Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess infection


  • Please log in to reply
13 replies to this topic

#1 D-ave-pty

D-ave-pty

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 29 September 2012 - 09:37 AM

Hi all,

My Mum managed to get the ZeroAccess trojan on her laptop (ZeroAccess!cfg, ZeroAccess.ee, ZeroAccess.el, ZeroAccess.eh), which was constantly flagged up by McAfee – but it was unable to remove it successfully. We disconnected the laptop from the internet, and I set about removing it using non-invasive removal tools (TDSSKiller by Kaspersky, AswMBR by Avast, ESET - Online Scanner, MalwareBytes, FixZeroAccess - Symantec, AVG ZeroAccess Remover) - which seem to have done the trick.

However, something somewhere is still trying to load a malicious .dll which was removed during the cleaning process. Due to this, I'm not entirely convinced that the machine is clean - would someone be able to help confirm whether this is the case or not?

The dll error we receive at startup is:

RunDLL
Error Loading: C:\Users\pat\AppData\Roaming\actes.dll

Any help you can give would be very much appreciated. Unfortunately we don't have a Vista installation disk, otherwise I would try doing a system repair.

The laptop's running Windows Vista, which should be fully up-to-date.

Thanks,
Dave :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 29 September 2012 - 09:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 29 September 2012 - 03:04 PM

Hi,

Thanks for your quick response. I have run the three scans as requested. I have two log files, however the ESET scan didn't find anything - so I'm unable to export the list of found threats.

The log files are as follows:

===
===

TDSSkiller:

15:58:41.0566 3456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:58:45.0534 3456 ============================================================
15:58:45.0534 3456 Current date / time: 2012/09/29 15:58:45.0534
15:58:45.0534 3456 SystemInfo:
15:58:45.0534 3456
15:58:45.0534 3456 OS Version: 6.0.6002 ServicePack: 2.0
15:58:45.0534 3456 Product type: Workstation
15:58:45.0534 3456 ComputerName: PAT-PC
15:58:45.0549 3456 UserName: pat
15:58:45.0549 3456 Windows directory: C:\Windows
15:58:45.0549 3456 System windows directory: C:\Windows
15:58:45.0549 3456 Processor architecture: Intel x86
15:58:45.0549 3456 Number of processors: 2
15:58:45.0549 3456 Page size: 0x1000
15:58:45.0549 3456 Boot type: Normal boot
15:58:45.0549 3456 ============================================================
15:58:53.0342 3456 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:58:53.0354 3456 ============================================================
15:58:53.0354 3456 \Device\Harddisk0\DR0:
15:58:53.0354 3456 MBR partitions:
15:58:53.0354 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1254800, BlocksNum 0x39131000
15:58:53.0354 3456 ============================================================
15:58:53.0388 3456 C: <-> \Device\Harddisk0\DR0\Partition1
15:58:53.0389 3456 ============================================================
15:58:53.0389 3456 Initialize success
15:58:53.0389 3456 ============================================================
15:59:33.0099 7604 ============================================================
15:59:33.0099 7604 Scan started
15:59:33.0099 7604 Mode: Manual; TDLFS;
15:59:33.0099 7604 ============================================================
15:59:33.0883 7604 ================ Scan system memory ========================
15:59:33.0883 7604 System memory - ok
15:59:33.0886 7604 ================ Scan services =============================
15:59:34.0114 7604 [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883 C:\Windows\system32\DRIVERS\61883.sys
15:59:34.0125 7604 61883 - ok
15:59:34.0197 7604 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:59:34.0206 7604 ACPI - ok
15:59:34.0304 7604 [ AF6481C648EA9A76569AACB73EAC286A ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
15:59:34.0328 7604 AcrSch2Svc - ok
15:59:34.0438 7604 [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs C:\Windows\system32\drivers\adfs.sys
15:59:34.0566 7604 adfs - ok
15:59:34.0650 7604 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:34.0651 7604 AdobeARMservice - ok
15:59:34.0765 7604 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:34.0769 7604 AdobeFlashPlayerUpdateSvc - ok
15:59:34.0823 7604 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:59:34.0834 7604 adp94xx - ok
15:59:34.0898 7604 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:59:34.0906 7604 adpahci - ok
15:59:34.0952 7604 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:59:34.0959 7604 adpu160m - ok
15:59:34.0975 7604 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:59:34.0985 7604 adpu320 - ok
15:59:35.0061 7604 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:59:35.0063 7604 AeLookupSvc - ok
15:59:35.0098 7604 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:59:35.0258 7604 AFD - ok
15:59:35.0305 7604 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:59:35.0312 7604 agp440 - ok
15:59:35.0348 7604 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:59:35.0354 7604 aic78xx - ok
15:59:35.0383 7604 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:59:35.0385 7604 ALG - ok
15:59:35.0406 7604 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:59:35.0412 7604 aliide - ok
15:59:35.0431 7604 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:59:35.0436 7604 amdagp - ok
15:59:35.0452 7604 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
15:59:35.0457 7604 amdide - ok
15:59:35.0479 7604 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:59:35.0485 7604 AmdK7 - ok
15:59:35.0506 7604 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:59:35.0513 7604 AmdK8 - ok
15:59:35.0548 7604 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:59:35.0550 7604 Appinfo - ok
15:59:35.0606 7604 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:59:35.0608 7604 Apple Mobile Device - ok
15:59:35.0635 7604 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:59:35.0641 7604 arc - ok
15:59:35.0710 7604 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:59:35.0747 7604 arcsas - ok
15:59:35.0799 7604 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:35.0931 7604 AsyncMac - ok
15:59:35.0994 7604 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:59:35.0995 7604 atapi - ok
15:59:36.0221 7604 [ 6A4F57F83AEECC0BCB139389DB4FDAEA ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:59:36.0234 7604 Ati External Event Utility - ok
15:59:36.0479 7604 [ 0BE6ED329AA8EF85EBB890D336071E7C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:59:36.0603 7604 atikmdag - ok
15:59:36.0729 7604 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:59:36.0857 7604 AudioEndpointBuilder - ok
15:59:36.0869 7604 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:59:36.0872 7604 Audiosrv - ok
15:59:36.0933 7604 [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc C:\Windows\system32\DRIVERS\avc.sys
15:59:36.0937 7604 Avc - ok
15:59:36.0999 7604 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:59:37.0002 7604 Beep - ok
15:59:37.0067 7604 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:59:37.0081 7604 BFE - ok
15:59:37.0195 7604 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:59:37.0212 7604 BITS - ok
15:59:37.0234 7604 blbdrive - ok
15:59:37.0381 7604 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:59:37.0387 7604 Bonjour Service - ok
15:59:37.0456 7604 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:59:37.0513 7604 bowser - ok
15:59:37.0608 7604 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:59:37.0614 7604 BrFiltLo - ok
15:59:37.0674 7604 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:59:37.0680 7604 BrFiltUp - ok
15:59:37.0763 7604 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:59:37.0766 7604 Browser - ok
15:59:37.0872 7604 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:59:37.0880 7604 Brserid - ok
15:59:37.0929 7604 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:59:37.0936 7604 BrSerWdm - ok
15:59:38.0001 7604 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:59:38.0013 7604 BrUsbMdm - ok
15:59:38.0034 7604 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:59:38.0054 7604 BrUsbSer - ok
15:59:38.0085 7604 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:59:38.0090 7604 BTHMODEM - ok
15:59:38.0138 7604 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:59:38.0144 7604 cdfs - ok
15:59:38.0171 7604 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:59:38.0178 7604 cdrom - ok
15:59:38.0229 7604 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:59:38.0230 7604 CertPropSvc - ok
15:59:38.0270 7604 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
15:59:38.0336 7604 cfwids - ok
15:59:38.0435 7604 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:59:38.0512 7604 circlass - ok
15:59:38.0744 7604 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:59:38.0899 7604 CLFS - ok
15:59:39.0702 7604 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:39.0721 7604 clr_optimization_v2.0.50727_32 - ok
15:59:39.0954 7604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:40.0088 7604 clr_optimization_v4.0.30319_32 - ok
15:59:40.0185 7604 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:40.0202 7604 CmBatt - ok
15:59:40.0265 7604 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:59:40.0329 7604 cmdide - ok
15:59:40.0378 7604 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:59:40.0397 7604 Compbatt - ok
15:59:40.0427 7604 COMSysApp - ok
15:59:40.0455 7604 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:59:40.0474 7604 crcdisk - ok
15:59:40.0505 7604 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:59:40.0525 7604 Crusoe - ok
15:59:40.0619 7604 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:59:40.0783 7604 CryptSvc - ok
15:59:40.0900 7604 [ 496F879915A7019021DE57D314C454EC ] DCamUSBAverMedia2 C:\Windows\system32\Drivers\AVerCamBulkASIC.sys
15:59:41.0100 7604 DCamUSBAverMedia2 - ok
15:59:41.0501 7604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:59:41.0561 7604 DcomLaunch - ok
15:59:41.0809 7604 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:59:41.0957 7604 DfsC - ok
15:59:42.0888 7604 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:59:43.0373 7604 DFSR - ok
15:59:43.0952 7604 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:59:43.0974 7604 Dhcp - ok
15:59:44.0251 7604 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:59:44.0270 7604 disk - ok
15:59:44.0449 7604 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
15:59:44.0523 7604 DMICall - ok
15:59:44.0572 7604 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:59:44.0632 7604 Dnscache - ok
15:59:44.0684 7604 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:59:44.0765 7604 dot3svc - ok
15:59:45.0054 7604 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:59:45.0058 7604 DPS - ok
15:59:45.0733 7604 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:59:45.0787 7604 drmkaud - ok
15:59:45.0862 7604 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:59:45.0988 7604 DXGKrnl - ok
15:59:46.0017 7604 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:59:46.0035 7604 E1G60 - ok
15:59:46.0125 7604 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:59:46.0152 7604 EapHost - ok
15:59:46.0260 7604 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:59:46.0270 7604 Ecache - ok
15:59:46.0366 7604 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:59:46.0386 7604 ehRecvr - ok
15:59:46.0421 7604 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:59:46.0438 7604 ehSched - ok
15:59:46.0472 7604 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:59:46.0474 7604 ehstart - ok
15:59:46.0538 7604 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:59:46.0552 7604 elxstor - ok
15:59:46.0650 7604 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:59:46.0672 7604 EMDMgmt - ok
15:59:46.0717 7604 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:59:46.0779 7604 EventSystem - ok
15:59:46.0832 7604 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:59:46.0854 7604 exfat - ok
15:59:46.0956 7604 [ 205563E1F3255B5AEFB7557350D0DD5B ] F5U228.X86 C:\Windows\system32\DRIVERS\F5U228.X86.SYS
15:59:47.0033 7604 F5U228.X86 - ok
15:59:47.0084 7604 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:59:47.0107 7604 fastfat - ok
15:59:47.0150 7604 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:59:47.0172 7604 fdc - ok
15:59:47.0216 7604 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:59:47.0218 7604 fdPHost - ok
15:59:47.0258 7604 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:59:47.0260 7604 FDResPub - ok
15:59:47.0309 7604 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:59:47.0313 7604 FileInfo - ok
15:59:47.0352 7604 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:59:47.0356 7604 Filetrace - ok
15:59:47.0439 7604 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:59:47.0465 7604 FLEXnet Licensing Service - ok
15:59:47.0507 7604 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:47.0515 7604 flpydisk - ok
15:59:47.0608 7604 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:59:47.0631 7604 FltMgr - ok
15:59:47.0826 7604 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:59:47.0872 7604 FontCache - ok
15:59:47.0991 7604 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:59:48.0262 7604 FontCache3.0.0.0 - ok
15:59:48.0312 7604 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:59:48.0373 7604 Fs_Rec - ok
15:59:48.0414 7604 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:59:48.0434 7604 gagp30kx - ok
15:59:48.0496 7604 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:59:48.0571 7604 GEARAspiWDM - ok
15:59:48.0630 7604 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:59:48.0659 7604 gpsvc - ok
15:59:48.0769 7604 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:48.0774 7604 gupdate - ok
15:59:48.0898 7604 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:48.0899 7604 gupdatem - ok
15:59:48.0964 7604 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:59:49.0053 7604 gusvc - ok
15:59:49.0096 7604 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:59:49.0107 7604 HdAudAddService - ok
15:59:49.0254 7604 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:49.0287 7604 HDAudBus - ok
15:59:49.0322 7604 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:59:49.0328 7604 HidBth - ok
15:59:49.0440 7604 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:59:49.0459 7604 HidIr - ok
15:59:49.0499 7604 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:59:49.0609 7604 hidserv - ok
15:59:49.0653 7604 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:59:49.0815 7604 HidUsb - ok
15:59:49.0862 7604 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:59:49.0880 7604 hkmsvc - ok
15:59:50.0015 7604 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:59:50.0032 7604 HpCISSs - ok
15:59:50.0398 7604 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:59:50.0443 7604 HSFHWAZL - ok
15:59:50.0499 7604 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:59:50.0674 7604 HSF_DPV - ok
15:59:50.0765 7604 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:59:50.0872 7604 HSXHWAZL - ok
15:59:50.0973 7604 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:59:50.0986 7604 HTTP - ok
15:59:51.0268 7604 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:59:51.0283 7604 i2omp - ok
15:59:51.0703 7604 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:51.0813 7604 i8042prt - ok
15:59:52.0107 7604 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:59:52.0202 7604 iaStorV - ok
15:59:52.0272 7604 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:59:53.0158 7604 IDriverT - ok
15:59:53.0258 7604 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:59:53.0412 7604 idsvc - ok
15:59:53.0444 7604 igfx - ok
15:59:53.0473 7604 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:59:53.0480 7604 iirsp - ok
15:59:53.0625 7604 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:59:53.0633 7604 IKEEXT - ok
15:59:53.0762 7604 [ 2BD6633DB50A98534AA3262E0F9F5A14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:59:53.0914 7604 IntcAzAudAddService - ok
15:59:53.0944 7604 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:59:53.0948 7604 intelide - ok
15:59:53.0986 7604 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:59:53.0992 7604 intelppm - ok
15:59:54.0029 7604 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:59:54.0037 7604 IPBusEnum - ok
15:59:54.0080 7604 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:54.0085 7604 IpFilterDriver - ok
15:59:54.0095 7604 IpInIp - ok
15:59:54.0208 7604 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:59:54.0214 7604 IPMIDRV - ok
15:59:54.0251 7604 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:59:54.0257 7604 IPNAT - ok
15:59:54.0323 7604 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:59:54.0349 7604 iPod Service - ok
15:59:54.0378 7604 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:59:54.0389 7604 IRENUM - ok
15:59:54.0411 7604 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:59:54.0422 7604 isapnp - ok
15:59:54.0466 7604 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:59:54.0476 7604 iScsiPrt - ok
15:59:54.0520 7604 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:59:54.0543 7604 iteatapi - ok
15:59:54.0567 7604 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:59:54.0583 7604 iteraid - ok
15:59:54.0630 7604 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:59:54.0633 7604 IviRegMgr - ok
15:59:54.0659 7604 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:54.0663 7604 kbdclass - ok
15:59:54.0702 7604 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:54.0708 7604 kbdhid - ok
15:59:54.0785 7604 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:59:54.0787 7604 KeyIso - ok
15:59:54.0896 7604 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:59:54.0993 7604 KSecDD - ok
15:59:55.0048 7604 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:59:55.0062 7604 KtmRm - ok
15:59:55.0112 7604 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:59:55.0117 7604 LanmanServer - ok
15:59:55.0160 7604 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:55.0166 7604 LanmanWorkstation - ok
15:59:55.0273 7604 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
15:59:55.0287 7604 LiveUpdate Notice Service - ok
15:59:55.0347 7604 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:59:55.0354 7604 lltdio - ok
15:59:55.0424 7604 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:59:55.0434 7604 lltdsvc - ok
15:59:55.0511 7604 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:59:55.0515 7604 lmhosts - ok
15:59:55.0588 7604 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:59:55.0649 7604 LSI_FC - ok
15:59:55.0703 7604 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:59:55.0712 7604 LSI_SAS - ok
15:59:55.0758 7604 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:59:55.0772 7604 LSI_SCSI - ok
15:59:55.0836 7604 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:59:55.0842 7604 luafv - ok
15:59:55.0949 7604 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
15:59:56.0084 7604 MarvinBus - ok
15:59:56.0203 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0208 7604 McAfee SiteAdvisor Service - ok
15:59:56.0221 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0223 7604 McMPFSvc - ok
15:59:56.0244 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0246 7604 mcmscsvc - ok
15:59:56.0289 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0291 7604 McNaiAnn - ok
15:59:56.0338 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0341 7604 McNASvc - ok
15:59:56.0510 7604 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:59:56.0546 7604 McODS - ok
15:59:56.0607 7604 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:59:56.0610 7604 McProxy - ok
15:59:56.0675 7604 [ 85DB8DDD2D664716BB5B2D3405F9EF92 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:59:56.0679 7604 McShield - ok
15:59:56.0796 7604 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:59:56.0801 7604 Mcx2Svc - ok
15:59:56.0945 7604 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:59:56.0980 7604 MDM - ok
15:59:57.0019 7604 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:59:57.0029 7604 mdmxsdk - ok
15:59:57.0078 7604 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:59:57.0084 7604 megasas - ok
15:59:57.0140 7604 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:59:57.0144 7604 mfeapfk - ok
15:59:57.0244 7604 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
15:59:57.0327 7604 mfeavfk - ok
15:59:57.0401 7604 mfeavfk01 - ok
15:59:57.0428 7604 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
15:59:57.0430 7604 mfebopk - ok
15:59:57.0557 7604 [ 183AB9DCE971E029C50223765671839C ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:59:57.0560 7604 mfefire - ok
15:59:57.0601 7604 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
15:59:57.0679 7604 mfefirek - ok
15:59:57.0757 7604 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:59:57.0904 7604 mfehidk - ok
15:59:57.0922 7604 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
15:59:58.0003 7604 mfenlfk - ok
15:59:58.0029 7604 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
15:59:58.0096 7604 mferkdet - ok
15:59:58.0131 7604 [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp C:\Windows\system32\mfevtps.exe
15:59:58.0136 7604 mfevtp - ok
15:59:58.0174 7604 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
15:59:58.0247 7604 mfewfpk - ok
15:59:58.0366 7604 MFE_RR - ok
15:59:58.0402 7604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:59:58.0405 7604 MMCSS - ok
15:59:58.0427 7604 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:59:58.0435 7604 Modem - ok
15:59:58.0460 7604 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:59:58.0464 7604 monitor - ok
15:59:58.0491 7604 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:59:58.0511 7604 mouclass - ok
15:59:58.0544 7604 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:59:58.0567 7604 mouhid - ok
15:59:58.0634 7604 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:59:58.0639 7604 MountMgr - ok
15:59:58.0725 7604 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:59:58.0728 7604 MozillaMaintenance - ok
15:59:58.0780 7604 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:59:58.0812 7604 mpio - ok
15:59:58.0835 7604 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:59:58.0842 7604 mpsdrv - ok
15:59:58.0876 7604 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:59:58.0892 7604 MpsSvc - ok
15:59:58.0917 7604 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:59:58.0925 7604 Mraid35x - ok
15:59:58.0974 7604 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:59:58.0980 7604 MRxDAV - ok
15:59:59.0042 7604 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:59.0182 7604 mrxsmb - ok
15:59:59.0212 7604 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:59.0494 7604 mrxsmb10 - ok
15:59:59.0515 7604 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:59.0647 7604 mrxsmb20 - ok
15:59:59.0671 7604 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
15:59:59.0678 7604 msahci - ok
15:59:59.0824 7604 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
15:59:59.0942 7604 MSCSPTISRV - ok
15:59:59.0968 7604 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:00:00.0010 7604 msdsm - ok
16:00:00.0090 7604 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:00:00.0125 7604 MSDTC - ok
16:00:00.0717 7604 [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
16:00:00.0768 7604 MSDV - ok
16:00:00.0792 7604 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:00:00.0835 7604 Msfs - ok
16:00:00.0895 7604 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:00:00.0926 7604 msisadrv - ok
16:00:01.0009 7604 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:00:01.0034 7604 MSiSCSI - ok
16:00:01.0041 7604 msiserver - ok
16:00:01.0089 7604 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:00:01.0130 7604 MSKSSRV - ok
16:00:01.0166 7604 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:00:01.0193 7604 MSPCLOCK - ok
16:00:01.0272 7604 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:00:01.0293 7604 MSPQM - ok
16:00:01.0317 7604 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:00:01.0346 7604 MsRPC - ok
16:00:01.0399 7604 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:00:01.0413 7604 mssmbios - ok
16:00:01.0448 7604 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:00:01.0471 7604 MSTEE - ok
16:00:01.0522 7604 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:00:01.0533 7604 Mup - ok
16:00:01.0619 7604 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:00:01.0627 7604 napagent - ok
16:00:01.0768 7604 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:00:01.0782 7604 NativeWifiP - ok
16:00:01.0907 7604 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:00:02.0066 7604 NDIS - ok
16:00:02.0108 7604 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:00:02.0114 7604 NdisTapi - ok
16:00:02.0148 7604 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:00:02.0159 7604 Ndisuio - ok
16:00:02.0187 7604 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:00:02.0225 7604 NdisWan - ok
16:00:02.0248 7604 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:00:02.0262 7604 NDProxy - ok
16:00:02.0328 7604 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:00:02.0342 7604 NetBIOS - ok
16:00:02.0415 7604 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:00:02.0516 7604 netbt - ok
16:00:02.0534 7604 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:00:02.0537 7604 Netlogon - ok
16:00:02.0657 7604 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:00:02.0665 7604 Netman - ok
16:00:02.0767 7604 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:00:02.0803 7604 netprofm - ok
16:00:02.0866 7604 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:00:02.0885 7604 NetTcpPortSharing - ok
16:00:03.0203 7604 [ 4547B8AEDD8119FCC127FDC7F282E983 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
16:00:03.0628 7604 NETw4v32 - ok
16:00:03.0861 7604 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:00:03.0990 7604 nfrd960 - ok
16:00:04.0067 7604 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:00:04.0122 7604 NlaSvc - ok
16:00:04.0182 7604 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:00:04.0222 7604 Npfs - ok
16:00:04.0259 7604 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:00:04.0268 7604 nsi - ok
16:00:04.0309 7604 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:00:04.0336 7604 nsiproxy - ok
16:00:04.0510 7604 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:00:04.0555 7604 Ntfs - ok
16:00:04.0615 7604 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:00:04.0622 7604 ntrigdigi - ok
16:00:04.0862 7604 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:00:04.0869 7604 Null - ok
16:00:04.0925 7604 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:00:04.0938 7604 nvraid - ok
16:00:04.0993 7604 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:00:05.0002 7604 nvstor - ok
16:00:05.0069 7604 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:00:05.0079 7604 nv_agp - ok
16:00:05.0091 7604 NwlnkFlt - ok
16:00:05.0103 7604 NwlnkFwd - ok
16:00:05.0232 7604 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:00:05.0260 7604 ohci1394 - ok
16:00:05.0408 7604 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:00:05.0424 7604 ose - ok
16:00:05.0509 7604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:00:05.0532 7604 p2pimsvc - ok
16:00:05.0548 7604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:00:05.0555 7604 p2psvc - ok
16:00:05.0610 7604 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:00:05.0693 7604 PACSPTISVR - ok
16:00:05.0816 7604 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\Windows\system32\drivers\PalmUSBD.sys
16:00:05.0898 7604 PalmUSBD - ok
16:00:05.0992 7604 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:00:06.0129 7604 Parport - ok
16:00:06.0264 7604 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:00:06.0457 7604 partmgr - ok
16:00:06.0502 7604 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:00:06.0567 7604 Parvdm - ok
16:00:06.0689 7604 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:00:06.0754 7604 PcaSvc - ok
16:00:07.0027 7604 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:00:07.0103 7604 pci - ok
16:00:07.0148 7604 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
16:00:07.0171 7604 pciide - ok
16:00:07.0248 7604 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:00:07.0257 7604 pcmcia - ok
16:00:07.0324 7604 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:00:07.0348 7604 PEAUTH - ok
16:00:07.0470 7604 [ 514FADD940A5EE06D6CAA5CD0F6725D6 ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
16:00:07.0504 7604 Ph3xIB32 - ok
16:00:07.0601 7604 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:00:07.0626 7604 pla - ok
16:00:07.0690 7604 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:00:07.0696 7604 PlugPlay - ok
16:00:07.0773 7604 [ 2B81B089D9364083F5046AD1307A65BE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:00:07.0780 7604 Pml Driver HPZ12 - ok
16:00:07.0850 7604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:00:07.0857 7604 PNRPAutoReg - ok
16:00:08.0034 7604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:00:08.0041 7604 PNRPsvc - ok
16:00:08.0097 7604 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:00:08.0109 7604 PolicyAgent - ok
16:00:08.0195 7604 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:00:08.0202 7604 PptpMiniport - ok
16:00:08.0266 7604 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:00:08.0290 7604 Processor - ok
16:00:08.0363 7604 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:00:08.0368 7604 ProfSvc - ok
16:00:08.0408 7604 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:00:08.0411 7604 ProtectedStorage - ok
16:00:08.0447 7604 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:00:08.0449 7604 PSched - ok
16:00:08.0486 7604 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
16:00:08.0607 7604 PSI - ok
16:00:08.0661 7604 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:00:08.0672 7604 PxHelp20 - ok
16:00:08.0784 7604 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:00:08.0805 7604 ql2300 - ok
16:00:08.0845 7604 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:00:08.0859 7604 ql40xx - ok
16:00:08.0894 7604 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:00:08.0909 7604 QWAVE - ok
16:00:08.0939 7604 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:00:08.0947 7604 QWAVEdrv - ok
16:00:09.0000 7604 [ 9C9D24115F13AF3AEA05E1343A032BB1 ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
16:00:09.0279 7604 R5U870FLx86 - ok
16:00:09.0321 7604 [ 18B4C879647661DE37B49C2E48D65820 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
16:00:09.0435 7604 R5U870FUx86 - ok
16:00:09.0657 7604 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
16:00:09.0700 7604 RapportCerberus_42020 - ok
16:00:09.0808 7604 [ 224C195B31F19CC67DFCDDA6FFE403AE ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
16:00:09.0810 7604 RapportEI - ok
16:00:09.0847 7604 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
16:00:09.0905 7604 RapportIaso - ok
16:00:09.0966 7604 [ BEF9A6B068C2D0882D88A9B688457726 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
16:00:10.0064 7604 RapportKELL - ok
16:00:10.0146 7604 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
16:00:10.0173 7604 RapportMgmtService - ok
16:00:10.0223 7604 [ C8FD0209314FB599AB305584873F5915 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
16:00:10.0233 7604 RapportPG - ok
16:00:10.0256 7604 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:00:10.0271 7604 RasAcd - ok
16:00:10.0291 7604 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:00:10.0305 7604 RasAuto - ok
16:00:10.0329 7604 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:00:10.0335 7604 Rasl2tp - ok
16:00:10.0379 7604 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:00:10.0385 7604 RasMan - ok
16:00:10.0402 7604 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:00:10.0413 7604 RasPppoe - ok
16:00:10.0432 7604 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:00:10.0438 7604 RasSstp - ok
16:00:10.0468 7604 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:00:10.0508 7604 rdbss - ok
16:00:10.0545 7604 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:00:10.0548 7604 RDPCDD - ok
16:00:10.0622 7604 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:00:10.0646 7604 rdpdr - ok
16:00:10.0652 7604 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:00:10.0663 7604 RDPENCDD - ok
16:00:10.0692 7604 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:00:10.0800 7604 RDPWD - ok
16:00:10.0826 7604 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
16:00:10.0882 7604 regi - ok
16:00:10.0902 7604 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:00:10.0906 7604 RemoteAccess - ok
16:00:10.0930 7604 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:00:10.0947 7604 RemoteRegistry - ok
16:00:10.0985 7604 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:00:10.0991 7604 RpcLocator - ok
16:00:11.0031 7604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:00:11.0037 7604 RpcSs - ok
16:00:11.0059 7604 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:00:11.0072 7604 rspndr - ok
16:00:11.0105 7604 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:00:11.0233 7604 RTL8169 - ok
16:00:11.0238 7604 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:00:11.0241 7604 SamSs - ok
16:00:11.0282 7604 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:00:11.0290 7604 sbp2port - ok
16:00:11.0349 7604 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:00:11.0363 7604 SCardSvr - ok
16:00:11.0393 7604 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:00:11.0412 7604 Schedule - ok
16:00:11.0474 7604 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:00:11.0476 7604 SCPolicySvc - ok
16:00:11.0514 7604 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:00:11.0529 7604 SDRSVC - ok
16:00:11.0540 7604 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:00:11.0544 7604 secdrv - ok
16:00:11.0560 7604 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:00:11.0564 7604 seclogon - ok
16:00:11.0664 7604 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
16:00:11.0788 7604 Secunia PSI Agent - ok
16:00:11.0815 7604 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:00:11.0826 7604 SENS - ok
16:00:11.0853 7604 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:00:11.0857 7604 Serenum - ok
16:00:11.0877 7604 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:00:11.0885 7604 Serial - ok
16:00:11.0924 7604 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:00:11.0928 7604 sermouse - ok
16:00:11.0977 7604 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:00:11.0996 7604 SessionEnv - ok
16:00:12.0010 7604 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:00:12.0015 7604 sffdisk - ok
16:00:12.0046 7604 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:00:12.0063 7604 sffp_mmc - ok
16:00:12.0082 7604 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:00:12.0086 7604 sffp_sd - ok
16:00:12.0111 7604 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:00:12.0121 7604 sfloppy - ok
16:00:12.0144 7604 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:00:12.0169 7604 SharedAccess - ok
16:00:12.0208 7604 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:00:12.0215 7604 ShellHWDetection - ok
16:00:12.0235 7604 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:00:12.0240 7604 sisagp - ok
16:00:12.0306 7604 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:00:12.0323 7604 SiSRaid2 - ok
16:00:12.0361 7604 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:00:12.0369 7604 SiSRaid4 - ok
16:00:12.0492 7604 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:00:12.0567 7604 Skype C2C Service - ok
16:00:12.0633 7604 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:00:20.0324 7604 SkypeUpdate - ok
16:00:20.0421 7604 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:00:20.0512 7604 slsvc - ok
16:00:20.0587 7604 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:00:20.0609 7604 SLUINotify - ok
16:00:20.0651 7604 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:00:20.0655 7604 Smb - ok
16:00:20.0741 7604 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
16:00:20.0808 7604 snapman - ok
16:00:20.0842 7604 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys
16:00:20.0961 7604 SNC - ok
16:00:21.0005 7604 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:00:21.0012 7604 SNMPTRAP - ok
16:00:21.0075 7604 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:00:21.0082 7604 spldr - ok
16:00:21.0151 7604 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:00:21.0156 7604 Spooler - ok
16:00:21.0188 7604 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:00:21.0329 7604 SPTISRV - ok
16:00:21.0524 7604 [ B9AC9023207149A206A9EA037D76CFCE ] SQTECH905C C:\Windows\system32\Drivers\Capt905c.sys
16:00:21.0644 7604 SQTECH905C - ok
16:00:21.0845 7604 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:00:21.0974 7604 srv - ok
16:00:22.0162 7604 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:00:22.0347 7604 srv2 - ok
16:00:22.0452 7604 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:00:22.0537 7604 srvnet - ok
16:00:22.0606 7604 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:00:22.0627 7604 SSDPSRV - ok
16:00:22.0703 7604 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:00:22.0710 7604 SstpSvc - ok
16:00:22.0843 7604 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:00:22.0864 7604 StillCam - ok
16:00:23.0015 7604 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:00:23.0034 7604 stisvc - ok
16:00:23.0064 7604 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:00:23.0082 7604 swenum - ok
16:00:23.0170 7604 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:00:23.0193 7604 swprv - ok
16:00:23.0235 7604 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:00:23.0255 7604 Symc8xx - ok
16:00:23.0320 7604 [ 5C66E6AA29DAD1875CC74662DD13C87E ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
16:00:23.0459 7604 symsnap - ok
16:00:23.0482 7604 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:00:23.0503 7604 Sym_hi - ok
16:00:23.0567 7604 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:00:23.0588 7604 Sym_u3 - ok
16:00:23.0811 7604 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:00:23.0878 7604 SynTP - ok
16:00:24.0044 7604 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:00:24.0062 7604 SysMain - ok
16:00:24.0219 7604 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:00:24.0236 7604 TabletInputService - ok
16:00:24.0353 7604 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:00:24.0373 7604 TapiSrv - ok
16:00:24.0440 7604 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:00:24.0443 7604 TBS - ok
16:00:24.0726 7604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:00:24.0880 7604 Tcpip - ok
16:00:24.0921 7604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:00:24.0928 7604 Tcpip6 - ok
16:00:24.0970 7604 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:00:24.0976 7604 tcpipreg - ok
16:00:25.0029 7604 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
16:00:25.0046 7604 TcUsb - ok
16:00:25.0100 7604 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:00:25.0106 7604 TDPIPE - ok
16:00:25.0162 7604 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:00:25.0169 7604 TDTCP - ok
16:00:25.0245 7604 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:00:25.0252 7604 tdx - ok
16:00:25.0327 7604 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:00:25.0334 7604 TermDD - ok
16:00:25.0404 7604 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:00:25.0413 7604 TermService - ok
16:00:25.0465 7604 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:00:25.0470 7604 Themes - ok
16:00:25.0490 7604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:00:25.0497 7604 THREADORDER - ok
16:00:25.0574 7604 [ 909CD987B54A8179C9AEE874D754721A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
16:00:25.0591 7604 ti21sony - ok
16:00:25.0661 7604 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
16:00:25.0750 7604 timounter - ok
16:00:25.0802 7604 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:00:25.0804 7604 TOSHIBA Bluetooth Service - ok
16:00:25.0834 7604 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
16:00:25.0894 7604 tosporte - ok
16:00:25.0950 7604 [ EAEDDB6C8BBE3E1B753753C2E847FECB ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
16:00:26.0077 7604 tosrfbd - ok
16:00:26.0125 7604 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
16:00:26.0185 7604 tosrfbnp - ok
16:00:26.0216 7604 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
16:00:26.0226 7604 Tosrfcom - ok
16:00:26.0268 7604 [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:00:26.0326 7604 Tosrfhid - ok
16:00:26.0354 7604 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
16:00:26.0364 7604 tosrfnds - ok
16:00:26.0413 7604 [ A4CE9572BC4AC8D329455059B43C5BEA ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
16:00:26.0472 7604 TosRfSnd - ok
16:00:26.0519 7604 [ 18DFE8B766AF237119537A12E8401EBF ] tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
16:00:26.0636 7604 tosrfusb - ok
16:00:26.0702 7604 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:00:26.0707 7604 TrkWks - ok
16:00:26.0758 7604 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:00:26.0759 7604 TrustedInstaller - ok
16:00:26.0844 7604 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:00:26.0851 7604 tssecsrv - ok
16:00:26.0898 7604 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:00:26.0904 7604 tunmp - ok
16:00:26.0945 7604 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:00:26.0952 7604 tunnel - ok
16:00:26.0978 7604 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:00:26.0984 7604 uagp35 - ok
16:00:27.0013 7604 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:00:27.0024 7604 udfs - ok
16:00:27.0064 7604 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:00:27.0068 7604 UI0Detect - ok
16:00:27.0079 7604 UIUSys - ok
16:00:27.0117 7604 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:00:27.0122 7604 uliagpkx - ok
16:00:27.0146 7604 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:00:27.0155 7604 uliahci - ok
16:00:27.0175 7604 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:00:27.0183 7604 UlSata - ok
16:00:27.0205 7604 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:00:27.0213 7604 ulsata2 - ok
16:00:27.0240 7604 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:00:27.0250 7604 umbus - ok
16:00:27.0278 7604 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:00:27.0285 7604 upnphost - ok
16:00:27.0340 7604 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:00:27.0457 7604 USBAAPL - ok
16:00:27.0501 7604 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:00:27.0506 7604 usbaudio - ok
16:00:27.0556 7604 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:00:27.0563 7604 usbccgp - ok
16:00:27.0602 7604 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:00:27.0609 7604 usbcir - ok
16:00:27.0643 7604 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:00:27.0648 7604 usbehci - ok
16:00:27.0669 7604 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:00:27.0677 7604 usbhub - ok
16:00:27.0721 7604 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:00:27.0730 7604 usbohci - ok
16:00:27.0772 7604 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:00:27.0779 7604 usbprint - ok
16:00:27.0825 7604 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:00:27.0839 7604 usbscan - ok
16:00:27.0854 7604 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:00:27.0859 7604 USBSTOR - ok
16:00:27.0909 7604 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:00:27.0914 7604 usbuhci - ok
16:00:27.0954 7604 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:00:27.0962 7604 usbvideo - ok
16:00:28.0009 7604 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:00:28.0015 7604 UxSms - ok
16:00:28.0089 7604 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
16:00:28.0158 7604 VAIO Entertainment TV Device Arbitration Service - ok
16:00:28.0218 7604 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
16:00:28.0222 7604 VAIO Event Service - ok
16:00:28.0302 7604 [ 0A4CD617ED1F03C8B7310FC4871173A4 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
16:00:28.0493 7604 VAIOMediaPlatform-IntegratedServer-AppServer - ok
16:00:28.0543 7604 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
16:00:28.0627 7604 VAIOMediaPlatform-IntegratedServer-HTTP - ok
16:00:28.0670 7604 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
16:00:28.0697 7604 VAIOMediaPlatform-IntegratedServer-UPnP - ok
16:00:28.0748 7604 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
16:00:28.0759 7604 VAIOMediaPlatform-UCLS-AppServer - ok
16:00:28.0785 7604 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
16:00:28.0788 7604 VAIOMediaPlatform-UCLS-HTTP - ok
16:00:28.0808 7604 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
16:00:28.0816 7604 VAIOMediaPlatform-UCLS-UPnP - ok
16:00:28.0963 7604 [ 721A1677FD204AB065238504D9268D92 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:00:29.0068 7604 VCFw - ok
16:00:29.0133 7604 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:00:29.0143 7604 VcmIAlzMgr - ok
16:00:29.0193 7604 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
16:00:29.0260 7604 VcmXmlIfHelper - ok
16:00:29.0292 7604 Vcsw - ok
16:00:29.0327 7604 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:00:29.0336 7604 vds - ok
16:00:29.0404 7604 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:00:29.0411 7604 vga - ok
16:00:29.0475 7604 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:00:29.0482 7604 VgaSave - ok
16:00:29.0507 7604 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:00:29.0514 7604 viaagp - ok
16:00:29.0566 7604 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:00:29.0572 7604 ViaC7 - ok
16:00:29.0592 7604 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:00:29.0598 7604 viaide - ok
16:00:29.0633 7604 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
16:00:29.0698 7604 vididr - ok
16:00:29.0749 7604 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
16:00:29.0816 7604 vidsflt53 - ok
16:00:29.0838 7604 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:00:29.0844 7604 volmgr - ok
16:00:29.0917 7604 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:00:29.0924 7604 volmgrx - ok
16:00:29.0982 7604 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:00:29.0989 7604 volsnap - ok
16:00:30.0037 7604 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:00:30.0044 7604 vsmraid - ok
16:00:30.0080 7604 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:00:30.0106 7604 VSS - ok
16:00:30.0179 7604 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
16:00:30.0195 7604 VUAgent - ok
16:00:30.0249 7604 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
16:00:30.0255 7604 VzCdbSvc - ok
16:00:30.0282 7604 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:00:30.0296 7604 W32Time - ok
16:00:30.0342 7604 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:00:30.0345 7604 WacomPen - ok
16:00:30.0376 7604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:00:30.0383 7604 Wanarp - ok
16:00:30.0394 7604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:00:30.0396 7604 Wanarpv6 - ok
16:00:30.0421 7604 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:00:30.0430 7604 wcncsvc - ok
16:00:30.0458 7604 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:00:30.0462 7604 WcsPlugInService - ok
16:00:30.0488 7604 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:00:30.0494 7604 Wd - ok
16:00:30.0563 7604 [ 6A1AEF46AC445EF4013E494BAC9D66C2 ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
16:00:30.0589 7604 WDBackup - ok
16:00:30.0649 7604 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
16:00:30.0769 7604 WDC_SAM - ok
16:00:30.0831 7604 [ 46DA6F2C6B084069EC9C4A1C79BFE8C7 ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
16:00:30.0835 7604 WDDriveService - ok
16:00:30.0889 7604 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:00:30.0904 7604 Wdf01000 - ok
16:00:30.0947 7604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:00:30.0952 7604 WdiServiceHost - ok
16:00:30.0962 7604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:00:30.0966 7604 WdiSystemHost - ok
16:00:31.0013 7604 [ B1C9682B3AC27567BDBA4DEDAFB6FA79 ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
16:00:31.0038 7604 WDRulesService - ok
16:00:31.0070 7604 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:00:31.0076 7604 WebClient - ok
16:00:31.0134 7604 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:00:31.0140 7604 Wecsvc - ok
16:00:31.0203 7604 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:00:31.0208 7604 wercplsupport - ok
16:00:31.0241 7604 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:00:31.0246 7604 WerSvc - ok
16:00:31.0280 7604 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:00:31.0296 7604 WimFltr - ok
16:00:31.0332 7604 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:00:31.0487 7604 winachsf - ok
16:00:31.0564 7604 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:00:31.0576 7604 WinDefend - ok
16:00:31.0591 7604 WinHttpAutoProxySvc - ok
16:00:31.0662 7604 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:00:31.0669 7604 Winmgmt - ok
16:00:31.0748 7604 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:00:31.0776 7604 WinRM - ok
16:00:31.0838 7604 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
16:00:31.0842 7604 winusb - ok
16:00:31.0882 7604 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:00:31.0893 7604 Wlansvc - ok
16:00:32.0015 7604 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:00:32.0050 7604 wlidsvc - ok
16:00:32.0089 7604 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:00:32.0094 7604 WmiAcpi - ok
16:00:32.0161 7604 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:00:32.0165 7604 wmiApSrv - ok
16:00:32.0218 7604 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:00:32.0237 7604 WMPNetworkSvc - ok
16:00:32.0288 7604 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:00:32.0294 7604 WPCSvc - ok
16:00:32.0324 7604 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:00:32.0329 7604 WPDBusEnum - ok
16:00:32.0396 7604 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:00:32.0400 7604 WpdUsb - ok
16:00:32.0507 7604 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:00:32.0529 7604 WPFFontCache_v0400 - ok
16:00:32.0578 7604 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:00:32.0581 7604 ws2ifsl - ok
16:00:32.0606 7604 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:00:32.0611 7604 wscsvc - ok
16:00:32.0623 7604 WSearch - ok
16:00:32.0684 7604 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:00:32.0720 7604 wuauserv - ok
16:00:32.0773 7604 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:00:32.0780 7604 WUDFRd - ok
16:00:32.0841 7604 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:00:32.0846 7604 wudfsvc - ok
16:00:32.0917 7604 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:00:32.0977 7604 XAudio - ok
16:00:33.0016 7604 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:00:33.0023 7604 XAudioService - ok
16:00:33.0051 7604 ================ Scan global ===============================
16:00:33.0079 7604 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:00:33.0121 7604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:00:33.0221 7604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:00:33.0300 7604 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:00:33.0304 7604 [Global] - ok
16:00:33.0305 7604 ================ Scan MBR ==================================
16:00:33.0312 7604 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:00:33.0711 7604 \Device\Harddisk0\DR0 - ok
16:00:33.0714 7604 ================ Scan VBR ==================================
16:00:33.0723 7604 [ 4DB0D7730B947F30FB70689E489357BF ] \Device\Harddisk0\DR0\Partition1
16:00:33.0724 7604 \Device\Harddisk0\DR0\Partition1 - ok
16:00:33.0728 7604 ============================================================
16:00:33.0728 7604 Scan finished
16:00:33.0728 7604 ============================================================
16:00:33.0742 5932 Detected object count: 0
16:00:33.0742 5932 Actual detected object count: 0
16:00:42.0147 3400 Deinitialize success


===
===

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 16:02:33
-----------------------------
16:02:33.586 OS Version: Windows 6.0.6002 Service Pack 2
16:02:33.586 Number of processors: 2 586 0xF0D
16:02:33.587 ComputerName: PAT-PC UserName: pat
16:02:43.637 Initialize success
16:04:14.586 AVAST engine defs: 12092900
16:04:20.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:04:20.038 Disk 0 Vendor: WDC_WD5000BPKT-00PK4T0 01.01A01 Size: 476940MB BusType: 3
16:04:20.042 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
16:04:20.045 Disk 1 Vendor: ( Size: 476940MB BusType: 0
16:04:20.051 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006f
16:04:20.054 Disk 2 Vendor: ( Size: 476940MB BusType: 0
16:04:20.120 Disk 0 MBR read successfully
16:04:20.124 Disk 0 MBR scan
16:04:20.135 Disk 0 Windows VISTA default MBR code
16:04:20.165 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9384 MB offset 2048
16:04:20.205 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 467554 MB offset 19220480
16:04:20.223 Disk 0 scanning sectors +976771072
16:04:20.363 Disk 0 scanning C:\Windows\system32\drivers
16:04:55.378 Service scanning
16:05:23.370 Modules scanning
16:05:30.224 Disk 0 trace - called modules:
16:05:30.365 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
16:05:30.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86987820]
16:05:30.381 3 CLASSPNP.SYS[88fd38b3] -> nt!IofCallDriver -> [0x86884618]
16:05:30.389 5 vsflt53.sys[83914c2b] -> nt!IofCallDriver -> [0x85e21918]
16:05:30.398 7 acpi.sys[838936bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85debb98]
16:05:33.990 AVAST engine scan C:\Windows
16:05:58.304 AVAST engine scan C:\Windows\system32
16:17:33.323 AVAST engine scan C:\Windows\system32\drivers
16:18:54.857 AVAST engine scan C:\Users\pat
17:11:51.203 AVAST engine scan C:\ProgramData
17:24:38.343 Scan finished successfully
17:29:21.330 Disk 0 MBR has been saved successfully to "C:\Users\pat\Desktop\MBR.dat"
17:29:21.370 The log file has been saved successfully to "C:\Users\pat\Desktop\aswMBR.txt"

===
===

So it looks as if things are clean. Any idea what's causing the 'Run DLL' error at startup?

Thanks,
Dave :)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 29 September 2012 - 03:14 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

NOTE:For vista and windows 7,right click on the tool and select run as administrator

#5 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 September 2012 - 06:35 AM

Hello,

I have run those scans as requested, the logs are below.

===
===

MalwareBytes Log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
pat :: PAT-PC [administrator]

29/09/2012 21:25:53
mbam-log-2012-09-29 (21-25-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 471049
Time elapsed: 5 hour(s), 8 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


===
===

Mini Toolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by pat (administrator) on 30-09-2012 at 10:23:43
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Personal Area Network = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : pat-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-E8-EF-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6199:bd8d:aa54:5561%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 29 September 2012 14:53:58
Lease Expires . . . . . . . . . . : 09 October 2012 15:46:33
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 151000040
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-CC-6D-62-00-1A-80-3F-C1-CA
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
Primary WINS Server . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Personal Area Network
Physical Address. . . . . . . . . : 00-1B-FB-CD-4F-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1A-80-3F-C1-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9D29A7F3-2797-46CC-9D71-8A7317DC1714}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BThomehub.home
Address: 192.168.2.1

Name: google.com
Addresses: 2a00:1450:4009:807::1002
173.194.41.110
173.194.41.100
173.194.41.104
173.194.41.103
173.194.41.101
173.194.41.102
173.194.41.96
173.194.41.97
173.194.41.98
173.194.41.99
173.194.41.105



Pinging google.com [173.194.41.101] with 32 bytes of data:

Reply from 173.194.41.101: bytes=32 time=253ms TTL=52

Reply from 173.194.41.101: bytes=32 time=27ms TTL=52



Ping statistics for 173.194.41.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 253ms, Average = 140ms

Server: BThomehub.home
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=243ms TTL=45

Reply from 72.30.38.140: bytes=32 time=200ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 200ms, Maximum = 243ms, Average = 221ms

Server: BThomehub.home
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 13 e8 e8 ef d5 ...... Intel® Wireless WiFi Link 4965AGN
9 ...00 1b fb cd 4f 11 ...... Bluetooth Personal Area Network
8 ...00 1a 80 3f c1 ca ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.home
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.home
16 ...00 00 00 00 00 00 00 e0 isatap.{9D29A7F3-2797-46CC-9D71-8A7317DC1714}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.12 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.12 281
192.168.2.12 255.255.255.255 On-link 192.168.2.12 281
192.168.2.255 255.255.255.255 On-link 192.168.2.12 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.12 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.12 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::6199:bd8d:aa54:5561/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/29/2012 05:31:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:25 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:25 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}

Error: (09/29/2012 03:57:31 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3388 (0xd3c)

Thread address : 0x77165CD4

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Users\pat\Downloads\Studio_Ultimate_12_Upg_Part1.exe
by C:\Windows\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (09/29/2012 03:07:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 03:07:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}

Error: (09/29/2012 03:07:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 02:57:56 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 02:57:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}


System errors:
=============
Error: (09/30/2012 02:11:19 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (09/29/2012 03:57:34 PM) (Source: Service Control Manager) (User: )
Description: McAfee McShield150001Restart the service

Error: (09/29/2012 02:56:54 PM) (Source: Service Control Manager) (User: )
Description: McAfee VirusScan Announcer

Error: (09/29/2012 02:50:23 PM) (Source: Service Control Manager) (User: )
Description: SharedAccess

Error: (09/29/2012 02:50:20 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer CutePDF Writer with shared resource name CutePDF Writer. Error 1. The printer cannot be used by others on the network.

Error: (09/29/2012 02:50:20 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer HP psc 2200 Series with shared resource name HP psc 2200 Series. Error 1. The printer cannot be used by others on the network.

Error: (09/29/2012 02:49:48 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/29/2012 02:48:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/28/2012 07:04:04 PM) (Source: Service Control Manager) (User: )
Description: 30000Eventlog

Error: (09/28/2012 07:02:14 PM) (Source: Service Control Manager) (User: )
Description: McAfee Network Agent


Microsoft Office Sessions:
=========================
Error: (09/29/2012 05:31:37 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:26 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:25 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c608ecbc-9d61-49b4-9a1e-891731fd80da}

Error: (09/29/2012 05:31:25 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}

Error: (09/29/2012 03:57:31 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003388 (0xd3c)0x77165CD4
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Users\pat\Downloads\Studio_Ultimate_12_Upg_Part1.exe
by C:\Windows\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (09/29/2012 03:07:58 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 03:07:57 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}

Error: (09/29/2012 03:07:57 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 02:57:56 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {06a9d7cd-3813-413b-b86f-c9212970bc06}

Error: (09/29/2012 02:57:13 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e30d8744-5fe3-476b-995f-1cfda244e955}


=========================== Installed Programs ============================

Acronis True Image WD Edition (Version: 13.0.14157)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Active@ File Recovery 8 (Version: 8.0)
Adobe AIR (Version: 3.4.0.2540)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 Professional (Version: 10.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Albelli Photo books
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects Installer
ATI Catalyst Install Manager (Version: 3.0.641.0)
ATI Uninstaller
Atlantis - Sky Patrol (remove only)
AutoUpdate (Version: 1.1)
AVerVision Software (Version: 3.0.6.0009)
Big Fish Games Center
Big Fish Games Sudoku (remove only)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.10(SO))
Bonjour (Version: 3.0.0.10)
Branding (Version: 1.00.0000)
BT NetProtect Plus (Version: 11.0.678)
BT Yahoo! Applications
CA Yahoo! Anti-Spy (remove only)
Catalyst Control Center Core Implementation (Version: 2007.0501.2232.38428)
Catalyst Control Center Graphics Full Existing (Version: 2007.0501.2232.38428)
Catalyst Control Center Graphics Full New (Version: 2007.0501.2232.38428)
Catalyst Control Center Graphics Light (Version: 2007.0501.2232.38428)
Catalyst Control Center Graphics Previews Common (Version: 2007.0501.2232.38428)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Czech (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Danish (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Dutch (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Finnish (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization French (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization German (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Greek (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Hungarian (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Italian (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Japanese (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Korean (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Norwegian (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Polish (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Portuguese (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Russian (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Spanish (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Swedish (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Thai (Version: 2007.0501.2232.38428)
Catalyst Control Center Localization Turkish (Version: 2007.0501.2232.38428)
ccc-core-static (Version: 2007.0501.2232.38428)
ccc-utility (Version: 2007.0501.2232.38428)
CCC Help Chinese Standard (Version: 2007.0501.2231.38428)
CCC Help Chinese Traditional (Version: 2007.0501.2231.38428)
CCC Help Czech (Version: 2007.0501.2231.38428)
CCC Help Danish (Version: 2007.0501.2231.38428)
CCC Help Dutch (Version: 2007.0501.2231.38428)
CCC Help English (Version: 2007.0501.2231.38428)
CCC Help Finnish (Version: 2007.0501.2231.38428)
CCC Help French (Version: 2007.0501.2231.38428)
CCC Help German (Version: 2007.0501.2231.38428)
CCC Help Greek (Version: 2007.0501.2231.38428)
CCC Help Hungarian (Version: 2007.0501.2231.38428)
CCC Help Italian (Version: 2007.0501.2231.38428)
CCC Help Japanese (Version: 2007.0501.2231.38428)
CCC Help Korean (Version: 2007.0501.2231.38428)
CCC Help Norwegian (Version: 2007.0501.2231.38428)
CCC Help Polish (Version: 2007.0501.2231.38428)
CCC Help Portuguese (Version: 2007.0501.2231.38428)
CCC Help Russian (Version: 2007.0501.2231.38428)
CCC Help Spanish (Version: 2007.0501.2231.38428)
CCC Help Swedish (Version: 2007.0501.2231.38428)
CCC Help Thai (Version: 2007.0501.2231.38428)
CCC Help Turkish (Version: 2007.0501.2231.38428)
CCleaner (Version: 3.18)
Chinese Traditional Fonts Support For Adobe Reader X (Version: 10.0.0)
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Convert MP4 to MP3 1.5
Coupon Printer (Version: 2.0)
CutePDF Writer 2.7
D3DX10 (Version: 15.4.2368.0902)
Digital Photo Navigator 1.5
DivX Codec (Version: 6.6.1)
DivX Converter (Version: 6.5)
DivX Player (Version: 6.4.3)
DriveImage XML (Private Edition) (Version: 2.30)
ESET Online Scanner v3
F.lux
Facebook Plug-In
Flickr Uploadr 3.2.1
Free PDF to Word Converter 4.2.3.183 (Version: 4.2.3.183)
GearDrvs (Version: 1)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
iCloud (Version: 1.1.0.40)
IconMagic (Version: 1.0.0)
Instant Mode (Version: 1.0.2)
InterVideo Register Manager (Version: 1.0.4.0)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
kuler (Version: 2.0)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Mahjong Towers Eternity (remove only)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft FrontPage 2002 (Version: 10.0.6626.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyDSC2 (Version: 1.0)
Mystery Case Files - Prime Suspects (remove only)
Norton 360 (Version: 1.2.0.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
Paint Shop Pro 7 (Version: 7.06.0000)
palmOne (Version: 4.1.0420)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
photoview3.0 3.0
Picasa 3 (Version: 3.8)
Pinnacle Studio 12 (Version: 12.1.3.6605)
Pinnacle Video Driver (Version: 12.00.0017)
Pixel Bender Toolkit (Version: 1.0)
Porta
Puppy Screensaver Screensaver
QuickTime (Version: 7.72.80.56)
Rapport (Version: 3.5.1205.11)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5391)
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Easy Media Creator Home (Version: 9.0.178)
Secunia PSI (2.0.0.3003)
Segoe UI (Version: 15.4.2271.0615)
Setting Utility Series (Version: 3.0.00.07120)
SIW version 2011.10.29 (Version: 2011.10.29)
Skins (Version: 2007.0501.2232.38428)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.116)
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.4)
Sony Video Shared Library (Version: 3.2.00)
SpywareBlaster 4.6 (Version: 4.6.0)
Suite Shared Configuration CS4 (Version: 1.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.13.0)
SyncBack
TreeSize Free V2.5 (Version: 2.5)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VAIO Aqua Breeze Wallpaper (Version: 1.0.11.13240)
VAIO Camera Capture Utility (Version: 2.7.01.08030)
VAIO Content Folder Setting (Version: 1.1.02.11070)
VAIO Content Importer VAIO Content Exporter (Version: 1.3.00.13300)
VAIO Content Importer / VAIO Content Exporter (Version: 1.3.00.13300)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.6.1.12010)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080)
VAIO Control Center (Version: 2.1.00.07110)
VAIO Cozy Orange Wallpaper (Version: 1.0.11.13240)
VAIO Data Restore Tool (Version: 1.0.02.06190)
VAIO Database Converter 1.0 (Version: 1.0.00)
VAIO Database Converter Ver 1.0 (Version: 1.0.00.00000)
VAIO Entertainment Platform (Version: 3.4.1.15040)
VAIO Event Service (Version: 3.2.00.07120)
VAIO Launcher (Version: 1.0.00.07090)
VAIO Long Battery Life Wallpaper (Version: 1.0.02.13240)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Movie Story (Version: 1.0.00.18280)
VAIO Movie Story (Version: 1.5.01.05120)
VAIO Movie Story 1.3 Upgrade (Version: 1.3.02.09240)
VAIO Movie Story 1.5 Upgrade (Version: 1.5.01.05120)
VAIO Movie Story Template Data (Version: 1.5.01.05120)
VAIO MusicBox (Version: 1.1.02.12100)
VAIO MusicBox Sample Music (Version: 1.0.00.07030)
VAIO Original Function Settings (Version: 2.0.2.02240)
VAIO Original Screen Saver
VAIO Power Management (Version: 2.2.00.06130)
VAIO Tender Green Wallpaper (Version: 1.0.11.10180)
VAIO Update (Version: 5.6.1.02150)
VAIO Update Merge Module x86 (Version: 5.6.10270)
VAIO Update Merge Module x86 (Version: 5.7.13130)
Virtual Villagers (remove only)
VLC media player 2.0.2 (Version: 2.0.2)
VU5x86 (Version: 1.0.0)
WD SmartWare (Version: 1.6.0.25)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinDVD for VAIO (Version: 8.0-B8.432)
Wireless Switch Setting Utility (Version: 3.6.00.18210)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 2045.69 MB
Available physical RAM: 848.66 MB
Total Pagefile: 4336.63 MB
Available Pagefile: 2508.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.4 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:456.6 GB) (Free:294.04 GB) NTFS

========================= Users: ========================================

User accounts for \\PAT-PC

Administrator Guest pat
test

========================= Restore Points ==================================

10-09-2012 14:01:49 Before Registry Changes
10-09-2012 15:16:00 Tweaking.com - Windows Repair
10-09-2012 18:37:14 Before another registry update
10-09-2012 19:11:43 Yet another reg update - Windows Defender
11-09-2012 09:00:19 Post TMP file removal - Pre Host Fix
17-09-2012 15:31:28 Installed Rapport
25-09-2012 17:49:18 Installed Microsoft Fix it 50267
25-09-2012 17:52:05 Installed Microsoft Fix it 50267
26-09-2012 22:31:17 Revo Uninstaller's restore point - ArcSoft Magic-i Visual Effects Installer
26-09-2012 22:44:41 Revo Uninstaller's restore point - BT NetProtect Plus
26-09-2012 23:15:15 Revo Uninstaller's restore point - McAfee Security Scan Plus
27-09-2012 00:49:09 Revo Uninstaller's restore point - Spybot - Search & Destroy
27-09-2012 08:58:47 Windows Update
27-09-2012 08:59:00 Device Driver Package Install: McAfee, Inc. Network Service
27-09-2012 09:17:07 Windows Update
29-09-2012 13:05:48 Installed Java 7 Update 7
29-09-2012 13:43:41 Installed MSXML 4.0 SP3 Parser
29-09-2012 13:57:56 Removed VAIO Original Function Setting
29-09-2012 14:07:58 Installed VAIO Original Function Settings
29-09-2012 16:31:26 Revo Uninstaller's restore point - ESET Online Scanner v3

**** End of log ****


===
===

FSS:

Farbar Service Scanner Version: 19-09-2012
Ran by pat (administrator) on 30-09-2012 at 10:31:43
Running from "C:\Users\pat\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-12-20 23:03] - [2008-01-19 08:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

===
===

AdwCleaner:

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 11:00:44
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : pat - PAT-PC
# Boot Mode : Normal
# Running from : C:\Users\pat\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\b95e2iiv.default\searchplugins\Askcom.xml
Folder Deleted : C:\Users\pat\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\b95e2iiv.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1647 octets] - [30/09/2012 11:00:44]

########## EOF - C:\AdwCleaner[S1].txt - [1707 octets] ##########


===
===

Junkware Removal Tool:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.8 (09.30.2012)
OS: Windows Vista ™ Home Premium x86
Ran by pat on 30/09/2012 at 11:45:11.84
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 30/09/2012 at 11:45:21.73
End of Report


===
===

Thanks for your help so far, it's much appreciated.

Dave :)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 30 September 2012 - 06:39 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 September 2012 - 07:41 AM

Hello,

RKill log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/30/2012 01:06:09 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\pat\Local Settings\Apps\F.lux\flux.exe (PID: 5080) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

* iphlpsvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 09/30/2012 01:06:53 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)


===
===

Autoruns log:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeCS4ServiceManager" "Adobe CS4 Service Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ISBMgr.exe" "" "Sony Corporation" "c:\program files\sony\isb utility\isbmgr.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "StartCCC" "" "" "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "Symantec PIF AlertEng" "LiveUpdate Notice Service" "Symantec Corporation" "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files\acronis\trueimagehome\trueimagemonitor.exe"
+ "WD Quick View" "WD Quick View" "Western Digital Technologies, Inc." "c:\program files\western digital\wd quick view\wddmstatus.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth Manager.lnk" "TosBtMng" "TOSHIBA CORPORATION." "c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe"
+ "HotSync Manager.lnk" "HotSync® Manager Application" "PalmSource, Inc" "c:\program files\palmone\hotsync.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
"C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "palmOne Registration.lnk" "Product Registration" "palmOne/Leader Technologies" "c:\program files\palmone\register.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "actes" "" "" "File not found: C:\Users\pat\AppData\Roaming\actes.dll"
+ "F.lux" "" "" "c:\users\pat\local settings\apps\f.lux\flux.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files\common files\apple\internet services\ubd.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl.dll"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "tosBtShllExt" "TosBtShell" "TOSHIBA" "c:\windows\system32\tosbtshell.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "tosBtShllExt" "TosBtShell" "TOSHIBA" "c:\windows\system32\tosbtshell.dll"
+ "WDBackupMenuHandler" "WD ContextMenu Handler" "Western Digital" "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll"
+ "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "WDBackupPropSheetHandler" "WD ContextMenu Handler" "Western Digital" "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "tosBtShllExt" "TosBtShell" "TOSHIBA" "c:\windows\system32\tosbtshell.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "tosBtShllExt" "TosBtShell" "TOSHIBA" "c:\windows\system32\tosbtshell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "ACE Context Menu" "" "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "WDBackupMenuHandler" "WD ContextMenu Handler" "Western Digital" "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll"
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "tosBtExt" "TosBtExt" "TOSHIBA" "c:\windows\system32\tosbtext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "tosBtExt" "TosBtExt" "TOSHIBA" "c:\windows\system32\tosbtext.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "WDBackupPropSheetHandler" "WD ContextMenu Handler" "Western Digital" "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20120927095848.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2iexp.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\MCVRegistrationReminder1" "" "" "File not found: reminder.exe"
+ "\MCVRegistrationReminder1" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVRegistrationReminder2" "" "" "File not found: reminder.exe"
+ "\MCVRegistrationReminder2" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVRegistrationReminder3" "" "" "File not found: reminder.exe"
+ "\MCVRegistrationReminder3" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVRegistrationReminder4" "" "" "File not found: reminder.exe"
+ "\MCVRegistrationReminder4" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVSurveyReminder1" "" "" "File not found: reminder.exe"
+ "\MCVSurveyReminder1" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVSurveyReminder2" "" "" "File not found: reminder.exe"
+ "\MCVSurveyReminder2" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVSurveyReminder3" "" "" "File not found: reminder.exe"
+ "\MCVSurveyReminder3" "" "" "File not found: DeleteReminders.vbs"
+ "\MCVSurveyReminder4" "" "" "File not found: reminder.exe"
+ "\MCVSurveyReminder4" "" "" "File not found: DeleteReminders.vbs"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - pat" "Windows Calendar" "Microsoft Corporation" "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\Sony Corporation\VAIO Update\Launch Application" "ShellExeProxy.exe" "Sony Corporation" "c:\program files\sony\vaio update common\shellexeproxy.exe"
+ "\Sony Corporation\VAIO Update\VAIO Update 5" "VAIO Update" "Sony Corporation" "c:\program files\sony\vaio update 5\vaioupdt.exe"
+ "\SONY\WSSU\WSSU" "Wireless Switch Setting Utility" "Sony Corporation" "c:\program files\sony\wireless switch setting utility\switcher.exe"
+ "\SyncBack Daily - Document Backup" "SyncBack" "2BrightSparks" "c:\program files\2brightsparks\syncback\syncback.exe"
+ "\SyncBack Daily - Downloads Backup" "SyncBack" "2BrightSparks" "c:\program files\2brightsparks\syncback\syncback.exe"
+ "\SyncBack Monthly - Pat Folder Backup" "SyncBack" "2BrightSparks" "c:\program files\2brightsparks\syncback\syncback.exe"
+ "\{52BD0B55-8BCA-4945-92EF-D87AAB5B134B}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{6C678C8A-9F08-4604-A256-89659E16D488}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{859834C1-3267-4F6B-A08B-E12A3A0EC322}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AcrSch2Svc" "Task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "IviRegMgr" "RegMgr Module" "InterVideo" "c:\program files\common files\intervideo\regmgr\iviregmgr.exe"
+ "LiveUpdate Notice Service" "Manages Norton product notices" "Symantec Corporation" "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
+ "McAfee SiteAdvisor Service" "McAfee SiteAdvisor Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MSCSPTISRV" "MSCSPTISRV Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PACSPTISVR" "PACSPTISVR Module" "" "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RapportMgmtService" "Central Rapport Management and Monitoring Service" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account" "Secunia" "c:\program files\secunia\psi\psia.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "SPTISRV" "SPTISRV Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sptisrv.exe"
+ "TOSHIBA Bluetooth Service" "TOSHIBA Bluetooth Service" "TOSHIBA CORPORATION" "c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe"
+ "VAIO Entertainment TV Device Arbitration Service" "Hardware Resource Manager" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vzhardwareresourcemanager\vzhardwareresourcemanager\vzhardwareresourcemanager.exe"
+ "VAIO Event Service" "Provides the hardware event managing service for VAIO. During termination of this service, some fuctions such as Special button ,Hotkey ,and VAIO original powermanagement are limited." "Sony Corporation" "c:\program files\sony\vaio event service\vesmgr.exe"
+ "VAIOMediaPlatform-IntegratedServer-AppServer" "VAIO Media Integrated Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\vmisrv.exe"
+ "VAIOMediaPlatform-IntegratedServer-HTTP" "Sony HTTP Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe"
+ "VAIOMediaPlatform-IntegratedServer-UPnP" "Sony UPnP Framework" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\upnpframework.exe"
+ "VAIOMediaPlatform-Mobile-Gateway" "VAIO Media Gateway Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\vmgateway.exe"
+ "VAIOMediaPlatform-UCLS-AppServer" "VAIO Media Content Collection" "Sony Corporation" "c:\program files\sony\vaio media integrated server\ucls.exe"
+ "VAIOMediaPlatform-UCLS-HTTP" "Sony HTTP Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe"
+ "VAIOMediaPlatform-UCLS-UPnP" "Sony UPnP Framework" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\upnpframework.exe"
+ "VCFw" "VAIO Content Folder Watcher" "Sony Corporation" "c:\program files\common files\sony shared\vaio content folder watcher\vcfw.exe"
+ "VcmIAlzMgr" "Provides the content analysis function used with VAIO original software." "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe"
+ "VcmXmlIfHelper" "VcmXml Helper Interface" "Sony Corporation" "c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe"
+ "Vcsw" "VAIO Entertainment UPnP Client Adapter" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe"
+ "VUAgent" "Agent for VAIO Update." "Sony Corporation" "c:\program files\sony\vaio update common\vuagent.exe"
+ "VzCdbSvc" "VAIO Entertainment Database Service" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe"
+ "WDBackup" "WD SmartWare Backup Engine" "Western Digital " "c:\program files\western digital\wd smartware\wdbackupengine.exe"
+ "WDDriveService" "Provides discovery of WD Drives" "Western Digital" "c:\program files\western digital\wd drive manager\wddriveservice.exe"
+ "WDRulesService" "WD SmartWare Rules Engine" "Western Digital " "c:\program files\western digital\wd smartware\wdrulesengine.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "DCamUSBAverMedia2" "Universal Serial Bus Camera Driver" "AVerMedia Information, Inc." "c:\windows\system32\drivers\avercambulkasic.sys"
+ "DMICall" "Windows 2000 DMI Call Kernel Driver" "Sony Corporation" "c:\windows\system32\drivers\dmicall.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "F5U228.X86" "Broadcast Driver Architecture & AVStream Minidriver" "" "c:\windows\system32\drivers\f5u228.x86.sys"
+ "GEARAspiWDM" "GEAR CD/DVD Filter Driver" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys"
+ "igfx" "" "" "File not found: system32\DRIVERS\igdkmd32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MarvinBus" "Pinnacle Marvin Discrete Bus Enumerator" "Pinnacle Systems GmbH" "c:\windows\system32\drivers\marvinbus.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MFE_RR" "" "" "File not found: C:\Users\pat\AppData\Local\Temp\mfe_rr.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\Windows\System32\Drivers\mfeavfk01.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfenlfk" "McAfee NDIS Light Filter" "McAfee, Inc." "c:\windows\system32\drivers\mfenlfk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfewfpk" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfewfpk.sys"
+ "NETw4v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw4v32.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PalmUSBD" "USB Driver for Palm OS Handheld Devices" "PalmSource, Inc." "c:\windows\system32\drivers\palmusbd.sys"
+ "Ph3xIB32" "Philips 713x Inbox BDA Capture Driver" "Philips Semiconductors GmbH" "c:\windows\system32\drivers\ph3xib32.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R5U870FLx86" "Description string for UvcFilter driver" "Ricoh" "c:\windows\system32\drivers\r5u870flx86.sys"
+ "R5U870FUx86" "Description string for UvcUpperFilter driver" "Ricoh" "c:\windows\system32\drivers\r5u870fux86.sys"
+ "RapportCerberus_42020" "" "" "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus32_42020.sys"
+ "RapportEI" "RapportEI" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportei.sys"
+ "RapportIaso" "RapportIaso" "Trusteer Ltd." "c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys"
+ "RapportKELL" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportkell.sys"
+ "RapportPG" "RapportPG" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportpg.sys"
+ "regi" "regi driver" "InterVideo" "c:\windows\system32\drivers\regi.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh86.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys"
+ "SNC" "Sony Firmware Extension Parser driver" "Sony Corporation" "c:\windows\system32\drivers\sonync.sys"
+ "SQTECH905C" "Universal Serial Bus Camera Driver" "Service & Quality Technology." "c:\windows\system32\drivers\capt905c.sys"
+ "symsnap" "StorageCraft Volume Snap-Shot" "StorageCraft" "c:\windows\system32\drivers\symsnap.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "TcUsb" "TouchChip USB Kernel Driver" "UPEK Inc." "c:\windows\system32\drivers\tcusb.sys"
+ "ti21sony" "ti21sony.sys" "Texas Instruments" "c:\windows\system32\drivers\ti21sony.sys"
+ "timounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "tosporte" "TOSHIBA Bluetooth Port Emulation Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosporte.sys"
+ "tosrfbd" "Bluetooth RF Bus Driver" "TOSHIBA CORPORATION" "c:\windows\system32\drivers\tosrfbd.sys"
+ "tosrfbnp" "Bluetooth RFBNEP Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfbnp.sys"
+ "Tosrfcom" "Bluetooth RFCOMM Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfcom.sys"
+ "Tosrfhid" "Bluetooth HID Driver from TOSHIBA" "TOSHIBA Corporation." "c:\windows\system32\drivers\tosrfhid.sys"
+ "tosrfnds" "Bluetooth BNEP Driver" "TOSHIBA Corporation." "c:\windows\system32\drivers\tosrfnds.sys"
+ "TosRfSnd" "Bluetooth Audio Driver (WDM)" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfsnd.sys"
+ "tosrfusb" "Bluetooth USB Miniport Driver" "TOSHIBA CORPORATION" "c:\windows\system32\drivers\tosrfusb.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "vididr" "Virtual Disk Driver Service" "Acronis" "c:\windows\system32\drivers\vididr.sys"
+ "vidsflt53" "Acronis Virtual Disk Storage Filter" "Acronis" "c:\windows\system32\drivers\vsflt53.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.dvsd" "Video for Windows driver for DV" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sonydv.dll"
+ "vidc.mjpg" "PICVideo M-JPEG 3 codec" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg30.dll"
+ "VIDC.WJPG" "Winbond 32-bit YUY2 Decompression driver" "Winbond Electronics Corporation" "c:\windows\system32\wb9967.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sony MPEG2 TS Splitter Ex" "" "Sony Corporation" "c:\program files\common files\sony shared\videolib\tssplt_s.ax"
+ "Sony MPEG2 TS Splitter Ex" "" "Sony Corporation" "c:\program files\common files\sony shared\videolib\tssplt_s.ax"
+ "Waves L1-Ultramaximizer+" "L1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\l1vaio.dll"
+ "Waves L1-Ultramaximizer+" "L1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\l1vaio.dll"
+ "Waves RBass" "Renaissance Bass" "K. S. Waves Ltd." "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\rbassvaio.dll"
+ "Waves RBass" "Renaissance Bass" "K. S. Waves Ltd." "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\rbassvaio.dll"
+ "Waves S1-Shuffler" "S1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s1vaio.dll"
+ "Waves S1-Shuffler" "S1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s1vaio.dll"
+ "Waves S360 Imager s/5.0" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.0" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.1" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.1" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX Demux" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "DivX Subtitle Decoder" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "DivX Video Decoder 0004" "DivX® Decoder Filter" "DivX, Inc." "c:\program files\pinnacle\shared files\filter\divxdec.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "FullTS2PartialTS" "Infinite FullTS2PartialTS Filter (Sample)" "Microsoft Corporation" "c:\program files\intervideo\common\bin\ulfullts2partialts.ax"
+ "Intervideo 3gFileSource" "Intervideo 3G File Source Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\source3g.ax"
+ "Intervideo AMR Decoder" "IVI AMR Decoding" "Intervideo, Inc." "c:\program files\intervideo\common\bin\amrdec.ax"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.58625" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Demultiplexer" "InterVideo?MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemux.ax"
+ "InterVideo Navigator" "IVINAV LOGID.58625" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo PSIP/SI Filter" "InterVideo PSIP/SI Sections/Tables Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\psidecod.ax"
+ "InterVideo Subtitle" "Minimal Null Filter (Sample)" "MyCompanyName" "c:\program files\intervideo\common\bin\ivisubtitle.ax"
+ "Intervideo TsSplitter Filter" "Intervideo TsSplitter Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\tssplitter.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.58625" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "IVI QT source" "iviQTsource" "InterVideo" "c:\program files\intervideo\common\bin\iviqtsource.ax"
+ "MPEG2 TS Source" "" "" "c:\program files\intervideo\common\bin\mpgtsrdr.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Null-In-Place" "Null-In-Place Filter (Sample)" "Microsoft Corporation" "c:\program files\sony\vaio camera capture utility\resettimestamp.ax"
+ "OMG TRANSFORM" "OmgTransform Filter " "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgtrans.ax"
+ "OmgDsee Filter" "" "" "c:\program files\common files\sony shared\openmg\omgdseefilter.ax"
+ "OmgGenericSrcFilter" "OmgGenericSrcFilter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omggenericsrcfilter.ax"
+ "OmgMP4Decoder2" "OmgMP4Decoder2" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgmp4decoder2.ax"
+ "OmgPushSrc" "OmgPushSrc" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgpushsrc.ax"
+ "OpenMG Async. File Source" "OpenMG Async. File Source" "Sony Corporation" "c:\program files\common files\sony shared\avlib\omgafs.ax"
+ "OpenMG Audio Decrypt" "OpenMG Decrypt Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgdec.ax"
+ "OpenMG OmgSource Filter" "OpenMG OmgSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgsrc.ax"
+ "PICVideo M-JPEG 3 Compressor" "PICVideo M-JPEG 3 codec" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg30.dll"
+ "PICVideo M-JPEG 3 Decompressor" "PICVideo M-JPEG 3 codec" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg30.dll"
+ "Pinnacle MCE Multiplexer" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MP3 Encoder" "Pinnacle MP3 compressor" "Pinnacle Systems" "c:\program files\pinnacle\studio 12\programs\pclemp3encoder.ax"
+ "Pinnacle MPEG 2 Decoder" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG 2 Encoder" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG 2 Splicer" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG 2/AVC Multiplexer" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG Adjust" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG Demuxer" "MPEG Demuxer Filter - Program stream demuxer" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempgdemux.ax"
+ "Pinnacle MPEG Layer-1/2 Audio Decoder" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle MPEG Layer-2 Audio Encoder" "Pinnacle MPEG Codec - DirectX Filter" "Avid Development GmbH" "c:\program files\pinnacle\shared files\filter\pclempegbox.ax"
+ "Pinnacle(dicas) AMR Audio Decoder" "dsamrauddec" "dicas digital image coding GmbH" "c:\program files\pinnacle\shared files\filter\pcleamrauddec.ax"
+ "Pinnacle(dicas) AMR Audio Encoder" "dsamraudenc" "dicas digital image coding GmbH" "c:\program files\pinnacle\studio 12\programs\pcleamraudenc.ax"
+ "Pinnacle(dicas) H263 Video Encoder" "dsh263videnc" "dicas digital image coding GmbH" "c:\program files\pinnacle\studio 12\programs\pcleh263videnc.ax"
+ "Pinnacle(dicas) MPEG-4 Audio Decoder" "dsmpeg4auddec" "dicas digital image coding GmbH" "c:\program files\pinnacle\shared files\filter\pclempeg4auddec.ax"
+ "Pinnacle(dicas) MPEG-4 File Reader" "dsmp4filereader" "dicas digital image coding GmbH" "c:\program files\pinnacle\shared files\filter\pclemp4filereader.ax"
+ "Pinnacle(dicas) MPEG-4 Video Decoder" "dsmpeg4viddec" "dicas digital image coding GmbH" "c:\program files\pinnacle\shared files\filter\pclempeg4viddec.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RealMediaRenderer2" "Real Media Renderer 2" "Pinnacle Systems, Inc." "c:\program files\pinnacle\shared files\realvideo\pclermrenderer2.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiodvdaudio.dll"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\repackfilter.dll"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\tsmpegsource.dll"
+ "SAL Input Converter" "SAL Input Converter Source Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saliconv.ax"
+ "SAL Output Converter" "SAL Output Converter RendererFilter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saloconv.ax"
+ "Seamless Play" "Seamless-Play Filter (Sample)" "Sony Corporation" "c:\program files\common files\sony shared\openmg\seamlessfilter.ax"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MPEG Audio Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG Video Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc" "c:\program files\common files\sonic shared\sonicmc01\sonicm2vd.ax"
+ "SONY AC3 Decoder" "Sony AC3 Decoder Filter" "Sony Corporation" "c:\program files\common files\sony shared\ac3dec\sac3dec.ax"
+ "Sony Audio CD Source Filter" "OpenMG CdSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\cdsrc.ax"
+ "Sony AVC Decoder" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sjvtdl.ax"
+ "SONY DV Video Decoder" "Sony DV Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sdvvd.ax"
+ "Sony LPCM Decoder" "Sony LPCM Decode Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\slpcmd.ax"
+ "Sony MP4 File Source" "Sony MP4 File Source Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\mp4filesource.ax"
+ "Sony MPEG Audio Decoder" "Sony MPEG Audio Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smad.ax"
+ "SONY MPEG Video Decoder" "Sony MPEG4 Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sm4spvd.ax"
+ "SONY MPEG Video Decoder" "Sony MPEG Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smvd.ax"
+ "Sony MPEG-TS Parser" "Sony MPEG Parser Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smparse.ax"
+ "Sony SCL Flip" "Flip Filter" "Sony Corporation" "c:\program files\sony\vaio camera capture utility\leftright.ax"
+ "Sony SCL MpegFilter" "Sony MPEG Encode Filter " "Sony Corporation" "c:\program files\sony\vaio camera capture utility\smpegenc.ax"
+ "SonyMemSource2 (Async.)" "Memory source Filter" "Sony Corporation" "c:\program files\sony\click to dvd 2\memsource2.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonycdsrcwriter.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonymsaconverter3.ax"
+ "StdOut" "File Dump Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\stdout.ax"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\subpictenc.dll"
+ "Ulead Http Stream Push Source Filter" "Ulead HTTP Push Source Filter" "Ulead Systems, Inc." "c:\program files\intervideo\common\bin\ulhttppushsource.ax"
+ "Ulead Http Stream Source (Async.)" "Async Http Stream source filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\asynchttpstream.ax"
+ "Ulead WMV/WMA Source Filter" "UleadWMSrcFilter" "Ulead Systems,Inc." "c:\program files\intervideo\common\bin\uleadwmsrcfilter.ax"
+ "VAIO Content Metadata Univ Filter" "DirectShow Filter for VCM Intelligent Analyzing Manager" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmsmplcapflt.ax"
+ "VaioAacDecFilter" "Sony MPEG4 AAC Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\saaclcd.ax"
+ "VcmIAlzGPDFilter" "VCM Intelligent Analyzing Manager GPD Library" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzgpdfilter.ax"
+ "VcmIAlzGPDFilter2" "VCM Intelligent Analyzing Manager GPD Library" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzgpdfilter2.ax"
+ "Vision video transform" "WDM video transform for Vision" "DVR" "c:\program files\avervision3\visionap\vision.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "{1AD512C6-24AF-4395-82B4-2D3CF21F44A2}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamwriter.ax"
+ "{472C92F0-5438-423D-9B30-FD2932EA44EE}" "Roxio Audio Source Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiosource.ax"
+ "{58FF69ED-8388-483B-B9AC-3EB04BBEB913}" "Roxio Audio Stream Reader Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamreader.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "" "" "File not found: igfxdev.dll"
+ "VESWinlogon" "VAIO Event Service (Winlogon Notification Module)" "Sony Corporation" "c:\windows\system32\veswinlogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon2k.dll"
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll"
+ "Toshiba Bluetooth Monitor" "" "TOSHIBA CORPORATION." "c:\windows\system32\tbtmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "AdobeDriveCS4_NP" "Adobe Drive CS4 Network" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"
"C:\Users\pat\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-us\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-us\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-us\Gadget.xml"


I hope the Autoruns log is correctly formatted for you, as it looks a bit of a mess!

Thanks,
Dave :)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 30 September 2012 - 07:49 AM

Launch Autoruns and uncheck this entry
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "actes" "" "" "File not found: C:\Users\pat\AppData\Roaming\actes.dll"

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 September 2012 - 11:22 AM

Hi,

Brilliant - all done! That DLL error was causing me grief, but such a simple fix when you know where to look!

Is everything looking back to 'normal' once more?

Thanks again for your help,
Dave :)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 30 September 2012 - 11:31 AM

You're clean.I wanted you to run all those scans to makesure there are no traces left.

safe surfing :)

#11 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 September 2012 - 11:45 AM

Hi,

Great news - thanks for all your help!

If anyone's interested, we reckon the infection either came through a rouge 'Java Update' or though an exploit in Adobe Reader. I have now prevented the automatic opening of PDF's in Firefox, in the hope that it prevents similar attacks in future.

Dave :)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 30 September 2012 - 11:47 AM

To be honest it should have come disguised as flash player update :) Zero access spreads normally through fake flash player update.

#13 D-ave-pty

D-ave-pty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 September 2012 - 12:43 PM

Ah - fair enough! Those fake Flash updates are very annoying though; as they look so convincing! I usually update our Flash players manually (via Secunia), but obviously someone’s tried to be helpful in this instance - and accepted a rouge update!! I will now tell them otherwise, and point them in Secunia’s direction if they feel compelled to help keep things up-to-date in future!!

Honestly though, with such convincing exploits around, it’s hard to keep things protected!!

Thanks,
Dave :)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:12 PM

Posted 30 September 2012 - 12:51 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users