - ok
11:10:35.0218 4864 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:10:35.0226 4864 TabletInputService - ok
11:10:35.0349 4864 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:10:35.0359 4864 TapiSrv - ok
11:10:35.0462 4864 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
11:10:35.0470 4864 TBS - ok
11:10:35.0593 4864 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:10:35.0636 4864 Tcpip - ok
11:10:35.0667 4864 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:10:35.0685 4864 Tcpip6 - ok
11:10:35.0737 4864 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:10:35.0738 4864 tcpipreg - ok
11:10:35.0792 4864 [ 53900527FA5E2CCC818C5894383772D1 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
11:10:35.0816 4864 TcUsb - ok
11:10:35.0881 4864 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:10:35.0898 4864 TDPIPE - ok
11:10:36.0101 4864 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:10:36.0125 4864 TDTCP - ok
11:10:36.0247 4864 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:10:36.0249 4864 tdx - ok
11:10:36.0276 4864 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:10:36.0277 4864 TermDD - ok
11:10:36.0344 4864 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
11:10:36.0352 4864 TermService - ok
11:10:36.0407 4864 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
11:10:36.0413 4864 Themes - ok
11:10:36.0425 4864 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
11:10:36.0431 4864 THREADORDER - ok
11:10:36.0476 4864 [ 909CD987B54A8179C9AEE874D754721A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
11:10:36.0489 4864 ti21sony - ok
11:10:36.0572 4864 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
11:10:36.0610 4864 TPM - ok
11:10:36.0665 4864 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
11:10:36.0674 4864 TrkWks - ok
11:10:36.0751 4864 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:10:36.0752 4864 TrustedInstaller - ok
11:10:36.0804 4864 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:10:36.0829 4864 tssecsrv - ok
11:10:36.0869 4864 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:10:36.0870 4864 tunmp - ok
11:10:36.0883 4864 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:10:36.0885 4864 tunnel - ok
11:10:36.0943 4864 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:10:36.0955 4864 uagp35 - ok
11:10:37.0200 4864 [ 5704B9BF52BD0B611FE871F47A3230B9 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
11:10:37.0203 4864 uCamMonitor - ok
11:10:37.0282 4864 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:10:37.0295 4864 udfs - ok
11:10:37.0370 4864 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:10:37.0377 4864 UI0Detect - ok
11:10:37.0426 4864 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:10:37.0469 4864 uliagpkx - ok
11:10:37.0511 4864 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:10:37.0564 4864 uliahci - ok
11:10:37.0602 4864 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:10:37.0625 4864 UlSata - ok
11:10:37.0655 4864 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:10:37.0659 4864 ulsata2 - ok
11:10:37.0722 4864 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:10:37.0724 4864 umbus - ok
11:10:37.0798 4864 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
11:10:37.0804 4864 UmRdpService - ok
11:10:37.0988 4864 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
11:10:38.0113 4864 upnphost - ok
11:10:38.0180 4864 [ 334A38186A4BC53E8E57F28EB3273381 ] urvpndrv C:\Windows\system32\DRIVERS\covpnwlh.sys
11:10:38.0181 4864 urvpndrv - ok
11:10:38.0280 4864 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
11:10:38.0283 4864 USBAAPL - ok
11:10:38.0366 4864 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:10:38.0367 4864 usbaudio - ok
11:10:38.0439 4864 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:10:38.0441 4864 usbccgp - ok
11:10:38.0511 4864 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:10:38.0559 4864 usbcir - ok
11:10:38.0618 4864 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:10:38.0619 4864 usbehci - ok
11:10:38.0744 4864 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:10:38.0746 4864 usbhub - ok
11:10:38.0787 4864 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:10:38.0805 4864 usbohci - ok
11:10:38.0842 4864 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:10:38.0865 4864 usbprint - ok
11:10:38.0901 4864 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:10:38.0904 4864 USBSTOR - ok
11:10:38.0973 4864 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:10:38.0975 4864 usbuhci - ok
11:10:39.0227 4864 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:10:39.0230 4864 usbvideo - ok
11:10:39.0311 4864 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
11:10:39.0319 4864 UxSms - ok
11:10:39.0411 4864 [ AFBCD738DF9DE3B6D71AFC704E7F27FB ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
11:10:39.0516 4864 VAIO Entertainment TV Device Arbitration Service - ok
11:10:39.0711 4864 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
11:10:39.0715 4864 VAIO Event Service - ok
11:10:39.0894 4864 [ 4B8F85BFC82B849D52FD4F3F32259DBC ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
11:10:40.0538 4864 VAIOMediaPlatform-IntegratedServer-AppServer - ok
11:10:40.0608 4864 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
11:10:40.0638 4864 VAIOMediaPlatform-IntegratedServer-HTTP - ok
11:10:40.0680 4864 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
11:10:40.0975 4864 VAIOMediaPlatform-IntegratedServer-UPnP - ok
11:10:41.0030 4864 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
11:10:41.0296 4864 VAIOMediaPlatform-UCLS-AppServer - ok
11:10:41.0325 4864 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
11:10:41.0331 4864 VAIOMediaPlatform-UCLS-HTTP - ok
11:10:41.0541 4864 [ 58558F3DC2FEF127B697D1138A8D7AFB ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
11:10:41.0557 4864 VAIOMediaPlatform-UCLS-UPnP - ok
11:10:41.0628 4864 [ 6EF45DF2FCC4AE35C715A6C9B5C68B17 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
11:10:41.0643 4864 VcmIAlzMgr - ok
11:10:41.0693 4864 [ C4DE5BA157FD83BBDAEB70EE27417E0E ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
11:10:41.0696 4864 VcmXmlIfHelper - ok
11:10:41.0717 4864 Vcsw - ok
11:10:41.0839 4864 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
11:10:41.0847 4864 vds - ok
11:10:41.0910 4864 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:10:41.0934 4864 vga - ok
11:10:41.0976 4864 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
11:10:41.0977 4864 VgaSave - ok
11:10:42.0019 4864 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:10:42.0086 4864 viaagp - ok
11:10:42.0128 4864 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:10:42.0142 4864 ViaC7 - ok
11:10:42.0168 4864 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
11:10:42.0181 4864 viaide - ok
11:10:42.0300 4864 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:10:42.0374 4864 volmgr - ok
11:10:42.0575 4864 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:10:42.0601 4864 volmgrx - ok
11:10:42.0709 4864 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:10:42.0757 4864 volsnap - ok
11:10:42.0790 4864 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:10:42.0795 4864 vsmraid - ok
11:10:42.0878 4864 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
11:10:42.0893 4864 VSS - ok
11:10:43.0159 4864 [ 2E785F4F92C4C67CEBB61DD55ED1F6A1 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
11:10:43.0161 4864 VzCdbSvc - ok
11:10:43.0196 4864 [ 2D876CAD8C7FFB08179DFF361FF851E6 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
11:10:43.0198 4864 VzFw - ok
11:10:43.0469 4864 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
11:10:43.0480 4864 W32Time - ok
11:10:43.0579 4864 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:10:43.0582 4864 WacomPen - ok
11:10:43.0671 4864 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:10:43.0673 4864 Wanarp - ok
11:10:43.0681 4864 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:10:43.0684 4864 Wanarpv6 - ok
11:10:43.0845 4864 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
11:10:43.0864 4864 wbengine - ok
11:10:44.0015 4864 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:10:44.0025 4864 wcncsvc - ok
11:10:44.0091 4864 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:10:44.0097 4864 WcsPlugInService - ok
11:10:44.0130 4864 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
11:10:44.0133 4864 Wd - ok
11:10:44.0291 4864 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:10:44.0474 4864 Wdf01000 - ok
11:10:44.0496 4864 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:10:44.0501 4864 WdiServiceHost - ok
11:10:44.0586 4864 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:10:44.0592 4864 WdiSystemHost - ok
11:10:44.0698 4864 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
11:10:44.0704 4864 WebClient - ok
11:10:44.0865 4864 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:10:44.0871 4864 Wecsvc - ok
11:10:44.0981 4864 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:10:44.0986 4864 wercplsupport - ok
11:10:45.0033 4864 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
11:10:45.0042 4864 WerSvc - ok
11:10:45.0102 4864 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:10:45.0128 4864 WimFltr - ok
11:10:45.0173 4864 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:10:45.0183 4864 winachsf - ok
11:10:45.0416 4864 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:10:45.0421 4864 WinDefend - ok
11:10:45.0447 4864 WinHttpAutoProxySvc - ok
11:10:45.0715 4864 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:10:45.0718 4864 Winmgmt - ok
11:10:46.0090 4864 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
11:10:46.0116 4864 WinRM - ok
11:10:46.0264 4864 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:10:46.0279 4864 Wlansvc - ok
11:10:46.0644 4864 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:10:46.0647 4864 wlcrasvc - ok
11:10:46.0970 4864 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:10:46.0997 4864 wlidsvc - ok
11:10:47.0048 4864 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:10:47.0051 4864 WmiAcpi - ok
11:10:47.0173 4864 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:10:47.0177 4864 wmiApSrv - ok
11:10:47.0325 4864 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:10:47.0334 4864 WMPNetworkSvc - ok
11:10:47.0520 4864 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:10:47.0529 4864 WPCSvc - ok
11:10:47.0598 4864 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:10:47.0606 4864 WPDBusEnum - ok
11:10:47.0746 4864 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
11:10:47.0761 4864 WpdUsb - ok
11:10:48.0324 4864 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:10:48.0398 4864 WPFFontCache_v0400 - ok
11:10:48.0460 4864 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:10:48.0484 4864 ws2ifsl - ok
11:10:48.0603 4864 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
11:10:48.0611 4864 wscsvc - ok
11:10:48.0622 4864 WSearch - ok
11:10:48.0877 4864 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:10:48.0914 4864 wuauserv - ok
11:10:49.0024 4864 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:10:49.0026 4864 WUDFRd - ok
11:10:49.0066 4864 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:10:49.0075 4864 wudfsvc - ok
11:10:49.0122 4864 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
11:10:49.0123 4864 XAudio - ok
11:10:49.0246 4864 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
11:10:49.0253 4864 XAudioService - ok
11:10:49.0348 4864 [ ADE7A4943003020216952B56A6741EC7 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
11:10:49.0352 4864 yukonwlh - ok
11:10:49.0376 4864 ================ Scan global ===============================
11:10:49.0575 4864 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:10:49.0674 4864 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:10:49.0702 4864 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:10:49.0845 4864 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:10:49.0855 4864 [Global] - ok
11:10:49.0856 4864 ================ Scan MBR ==================================
11:10:49.0878 4864 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:10:52.0767 4864 \Device\Harddisk0\DR0 - ok
11:10:52.0777 4864 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
11:10:52.0795 4864 \Device\Harddisk2\DR2 - ok
11:10:52.0796 4864 ================ Scan VBR ==================================
11:10:52.0819 4864 [ FCEB67B8DAF20228C162ED1514662272 ] \Device\Harddisk0\DR0\Partition1
11:10:52.0822 4864 \Device\Harddisk0\DR0\Partition1 - ok
11:10:52.0833 4864 [ 32BF791E5568B85AE95E29B697B01E8A ] \Device\Harddisk0\DR0\Partition2
11:10:52.0835 4864 \Device\Harddisk0\DR0\Partition2 - ok
11:10:52.0841 4864 [ C626E6F0B86410FF3F27A795505988B3 ] \Device\Harddisk2\DR2\Partition1
11:10:52.0845 4864 \Device\Harddisk2\DR2\Partition1 - ok
11:10:52.0845 4864 ============================================================
11:10:52.0845 4864 Scan finished
11:10:52.0845 4864 ============================================================
11:10:52.0856 4856 Detected object count: 2
11:10:52.0856 4856 Actual detected object count: 2
11:10:56.0909 4856 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:10:56.0909 4856 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:10:56.0910 4856 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:10:56.0910 4856 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:11:07.0969 2060 Deinitialize success


****************************************
aswMBR
****************************************
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 11:11:47
-----------------------------
11:11:47.848 OS Version: Windows 6.0.6002 Service Pack 2
11:11:47.848 Number of processors: 2 586 0x1706
11:11:47.850 ComputerName: NOTEBOOK-SC UserName: Steffany
11:12:31.925 Initialize success
11:16:16.069 AVAST engine defs: 12082700
11:16:25.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
11:16:25.582 Disk 0 Vendor: Hitachi_HTS722020K9SA00 DC4OC50P Size: 190782MB BusType: 3
11:16:25.612 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
11:16:25.625 Disk 1 Vendor: ( Size: 190782MB BusType: 0
11:16:25.761 Disk 0 MBR read successfully
11:16:25.769 Disk 0 MBR scan
11:16:25.834 Disk 0 Windows VISTA default MBR code
11:16:26.034 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10728 MB offset 2048
11:16:26.268 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1536 MB offset 21972992
11:16:26.348 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 178516 MB offset 25118720
11:16:26.457 Disk 0 scanning sectors +390719920
11:16:26.659 Disk 0 scanning C:\Windows\system32\drivers
11:18:23.577 Service scanning
11:18:40.313 Disk 0 MBR has been saved successfully to "C:\Users\Steffany\Desktop\MBR.dat"
11:18:40.335 The log file has been saved successfully to "C:\Users\Steffany\Desktop\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 AM

Posted 28 August 2012 - 07:37 AM

We can continue.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

Please let me know what problem persists.

#5 with2fs

with2fs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:49 PM

Posted 28 August 2012 - 02:45 PM

*******************************
ComboFix
*******************************
ComboFix 12-08-28.03 - Steffany 08/28/2012 11:56:12.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1857 [GMT -7:00]
Running from: c:\users\Steffany\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 19:18 . 2012-08-28 19:19 -------- d-----w- c:\users\Steffany\AppData\Local\temp
2012-08-28 19:18 . 2012-08-28 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 18:46 . 2012-08-28 18:46 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E544C3E3-86FF-484F-90C0-D6FB1C3469A4}\MpKsld473a4b4.sys
2012-08-27 18:28 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E544C3E3-86FF-484F-90C0-D6FB1C3469A4}\mpengine.dll
2012-08-27 17:59 . 2012-08-27 17:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-22 19:29 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-07 03:33 . 2012-08-07 03:32 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-01 21:10 . 2012-08-01 21:54 -------- d-----w- c:\programdata\WeCareReminder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 19:15 . 2012-05-01 20:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 19:15 . 2011-05-15 19:18 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 03:32 . 2010-05-27 13:17 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-24 16:21 . 2010-05-28 02:04 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-07-24 15:45 . 2010-10-11 14:06 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-24 15:38 . 2010-08-24 22:57 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-07-24 15:36 . 2012-07-24 15:36 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-24 15:36 . 2012-07-24 15:36 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-24 15:36 . 2012-07-24 15:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-24 15:36 . 2012-07-24 15:36 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-24 15:36 . 2012-07-24 15:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-24 15:36 . 2012-07-24 15:36 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-24 15:36 . 2012-07-24 15:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-24 15:36 . 2012-07-24 15:36 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-24 15:36 . 2012-07-24 15:36 367104 ----a-w- c:\windows\system32\html.iec
2012-07-24 15:36 . 2012-07-24 15:36 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-24 15:36 . 2012-07-24 15:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-24 15:36 . 2012-07-24 15:36 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-24 15:36 . 2012-07-24 15:36 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-24 15:36 . 2012-07-24 15:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-24 15:35 . 2012-07-24 15:35 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-24 15:35 . 2012-07-24 15:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-24 15:35 . 2012-07-24 15:35 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-24 15:35 . 2012-07-24 15:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-24 15:35 . 2012-07-24 15:35 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-24 15:35 . 2012-07-24 15:35 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-24 15:35 . 2012-07-24 15:35 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-17 23:32 . 2012-07-17 23:32 115712 ----a-w- c:\programdata\Microsoft\Windows\DRM\EB8A.tmp
2012-07-16 09:41 . 2012-07-24 15:07 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3932A51C-94D6-4637-9962-91842B241085}\mpengine.dll
2012-06-13 13:40 . 2012-07-24 16:14 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-24 14:48 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-24 14:48 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-23 22:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-23 22:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 22:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 22:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 22:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 22:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 22:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 22:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-23 22:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-07 02:27 . 2011-03-22 22:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 18:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 06:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 06:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-11-26 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Facebook Update"="c:\users\Steffany\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Akamai NetSession Interface"="c:\users\Steffany\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-10-12 118784]
"DRCU"="c:\program files\Sony\DRCU\DRCU.exe" [2007-06-18 73728]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-18 154392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-18 138008]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-18 133912]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-06-06 49168]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-24 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-24 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 06:03 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD473A4B4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3210526415-1040436305-2134037438-1003Core.job
- c:\users\Steffany\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 05:54]
.
2012-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3210526415-1040436305-2134037438-1003UA.job
- c:\users\Steffany\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 05:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: cengage.com\access
Trusted Zone: cengage.com\contractoraccess
TCP: DhcpNameServer = 192.168.1.254
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\Steffany\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\Steffany\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\Steffany\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {81F30245-2419-4B8F-85AC-DE13CD0659D7} - hxxp://173.8.77.233/RtspVaPgDec.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\Steffany\AppData\Local\Temp\f5tmp\f5opswati.cab
FF - ProfilePath - c:\users\Steffany\AppData\Roaming\Mozilla\Firefox\Profiles\5lwilbvi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-09699882.sys
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 12:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2012-08-28 12:23:47
ComboFix-quarantined-files.txt 2012-08-28 19:23
.
Pre-Run: 17,296,306,176 bytes free
Post-Run: 21,963,980,800 bytes free
.
- - End Of File - - A45632474433434C567346CB1144CAA5

**************************************
SecutiyCheck
**************************************
Results of screen317's Security Check version 0.99.48
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

*************************************
adwCleaner
*************************************
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 12:39:54
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Steffany - NOTEBOOK-SC
# Boot Mode : Normal
# Running from : C:\Users\Steffany\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Steffany\AppData\Roaming\Mozilla\Firefox\Profiles\5lwilbvi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [995 octets] - [28/08/2012 12:39:54]

########## EOF - C:\AdwCleaner[R1].txt - [1122 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 AM

Posted 29 August 2012 - 08:00 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 33
Java™ SE Runtime Environment 6

Remove also this old version of Flash.
Adobe Flash Player 10


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Remove the AdWare, PUB found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please let me know of any remaining issues with this computer.

#7 with2fs

with2fs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:49 PM

Posted 30 August 2012 - 01:42 PM

Java- updated
Flash- updated
Reader- updated

*******
AdwCleaner
*******
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 11:33:33
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Steffany - NOTEBOOK-SC
# Boot Mode : Normal
# Running from : C:\Users\Steffany\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Steffany\AppData\Roaming\Mozilla\Firefox\Profiles\5lwilbvi.default\extensions\staged
Folder Deleted : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Steffany\AppData\Roaming\Mozilla\Firefox\Profiles\5lwilbvi.default\prefs.js

C:\Users\Steffany\AppData\Roaming\Mozilla\Firefox\Profiles\5lwilbvi.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1123 octets] - [28/08/2012 12:39:54]
AdwCleaner[S1].txt - [1274 octets] - [30/08/2012 11:33:33]

########## EOF - C:\AdwCleaner[S1].txt - [1402 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:49 AM

Posted 31 August 2012 - 06:30 AM

Looking good.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove adwcleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.
===

Surf Safely, and Think Prevention!

#9 with2fs

with2fs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:49 PM

Posted 31 August 2012 - 08:52 AM

Thank you so much for your time and effort!

Steffany




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users