Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess Rootkit and System Progressive Protection


  • This topic is locked This topic is locked
22 replies to this topic

#1 Glasjoe

Glasjoe

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 01 October 2012 - 09:13 PM

Hello

I have a Sonay Vaio running Vista 32bit
I had the System Progressive Protection on my laptop and ran rkill and MBAM and cleaned it.
After that i lost use of my laptops keyboard and mouse but the USB keyboard/mouse work.

I tried many thing with no success and have now restored all the files found by MBAM and now back to square one and realize i'm in over my head and need some help.

Windows Update will not run as well as other services
MS Security Essentials was on it but was getting errors so i uninstalled it
My Recylc Bin says it's corrupted as well.

Here is the log from my most recent Rkill being ran in safemode and MBAM

Please Help!

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2012 08:46:02 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\U\ [ZA Dir]

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 moneypak.com
127.0.0.1 greendot.com
127.0.0.1 google.com
127.0.0.1 bing.com

Program finished at: 10/01/2012 08:46:16 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

MBAM LOG RAN IN SAFEMODE
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.01.08

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
wright0900 :: WRIGHT-PC [administrator]

Protection: Disabled

10/1/2012 8:46:57 PM
mbam-log-2012-10-01 (22-28-26).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525220
Time elapsed: 1 hour(s), 40 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\3259 (Rootkit.RLoader.Gen) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) Good: (fastprox.dll) -> No action taken.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\n.) Good: (shell32.dll) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe, C:\Users\wright0900\AppData\Local\google_update.exe,) Good: (userinit.exe) -> No action taken.

Folders Detected: 1
C:\ProgramData\29727936 (Rogue.Multiple) -> No action taken.

Files Detected: 3
C:\Users\wright0900\AppData\Local\temp\3259.sys (Rootkit.RLoader.Gen) -> No action taken.
C:\Users\wright0900\AppData\Local\temp\jtscbqcyv.exe (PUP.BitMiner) -> No action taken.
C:\Users\wright0900\AppData\Local\temp\muwlqtcbd.exe (PUP.BitMiner) -> No action taken.

(end)

Edited by Glasjoe, 01 October 2012 - 10:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 01 October 2012 - 11:51 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 02 October 2012 - 12:38 AM

Hi Gringo, thanks for the quick reply

CHECKUP.TXT
Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2009 7:40:55 AM
System Uptime: 10/1/2012 10:39:17 PM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | N/A | 1993/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 126.974 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
Description: Generic PnP Monitor
Device ID: DISPLAY\MS_9040\4&302115BB&1&UID67568640
Manufacturer: (Standard monitor types)
Name: Generic PnP Monitor
PNP Device ID: DISPLAY\MS_9040\4&302115BB&1&UID67568640
Service: monitor
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® ICH9M LPC Interface Controller - 2919
Device ID: PCI\VEN_8086&DEV_2919&SUBSYS_9045104D&REV_03\3&11583659&0&F8
Manufacturer: Intel
Name: Intel® ICH9M LPC Interface Controller - 2919
PNP Device ID: PCI\VEN_8086&DEV_2919&SUBSYS_9045104D&REV_03\3&11583659&0&F8
Service: msisadrv
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: Intel Processor
Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_6_MODEL_23\_0
Manufacturer: Intel
Name: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
PNP Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_6_MODEL_23\_0
Service: intelppm
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: Intel Processor
Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_6_MODEL_23\_1
Manufacturer: Intel
Name: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
PNP Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_6_MODEL_23\_1
Service: intelppm
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Root Bus Enumerator
Device ID: ROOT\UMBUS\0000
Manufacturer: Microsoft
Name: UMBus Root Bus Enumerator
PNP Device ID: ROOT\UMBUS\0000
Service: umbus
.
==== System Restore Points ===================
.
RP1283: 12/30/2011 10:33:41 AM - Installed Java™ 6 Update 30
RP1284: 9/28/2012 11:50:18 PM - jackedup
RP1285: 9/29/2012 1:44:37 PM - Scheduled Checkpoint
RP1286: 9/30/2012 1:32:12 PM - Scheduled Checkpoint
RP1287: 10/1/2012 2:07:51 AM - Scheduled Checkpoint
RP1288: 10/1/2012 7:17:22 PM - Installed Microsoft Fix it 50202
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Big Fish Games Client
Bonjour
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Garmin Lifetime Updater
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Home Designer Pro Trial Version 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 30
Magic DVD Copier Version 4.9.1
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
Mystery Case Files: Return to Ravenhearst ™
Network Stumbler 0.4.0 (remove only)
OGA Notifier 2.0.0048.0
OLYMPUS ib
OpenMG Secure Module 5.1.00
Primo
QuickBooks Simple Start 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rosetta Stone Version 3
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setting Utility Series
Skype Click to Call
Skype™ 5.10
Sony Picture Utility
Sony Video Shared Library
SupportSoft Assisted Service
Synaptics Pointing Device Driver
TI-83 Plus Flash Debugger
TreeSize Professional V5.5.5
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VAIO Wireless Wizard
WinDVD for VAIO
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 12:57:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
9/30/2012 12:57:10 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2012 12:56:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
9/30/2012 11:03:41 AM, Error: EventLog [6008] - The previous system shutdown at 12:39:41 AM on 9/30/2012 was unexpected.
9/29/2012 1:07:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:58:34 AM on 9/29/2012 was unexpected.
9/28/2012 8:34:46 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
9/28/2012 8:34:46 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
9/28/2012 8:30:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment UPnP Client Adapter service to connect.
9/28/2012 8:30:53 PM, Error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2012 8:30:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Vcsw with arguments "" in order to run the server: {AD824619-9A64-4DFF-9426-4111B582A967}
9/28/2012 7:28:38 PM, Error: EventLog [6008] - The previous system shutdown at 7:27:37 PM on 9/28/2012 was unexpected.
9/28/2012 7:25:59 PM, Error: EventLog [6008] - The previous system shutdown at 7:07:38 PM on 9/28/2012 was unexpected.
9/28/2012 7:04:19 PM, Error: EventLog [6008] - The previous system shutdown at 5:46:09 PM on 9/27/2012 was unexpected.
9/27/2012 5:38:22 PM, Error: EventLog [6008] - The previous system shutdown at 12:58:41 AM on 9/26/2012 was unexpected.
9/26/2012 12:57:54 AM, Error: EventLog [6008] - The previous system shutdown at 12:56:01 AM on 9/26/2012 was unexpected.
9/25/2012 9:05:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall MpFilter spldr Wanarpv6
9/25/2012 9:03:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Power Management service to connect.
9/25/2012 9:03:49 AM, Error: Service Control Manager [7000] - The VAIO Power Management service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/25/2012 8:59:28 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
9/25/2012 11:30:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
9/25/2012 11:30:45 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/25/2012 11:30:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/2/2012 12:13:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.3.144 for the Network Card with network address 0022FB014888 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/1/2012 8:50:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/1/2012 8:45:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall i8042prt msisadrv spldr Wanarpv6
10/1/2012 8:45:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 8:44:33 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
10/1/2012 8:44:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/1/2012 8:44:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/1/2012 8:44:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2012 8:44:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/1/2012 8:13:40 PM, Error: Service Control Manager [7034] - The Realtek Audio Service service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 7:40:50 PM, Error: Service Control Manager [7034] - The Nalpeiron Licensing Service service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 7:40:50 PM, Error: Service Control Manager [7034] - The atisvc_jcdge service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 7:20:35 PM, Error: Microsoft Antimalware [2001] -
10/1/2012 5:57:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall i8042prt MpFilter msisadrv spldr Wanarpv6
10/1/2012 5:56:21 PM, Error: EventLog [6008] - The previous system shutdown at 3:06:04 PM on 10/1/2012 was unexpected.
10/1/2012 10:40:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt msisadrv
10/1/2012 10:40:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/1/2012 10:40:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/1/2012 10:40:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/1/2012 10:40:28 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The system cannot find the file specified.
10/1/2012 10:40:28 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/1/2012 10:38:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/1/2012 1:37:16 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
10/1/2012 1:30:48 AM, Error: EventLog [6008] - The previous system shutdown at 10:05:47 PM on 9/30/2012 was unexpected.
10/1/2012 1:01:19 PM, Error: EventLog [6008] - The previous system shutdown at 10:18:05 AM on 10/1/2012 was unexpected.
.
==== End Of File ===========================

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by wright0900 at 0:32:52 on 2012-10-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1530 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\qsesqt\atisvc_jcdge.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\qsesqt\atisvc_jcdge.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Users\WRIGHT~1\AppData\Local\Temp\huwoovakp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\wright0900\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mWinlogon: Userinit=c:\users\wright0900\appdata\local\google_update.exe,
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [xivwxuaggnirrpeecys] c:\users\wright0900\appdata\roaming\xivwxuaggnirrpeecys.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{106F9621-76A3-40EF-B03D-CB3B4D2C2373} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{244EED3D-6D0B-4CB7-963D-3D0D75B6186F} : DhcpNameServer = 172.20.11.218 172.21.1.156
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wright0900\appdata\roaming\mozilla\firefox\profiles\5tdd6v24.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\wright0900\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R2 3259;3259;c:\users\wright~1\appdata\local\temp\3259.sys [2012-10-1 151552]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 atisvc_jcdge;atisvc_jcdge;c:\windows\system32\qsesqt\atisvc_jcdge.exe [2009-4-2 436700]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-25 399432]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-6-7 61440]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-29 104992]
R2 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2008-11-10 122880]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-10 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-29 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-10 17920]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-29 3664384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-23 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-30 250288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-23 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-26 114144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-29 9344]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-11-10 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-11-10 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-11-10 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-10 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-11-10 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-02 01:14:41 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-02 00:46:15 -------- d-----w- c:\users\wright0900\appdata\local\ElevatedDiagnostics
2012-10-02 00:36:15 -------- d-----w- c:\programdata\29727936
2012-10-02 00:18:25 -------- d-----w- c:\windows\system32\catroot2
2012-09-29 05:09:02 -------- d-----w- c:\users\wright0900\appdata\local\Macromedia
2012-09-29 01:23:51 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 00:42:26 1065092 ----a-w- c:\users\wright0900\appdata\roaming\xivwxuaggnirrpeecys.exe
2012-09-26 05:33:16 2605898 ----a-w- c:\program files\mozilla firefox\components\1261207.dll
2012-09-21 23:52:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-21 23:49:45 -------- d-----w- c:\programdata\E855C8E71614E08B0074E8555472C116
2012-09-21 23:48:35 54 ----a-w- c:\windows\system32\inv.vbs
.
==================== Find3M ====================
.
2012-09-29 01:23:51 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:33:12.12 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 02 October 2012 - 01:12 AM

Greetings


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 02 October 2012 - 11:11 PM

I think I hit Scan or Delete one too many times on the Rogue killer, sorry been a long day and have 5 different reports, Reports 1-3 have bad files/entries, reports 4 and 5 do not..Mbam was also running and a window with a quarentine request popped up while run Rogue Killer as well.

ADW RESULTS

# AdwCleaner v2.003 - Logfile created 10/02/2012 at 23:00:42
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : wright0900 - WRIGHT-PC
# Boot Mode : Normal
# Running from : C:\Users\wright0900\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\wright0900\AppData\Roaming\Mozilla\Firefox\Profiles\5tdd6v24.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [02/10/2012 22:58:56]
AdwCleaner[R2].txt - [1382 octets] - [02/10/2012 22:59:55]
AdwCleaner[S1].txt - [1588 octets] - [02/10/2012 23:00:42]

########## EOF - C:\AdwCleaner[S1].txt - [1648 octets] ##########


RKreport(1)

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : wright0900 [Admin rights]
Mode : Scan -- Date : 10/01/2012 20:15:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 28 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : xivwxuaggnirrpeecys (C:\Users\wright0900\AppData\Roaming\xivwxuaggnirrpeecys.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2041900048-2565617125-979403049-1000[...]\Run : xivwxuaggnirrpeecys (C:\Users\wright0900\AppData\Roaming\xivwxuaggnirrpeecys.exe) -> FOUND
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe, C:\Users\wright0900\AppData\Local\google_update.exe,) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\3259 (\??\C:\Users\WRIGHT~1\AppData\Local\Temp\3259.sys) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 moneypak.com
127.0.0.1 greendot.com
127.0.0.1 google.com
127.0.0.1 bing.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 7fdbc76d3f46af6d4b6802b43bc09376
[BSP] 43a551398bf8561562345d05d7b18d46 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19044352 | Size: 229175 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RKreport(2)

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : wright0900 [Admin rights]
Mode : Scan -- Date : 10/02/2012 23:05:15

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 29 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : xivwxuaggnirrpeecys (C:\Users\wright0900\AppData\Roaming\xivwxuaggnirrpeecys.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2041900048-2565617125-979403049-1000[...]\Run : xivwxuaggnirrpeecys (C:\Users\wright0900\AppData\Roaming\xivwxuaggnirrpeecys.exe) -> FOUND
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe, C:\Users\wright0900\AppData\Local\google_update.exe,) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\3259 (\??\C:\Users\WRIGHT~1\AppData\Local\Temp\3259.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\3259 (\??\C:\Users\WRIGHT~1\AppData\Local\Temp\3259.sys) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 moneypak.com
127.0.0.1 greendot.com
127.0.0.1 google.com
127.0.0.1 bing.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 7fdbc76d3f46af6d4b6802b43bc09376
[BSP] 43a551398bf8561562345d05d7b18d46 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19044352 | Size: 229175 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RKreport(3)

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : wright0900 [Admin rights]
Mode : Remove -- Date : 10/02/2012 23:06:28

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 27 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : xivwxuaggnirrpeecys (C:\Users\wright0900\AppData\Roaming\xivwxuaggnirrpeecys.exe) -> DELETED
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe, C:\Users\wright0900\AppData\Local\google_update.exe,) -> REPLACED (C:\Windows\system32\userinit.exe,)
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\3259 (\??\C:\Users\WRIGHT~1\AppData\Local\Temp\3259.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\3259 (\??\C:\Users\WRIGHT~1\AppData\Local\Temp\3259.sys) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2041900048-2565617125-979403049-1000\$b3d623a0b08837464ec71e3967d92046\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b3d623a0b08837464ec71e3967d92046\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 moneypak.com
127.0.0.1 greendot.com
127.0.0.1 google.com
127.0.0.1 bing.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 7fdbc76d3f46af6d4b6802b43bc09376
[BSP] 43a551398bf8561562345d05d7b18d46 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19044352 | Size: 229175 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Quarentined files in MBAM
VENDOR DATE CATAGORY ITEM
Trojan.Dowloader 10/2/2012, 11:03PM File C:\Users\wright0900\AppData\Roaming\xivwxuaggnirpeecy.exe
Trojan.Downloader 10/2/2012 11:07PM File C:\Users\wright0900\AppData\Local\temp\FDFF.tmp

Edited by Glasjoe, 02 October 2012 - 11:25 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 03 October 2012 - 01:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 03 October 2012 - 09:17 PM

laptop went into sleep mode last night, had to power off manually for it to work...

hopefully we are on the right track, havne't tried the laptop keyboard/mouse yet or windows update

Should i reboot first?


COMBO FIX

ComboFix 12-10-03.03 - wright0900 10/03/2012 20:50:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1779 [GMT -5:00]
Running from: C:\Users\wright0900\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\wright0900\AppData\Roaming\47DEB1.dat


((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))


2012-10-04 01:58:44 . 2012-10-04 02:00:12 -------- d-----w- C:\Users\wright0900\AppData\Local\temp
2012-10-04 01:58:44 . 2012-10-04 01:58:44 -------- d-----w- C:\Users\zip_drive\AppData\Local\temp
2012-10-04 01:58:44 . 2012-10-04 01:58:44 -------- d-----w- C:\Users\temp\AppData\Local\temp
2012-10-04 01:58:44 . 2012-10-04 01:58:44 -------- d-----w- C:\Users\Resume\AppData\Local\temp
2012-10-04 01:58:44 . 2012-10-04 01:58:44 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-10-04 01:58:44 . 2012-10-04 01:58:44 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-10-02 00:46:15 . 2012-10-02 00:46:15 -------- d-----w- C:\Users\wright0900\AppData\Local\ElevatedDiagnostics
2012-10-02 00:36:15 . 2012-10-02 00:38:11 -------- d-----w- C:\ProgramData\29727936
2012-10-02 00:18:25 . 2012-10-02 00:32:36 -------- d-----w- C:\Windows\system32\catroot2
2012-09-29 05:09:02 . 2012-09-29 05:09:02 -------- d-----w- C:\Users\wright0900\AppData\Local\Macromedia
2012-09-29 01:23:51 . 2012-09-29 01:23:51 696240 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-09-26 05:37:29 . 2012-09-26 05:37:29 -------- d-----w- C:\ProgramData\McAfee
2012-09-26 05:27:25 . 2012-09-26 05:27:25 -------- d-----w- C:\Users\wright0900\AppData\Local\Mozilla
2012-09-26 05:27:17 . 2012-09-26 05:27:20 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2012-09-21 23:52:09 . 2012-09-21 23:52:09 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2012-09-21 23:49:45 . 2012-09-26 04:01:16 -------- d-----w- C:\ProgramData\E855C8E71614E08B0074E8555472C116
2012-09-21 23:48:35 . 2012-09-21 23:48:35 54 ----a-w- C:\Windows\system32\inv.vbs
2012-09-08 03:00:24 . 2012-09-08 03:00:24 -------- d-----w- C:\Windows\Sun
2012-09-05 22:38:42 . 2012-09-05 22:38:42 -------- d-----w- C:\Program Files\Common Files\Skype
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-29 01:23:51 . 2011-07-01 02:07:54 73136 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04:46 . 2011-12-30 16:11:20 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-04-02 21:54:07 . 2012-09-26 05:33:16 2605898 ----a-w- C:\Program Files\mozilla firefox\components\1261207.dll
2012-09-06 01:27:05 . 2012-09-26 05:27:14 266720 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-07-03 05:52:21 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 02:43:03 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 10:50:40 6295552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-08-22 00:08:02 145944]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 04:32:48 317280]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-08-22 00:07:45 170520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-12-09 14:27:52 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-10-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 19:16:50 . 2012-09-29 01:23:51]

2012-10-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-24 01:25:16 . 2011-08-24 01:25:09]

2012-10-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-24 01:25:16 . 2011-08-24 01:25:09]


------- Supplementary Scan -------

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - C:\Users\wright0900\AppData\Roaming\Mozilla\Firefox\Profiles\5tdd6v24.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Edited by Glasjoe, 03 October 2012 - 09:25 PM.


#8 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 03 October 2012 - 09:24 PM

sorry


thought it was done and copied wrong log...

this is the one that popped up

ComboFix 12-10-03.03 - wright0900 10/03/2012 20:50:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1779 [GMT -5:00]
Running from: c:\users\wright0900\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\wright0900\AppData\Roaming\47DEB1.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 01:58 . 2012-10-04 02:00 -------- d-----w- c:\users\wright0900\AppData\Local\temp
2012-10-04 01:58 . 2012-10-04 01:58 -------- d-----w- c:\users\zip_drive\AppData\Local\temp
2012-10-04 01:58 . 2012-10-04 01:58 -------- d-----w- c:\users\temp\AppData\Local\temp
2012-10-04 01:58 . 2012-10-04 01:58 -------- d-----w- c:\users\Resume\AppData\Local\temp
2012-10-04 01:58 . 2012-10-04 01:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-04 01:58 . 2012-10-04 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 00:46 . 2012-10-02 00:46 -------- d-----w- c:\users\wright0900\AppData\Local\ElevatedDiagnostics
2012-10-02 00:36 . 2012-10-02 00:38 -------- d-----w- c:\programdata\29727936
2012-10-02 00:18 . 2012-10-02 00:32 -------- d-----w- c:\windows\system32\catroot2
2012-09-29 05:09 . 2012-09-29 05:09 -------- d-----w- c:\users\wright0900\AppData\Local\Macromedia
2012-09-29 01:23 . 2012-09-29 01:23 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-26 05:37 . 2012-09-26 05:37 -------- d-----w- c:\programdata\McAfee
2012-09-26 05:27 . 2012-09-26 05:27 -------- d-----w- c:\users\wright0900\AppData\Local\Mozilla
2012-09-26 05:27 . 2012-09-26 05:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-21 23:52 . 2012-09-21 23:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-21 23:49 . 2012-09-26 04:01 -------- d-----w- c:\programdata\E855C8E71614E08B0074E8555472C116
2012-09-21 23:48 . 2012-09-21 23:48 54 ----a-w- c:\windows\system32\inv.vbs
2012-09-08 03:00 . 2012-09-08 03:00 -------- d-----w- c:\windows\Sun
2012-09-05 22:38 . 2012-09-05 22:38 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 01:23 . 2011-07-01 02:07 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04 . 2011-12-30 16:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 21:54 . 2012-09-26 05:33 2605898 ----a-w- c:\program files\mozilla firefox\components\1261207.dll
2012-09-06 01:27 . 2012-09-26 05:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-12-09 14:27 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 01:23]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 01:25]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 01:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\wright0900\AppData\Roaming\Mozilla\Firefox\Profiles\5tdd6v24.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtkAudioService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\qsesqt\atisvc_jcdge.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\qsesqt\atisvc_jcdge.exe
c:\windows\system32\nlssrv32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Care\collsvc.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
.
**************************************************************************
.
Completion time: 2012-10-03 21:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 02:15
.
Pre-Run: 136,382,377,984 bytes free
Post-Run: 135,828,369,408 bytes free
.
- - End Of File - - AD5AE1582422273BB93996A6FEB51DEE

#9 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 03 October 2012 - 10:03 PM

OK, rebooted....able to get Windows Defender working, redownload MS Security Essentials, Windows Update working fine....


big problem i have still is that my keyboard and mouse on the laptop do not work, i downloaded the driver for the touchpad from Sony...no luck


Also the updates from Sony's site have indicated they did not install correctly or that I do NOT have VISTA installed....


so far so good, would be awesome if I could get keyboard and mouse working again!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 04 October 2012 - 12:26 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 04 October 2012 - 08:48 PM

Hi Gringo

Findings below

TDS

18:23:26.0338 4812 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:23:26.0805 4812 ============================================================
18:23:26.0805 4812 Current date / time: 2012/10/04 18:23:26.0805
18:23:26.0805 4812 SystemInfo:
18:23:26.0805 4812
18:23:26.0805 4812 OS Version: 6.0.6002 ServicePack: 2.0
18:23:26.0805 4812 Product type: Workstation
18:23:26.0805 4812 ComputerName: WRIGHT-PC
18:23:26.0805 4812 UserName: wright0900
18:23:26.0805 4812 Windows directory: C:\Windows
18:23:26.0805 4812 System windows directory: C:\Windows
18:23:26.0805 4812 Processor architecture: Intel x86
18:23:26.0805 4812 Number of processors: 2
18:23:26.0805 4812 Page size: 0x1000
18:23:26.0805 4812 Boot type: Normal boot
18:23:26.0806 4812 ============================================================
18:23:29.0777 4812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:23:29.0798 4812 ============================================================
18:23:29.0798 4812 \Device\Harddisk0\DR0:
18:23:29.0798 4812 MBR partitions:
18:23:29.0798 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1229800, BlocksNum 0x1BF9B970
18:23:29.0798 4812 ============================================================
18:23:29.0864 4812 C: <-> \Device\Harddisk0\DR0\Partition1
18:23:29.0865 4812 ============================================================
18:23:29.0865 4812 Initialize success
18:23:29.0865 4812 ============================================================
18:23:36.0848 5260 ============================================================
18:23:36.0848 5260 Scan started
18:23:36.0848 5260 Mode: Manual;
18:23:36.0848 5260 ============================================================
18:23:37.0020 5260 ================ Scan system memory ========================
18:23:37.0020 5260 System memory - ok
18:23:37.0021 5260 ================ Scan services =============================
18:23:37.0275 5260 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:23:37.0277 5260 ACDaemon - ok
18:23:37.0750 5260 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:23:37.0754 5260 ACPI - ok
18:23:37.0812 5260 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:23:37.0814 5260 AdobeARMservice - ok
18:23:38.0084 5260 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:23:38.0085 5260 AdobeFlashPlayerUpdateSvc - ok
18:23:38.0173 5260 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:23:38.0180 5260 adp94xx - ok
18:23:38.0257 5260 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:23:38.0263 5260 adpahci - ok
18:23:38.0294 5260 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:23:38.0316 5260 adpu160m - ok
18:23:38.0368 5260 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:23:38.0370 5260 adpu320 - ok
18:23:38.0401 5260 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:23:38.0402 5260 AeLookupSvc - ok
18:23:38.0535 5260 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:23:38.0540 5260 AFD - ok
18:23:38.0570 5260 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:23:38.0571 5260 agp440 - ok
18:23:38.0594 5260 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:23:38.0597 5260 aic78xx - ok
18:23:38.0672 5260 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:23:38.0673 5260 ALG - ok
18:23:38.0698 5260 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:23:38.0699 5260 aliide - ok
18:23:39.0093 5260 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:23:39.0104 5260 amdagp - ok
18:23:39.0342 5260 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:23:39.0360 5260 amdide - ok
18:23:39.0381 5260 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:23:39.0383 5260 AmdK7 - ok
18:23:39.0425 5260 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:23:39.0426 5260 AmdK8 - ok
18:23:39.0477 5260 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:23:39.0478 5260 Appinfo - ok
18:23:39.0663 5260 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:23:39.0667 5260 Apple Mobile Device - ok
18:23:39.0702 5260 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:23:39.0708 5260 arc - ok
18:23:39.0738 5260 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:23:39.0741 5260 arcsas - ok
18:23:39.0770 5260 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:23:39.0770 5260 ArcSoftKsUFilter - ok
18:23:39.0796 5260 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:39.0797 5260 AsyncMac - ok
18:23:39.0815 5260 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:23:39.0816 5260 atapi - ok
18:23:39.0964 5260 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
18:23:39.0978 5260 athr - ok
18:23:40.0648 5260 [ 9F66D1BA97911731133E46212539A08D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:23:40.0791 5260 atikmdag - ok
18:23:40.0903 5260 [ D8E87ADFFAB8A1AD89D60EC4879AC4F9 ] atisvc_jcdge C:\Windows\system32\qsesqt\atisvc_jcdge.exe
18:23:41.0009 5260 atisvc_jcdge - ok
18:23:41.0240 5260 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:23:41.0242 5260 AudioEndpointBuilder - ok
18:23:41.0251 5260 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:23:41.0254 5260 Audiosrv - ok
18:23:41.0339 5260 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:23:41.0340 5260 Beep - ok
18:23:41.0511 5260 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:23:41.0513 5260 BFE - ok
18:23:41.0590 5260 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:23:41.0604 5260 BITS - ok
18:23:41.0636 5260 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:23:41.0637 5260 blbdrive - ok
18:23:41.0701 5260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:23:41.0707 5260 Bonjour Service - ok
18:23:41.0772 5260 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:23:41.0774 5260 bowser - ok
18:23:41.0795 5260 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:23:41.0797 5260 BrFiltLo - ok
18:23:41.0837 5260 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:23:41.0849 5260 BrFiltUp - ok
18:23:41.0903 5260 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:23:41.0904 5260 Browser - ok
18:23:41.0928 5260 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:23:41.0930 5260 Brserid - ok
18:23:41.0965 5260 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:23:41.0967 5260 BrSerWdm - ok
18:23:42.0005 5260 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:23:42.0006 5260 BrUsbMdm - ok
18:23:42.0025 5260 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:23:42.0026 5260 BrUsbSer - ok
18:23:42.0074 5260 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:23:42.0076 5260 BTHMODEM - ok
18:23:42.0109 5260 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
18:23:42.0111 5260 BVRPMPR5 - ok
18:23:42.0148 5260 catchme - ok
18:23:42.0191 5260 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:23:42.0192 5260 cdfs - ok
18:23:42.0232 5260 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:23:42.0233 5260 cdrom - ok
18:23:42.0341 5260 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:23:42.0342 5260 CertPropSvc - ok
18:23:42.0473 5260 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:23:42.0474 5260 circlass - ok
18:23:42.0624 5260 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:23:42.0629 5260 CLFS - ok
18:23:42.0775 5260 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:42.0777 5260 clr_optimization_v2.0.50727_32 - ok
18:23:42.0868 5260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:42.0957 5260 clr_optimization_v4.0.30319_32 - ok
18:23:43.0018 5260 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:43.0019 5260 CmBatt - ok
18:23:43.0058 5260 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:23:43.0060 5260 cmdide - ok
18:23:43.0084 5260 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:23:43.0085 5260 Compbatt - ok
18:23:43.0090 5260 COMSysApp - ok
18:23:43.0127 5260 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:23:43.0128 5260 crcdisk - ok
18:23:43.0154 5260 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:23:43.0156 5260 Crusoe - ok
18:23:43.0218 5260 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:23:43.0219 5260 CryptSvc - ok
18:23:43.0461 5260 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:23:43.0466 5260 DcomLaunch - ok
18:23:43.0638 5260 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:23:43.0640 5260 DfsC - ok
18:23:44.0032 5260 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:23:44.0098 5260 DFSR - ok
18:23:44.0126 5260 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:23:44.0128 5260 Dhcp - ok
18:23:44.0166 5260 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:23:44.0167 5260 disk - ok
18:23:44.0187 5260 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:23:44.0188 5260 DMICall - ok
18:23:44.0266 5260 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:23:44.0267 5260 Dnscache - ok
18:23:44.0334 5260 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:23:44.0337 5260 dot3svc - ok
18:23:44.0361 5260 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:23:44.0362 5260 DPS - ok
18:23:44.0459 5260 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:23:44.0459 5260 drmkaud - ok
18:23:44.0595 5260 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:23:44.0599 5260 DXGKrnl - ok
18:23:44.0639 5260 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:23:44.0642 5260 E1G60 - ok
18:23:44.0711 5260 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:23:44.0712 5260 EapHost - ok
18:23:44.0848 5260 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:23:44.0852 5260 Ecache - ok
18:23:44.0982 5260 [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:23:44.0985 5260 ehRecvr - ok
18:23:45.0003 5260 [ A3D94C93333619458AF4BDE7531234C5 ] ehSched C:\Windows\ehome\ehsched.exe
18:23:45.0004 5260 ehSched - ok
18:23:45.0008 5260 [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart C:\Windows\ehome\ehstart.dll
18:23:45.0009 5260 ehstart - ok
18:23:45.0065 5260 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:23:45.0071 5260 elxstor - ok
18:23:45.0178 5260 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:23:45.0182 5260 EMDMgmt - ok
18:23:45.0215 5260 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:23:45.0216 5260 ErrDev - ok
18:23:45.0300 5260 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:23:45.0302 5260 EventSystem - ok
18:23:45.0633 5260 [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:23:45.0748 5260 EvtEng - ok
18:23:45.0795 5260 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:23:45.0798 5260 exfat - ok
18:23:45.0875 5260 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:23:45.0878 5260 fastfat - ok
18:23:45.0914 5260 fbtwsbxn - ok
18:23:45.0951 5260 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:23:45.0952 5260 fdc - ok
18:23:45.0989 5260 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:23:46.0009 5260 fdPHost - ok
18:23:46.0039 5260 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:23:46.0040 5260 FDResPub - ok
18:23:46.0066 5260 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:23:46.0068 5260 FileInfo - ok
18:23:46.0101 5260 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:23:46.0102 5260 Filetrace - ok
18:23:46.0470 5260 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:23:46.0527 5260 FLEXnet Licensing Service - ok
18:23:46.0555 5260 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:46.0566 5260 flpydisk - ok
18:23:46.0619 5260 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:23:46.0622 5260 FltMgr - ok
18:23:46.0804 5260 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:23:46.0810 5260 FontCache - ok
18:23:46.0895 5260 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:23:46.0897 5260 FontCache3.0.0.0 - ok
18:23:46.0933 5260 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:23:46.0934 5260 Fs_Rec - ok
18:23:46.0972 5260 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:23:46.0974 5260 gagp30kx - ok
18:23:46.0987 5260 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:23:46.0987 5260 GEARAspiWDM - ok
18:23:47.0068 5260 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:23:47.0078 5260 gpsvc - ok
18:23:47.0170 5260 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:23:47.0171 5260 gupdate - ok
18:23:47.0178 5260 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:23:47.0179 5260 gupdatem - ok
18:23:47.0284 5260 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:23:47.0289 5260 HdAudAddService - ok
18:23:47.0334 5260 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:47.0342 5260 HDAudBus - ok
18:23:47.0395 5260 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:23:47.0397 5260 HidBth - ok
18:23:47.0426 5260 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:23:47.0427 5260 HidIr - ok
18:23:47.0475 5260 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:23:47.0476 5260 hidserv - ok
18:23:47.0509 5260 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:23:47.0510 5260 HidUsb - ok
18:23:47.0542 5260 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:23:47.0544 5260 hkmsvc - ok
18:23:47.0575 5260 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:23:47.0576 5260 HpCISSs - ok
18:23:47.0634 5260 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:23:47.0639 5260 HSFHWAZL - ok
18:23:47.0995 5260 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:23:48.0028 5260 HSF_DPV - ok
18:23:48.0108 5260 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:23:48.0112 5260 HSXHWAZL - ok
18:23:48.0166 5260 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:23:48.0173 5260 HTTP - ok
18:23:48.0205 5260 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:23:48.0206 5260 i2omp - ok
18:23:48.0252 5260 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:48.0253 5260 i8042prt - ok
18:23:48.0465 5260 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:23:48.0467 5260 iaStor - ok
18:23:48.0495 5260 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:23:48.0499 5260 iaStorV - ok
18:23:48.0763 5260 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:23:48.0863 5260 idsvc - ok
18:23:49.0313 5260 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:23:49.0401 5260 igfx - ok
18:23:49.0444 5260 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:23:49.0445 5260 iirsp - ok
18:23:49.0554 5260 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:23:49.0556 5260 IJPLMSVC - ok
18:23:49.0609 5260 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:23:49.0613 5260 IKEEXT - ok
18:23:50.0474 5260 [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:23:50.0487 5260 IntcAzAudAddService - ok
18:23:50.0551 5260 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:23:50.0552 5260 intelide - ok
18:23:50.0610 5260 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:23:50.0621 5260 intelppm - ok
18:23:50.0662 5260 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:23:50.0664 5260 IPBusEnum - ok
18:23:50.0687 5260 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:50.0688 5260 IpFilterDriver - ok
18:23:50.0758 5260 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:23:50.0761 5260 iphlpsvc - ok
18:23:50.0766 5260 IpInIp - ok
18:23:50.0922 5260 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:23:50.0925 5260 IPMIDRV - ok
18:23:50.0984 5260 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:23:50.0987 5260 IPNAT - ok
18:23:51.0031 5260 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:23:51.0037 5260 iPod Service - ok
18:23:51.0094 5260 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:23:51.0095 5260 IRENUM - ok
18:23:51.0120 5260 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:23:51.0122 5260 isapnp - ok
18:23:51.0267 5260 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:23:51.0268 5260 iScsiPrt - ok
18:23:51.0305 5260 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:23:51.0306 5260 iteatapi - ok
18:23:51.0329 5260 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:23:51.0331 5260 iteraid - ok
18:23:51.0390 5260 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:23:51.0393 5260 IviRegMgr - ok
18:23:51.0456 5260 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:51.0457 5260 kbdclass - ok
18:23:51.0508 5260 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:51.0509 5260 kbdhid - ok
18:23:51.0598 5260 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:23:51.0599 5260 KeyIso - ok
18:23:51.0718 5260 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:23:51.0725 5260 KSecDD - ok
18:23:51.0805 5260 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:23:51.0809 5260 KtmRm - ok
18:23:51.0864 5260 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:23:51.0867 5260 LanmanServer - ok
18:23:51.0942 5260 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:23:51.0945 5260 LanmanWorkstation - ok
18:23:51.0950 5260 lczxfmtq - ok
18:23:52.0009 5260 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:23:52.0010 5260 lltdio - ok
18:23:52.0073 5260 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:23:52.0078 5260 lltdsvc - ok
18:23:52.0111 5260 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:23:52.0112 5260 lmhosts - ok
18:23:52.0217 5260 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:23:52.0220 5260 LSI_FC - ok
18:23:52.0244 5260 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:23:52.0246 5260 LSI_SAS - ok
18:23:52.0344 5260 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:23:52.0347 5260 LSI_SCSI - ok
18:23:52.0374 5260 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:23:52.0376 5260 luafv - ok
18:23:52.0527 5260 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:23:52.0527 5260 MBAMProtector - ok
18:23:52.0680 5260 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:23:52.0686 5260 MBAMScheduler - ok
18:23:52.0740 5260 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:23:52.0750 5260 MBAMService - ok
18:23:52.0782 5260 [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:23:52.0783 5260 Mcx2Svc - ok
18:23:52.0822 5260 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:23:52.0823 5260 mdmxsdk - ok
18:23:52.0879 5260 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:23:52.0881 5260 megasas - ok
18:23:52.0972 5260 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:23:52.0978 5260 MegaSR - ok
18:23:53.0197 5260 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:23:53.0199 5260 Microsoft Office Groove Audit Service - ok
18:23:53.0288 5260 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:23:53.0289 5260 MMCSS - ok
18:23:53.0382 5260 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:23:53.0404 5260 Modem - ok
18:23:53.0435 5260 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:23:53.0436 5260 monitor - ok
18:23:53.0479 5260 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:23:53.0480 5260 mouclass - ok
18:23:53.0498 5260 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:23:53.0499 5260 mouhid - ok
18:23:53.0538 5260 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:23:53.0539 5260 MountMgr - ok
18:23:53.0588 5260 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:23:53.0591 5260 MozillaMaintenance - ok
18:23:53.0682 5260 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:23:53.0686 5260 MpFilter - ok
18:23:53.0730 5260 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:23:53.0733 5260 mpio - ok
18:23:54.0162 5260 [ A69630D039C38018689190234F866D77 ] MpKsl92fb54f1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6518186-10B1-426B-92F6-4C0089591004}\MpKsl92fb54f1.sys
18:23:54.0162 5260 MpKsl92fb54f1 - ok
18:23:54.0218 5260 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:23:54.0219 5260 mpsdrv - ok
18:23:54.0332 5260 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:23:54.0336 5260 MpsSvc - ok
18:23:54.0437 5260 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:23:54.0438 5260 Mraid35x - ok
18:23:54.0528 5260 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:23:54.0530 5260 MRxDAV - ok
18:23:54.0607 5260 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:54.0609 5260 mrxsmb - ok
18:23:54.0798 5260 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:54.0802 5260 mrxsmb10 - ok
18:23:54.0852 5260 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:54.0854 5260 mrxsmb20 - ok
18:23:54.0880 5260 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:23:54.0881 5260 msahci - ok
18:23:55.0020 5260 [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:23:55.0020 5260 MSCSPTISRV - ok
18:23:55.0041 5260 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:23:55.0044 5260 msdsm - ok
18:23:55.0070 5260 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:23:55.0073 5260 MSDTC - ok
18:23:55.0103 5260 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:23:55.0104 5260 Msfs - ok
18:23:55.0148 5260 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:23:55.0149 5260 msisadrv - ok
18:23:55.0250 5260 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:23:55.0253 5260 MSiSCSI - ok
18:23:55.0279 5260 msiserver - ok
18:23:55.0352 5260 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:23:55.0366 5260 MSKSSRV - ok
18:23:55.0498 5260 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:23:55.0500 5260 MsMpSvc - ok
18:23:55.0513 5260 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:55.0514 5260 MSPCLOCK - ok
18:23:55.0569 5260 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:23:55.0570 5260 MSPQM - ok
18:23:55.0601 5260 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:23:55.0605 5260 MsRPC - ok
18:23:55.0634 5260 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:55.0635 5260 mssmbios - ok
18:23:55.0698 5260 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:23:55.0698 5260 MSTEE - ok
18:23:55.0775 5260 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:23:55.0777 5260 Mup - ok
18:23:55.0867 5260 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:23:55.0871 5260 napagent - ok
18:23:55.0979 5260 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:23:55.0983 5260 NativeWifiP - ok
18:23:56.0109 5260 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:23:56.0118 5260 NDIS - ok
18:23:56.0154 5260 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:56.0156 5260 NdisTapi - ok
18:23:56.0173 5260 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:56.0174 5260 Ndisuio - ok
18:23:56.0242 5260 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:56.0244 5260 NdisWan - ok
18:23:56.0311 5260 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:23:56.0313 5260 NDProxy - ok
18:23:56.0377 5260 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:23:56.0378 5260 NetBIOS - ok
18:23:56.0445 5260 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:23:56.0449 5260 netbt - ok
18:23:56.0476 5260 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:23:56.0477 5260 Netlogon - ok
18:23:56.0619 5260 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:23:56.0622 5260 Netman - ok
18:23:56.0687 5260 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:23:56.0690 5260 netprofm - ok
18:23:56.0752 5260 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:23:56.0755 5260 NetTcpPortSharing - ok
18:23:57.0090 5260 [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:23:57.0232 5260 NETw5v32 - ok
18:23:57.0273 5260 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:23:57.0275 5260 nfrd960 - ok
18:23:57.0318 5260 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:23:57.0319 5260 NisDrv - ok
18:23:57.0407 5260 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:23:57.0409 5260 NisSrv - ok
18:23:57.0461 5260 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:23:57.0463 5260 NlaSvc - ok
18:23:58.0029 5260 [ B5EFDDCD8A686C4999AFD1D7EC29FA12 ] nlsX86cc C:\Windows\system32\nlssrv32.exe
18:23:58.0075 5260 nlsX86cc - ok
18:23:58.0228 5260 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:23:58.0229 5260 Npfs - ok
18:23:58.0267 5260 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:23:58.0268 5260 nsi - ok
18:23:58.0369 5260 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:23:58.0370 5260 nsiproxy - ok
18:23:58.0617 5260 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:23:58.0635 5260 Ntfs - ok
18:23:58.0677 5260 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:23:58.0678 5260 ntrigdigi - ok
18:23:58.0706 5260 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:23:58.0706 5260 Null - ok
18:23:58.0752 5260 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:23:58.0754 5260 nvraid - ok
18:23:58.0786 5260 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:23:58.0787 5260 nvstor - ok
18:23:58.0849 5260 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:23:58.0851 5260 nv_agp - ok
18:23:58.0856 5260 NwlnkFlt - ok
18:23:58.0862 5260 NwlnkFwd - ok
18:23:59.0142 5260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:23:59.0149 5260 odserv - ok
18:23:59.0270 5260 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:23:59.0271 5260 ohci1394 - ok
18:23:59.0317 5260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:59.0318 5260 ose - ok
18:23:59.0460 5260 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:23:59.0471 5260 p2pimsvc - ok
18:23:59.0485 5260 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:23:59.0491 5260 p2psvc - ok
18:23:59.0545 5260 [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:23:59.0583 5260 PACSPTISVR - ok
18:23:59.0619 5260 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:23:59.0621 5260 Parport - ok
18:23:59.0688 5260 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:23:59.0690 5260 partmgr - ok
18:23:59.0706 5260 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:23:59.0707 5260 Parvdm - ok
18:23:59.0789 5260 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:23:59.0791 5260 PcaSvc - ok
18:23:59.0954 5260 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:23:59.0956 5260 pci - ok
18:24:00.0019 5260 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:24:00.0021 5260 pciide - ok
18:24:00.0053 5260 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:24:00.0057 5260 pcmcia - ok
18:24:00.0093 5260 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
18:24:00.0094 5260 pcouffin - ok
18:24:00.0157 5260 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:24:00.0171 5260 PEAUTH - ok
18:24:00.0319 5260 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:24:00.0329 5260 pla - ok
18:24:00.0407 5260 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:24:00.0410 5260 PlugPlay - ok
18:24:00.0626 5260 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:24:00.0632 5260 PNRPAutoReg - ok
18:24:00.0682 5260 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:24:00.0687 5260 PNRPsvc - ok
18:24:00.0733 5260 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:24:00.0739 5260 PolicyAgent - ok
18:24:00.0805 5260 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:24:00.0807 5260 PptpMiniport - ok
18:24:00.0834 5260 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:24:00.0835 5260 Processor - ok
18:24:00.0869 5260 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:24:00.0872 5260 ProfSvc - ok
18:24:00.0909 5260 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:24:00.0911 5260 ProtectedStorage - ok
18:24:00.0965 5260 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:24:00.0966 5260 PSched - ok
18:24:01.0045 5260 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:24:01.0047 5260 PxHelp20 - ok
18:24:01.0151 5260 [ 17996CA5C59259AE02CA95BD11D7BEEC ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:24:01.0202 5260 QBCFMonitorService - ok
18:24:01.0253 5260 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:24:01.0273 5260 QBFCService - ok
18:24:01.0530 5260 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:24:01.0566 5260 ql2300 - ok
18:24:01.0600 5260 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:24:01.0602 5260 ql40xx - ok
18:24:01.0699 5260 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:24:01.0721 5260 QWAVE - ok
18:24:01.0765 5260 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:24:01.0766 5260 QWAVEdrv - ok
18:24:01.0897 5260 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:24:01.0900 5260 RasAcd - ok
18:24:01.0925 5260 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:24:01.0928 5260 RasAuto - ok
18:24:01.0956 5260 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:01.0957 5260 Rasl2tp - ok
18:24:02.0003 5260 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:24:02.0006 5260 RasMan - ok
18:24:02.0058 5260 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:02.0059 5260 RasPppoe - ok
18:24:02.0097 5260 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:24:02.0098 5260 RasSstp - ok
18:24:02.0162 5260 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:24:02.0167 5260 rdbss - ok
18:24:02.0217 5260 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:02.0218 5260 RDPCDD - ok
18:24:02.0310 5260 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:24:02.0335 5260 rdpdr - ok
18:24:02.0341 5260 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:24:02.0342 5260 RDPENCDD - ok
18:24:02.0410 5260 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:24:02.0413 5260 RDPWD - ok
18:24:02.0453 5260 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
18:24:02.0453 5260 regi - ok
18:24:02.0659 5260 [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:24:02.0831 5260 RegSrvc - ok
18:24:02.0890 5260 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:24:02.0893 5260 RemoteAccess - ok
18:24:02.0936 5260 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:24:02.0939 5260 RemoteRegistry - ok
18:24:02.0970 5260 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:24:02.0972 5260 rimsptsk - ok
18:24:02.0997 5260 [ 53EA7C7D1D3C4B11AE0EA7C8D75C4E82 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
18:24:02.0999 5260 risdptsk - ok
18:24:03.0026 5260 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:24:03.0028 5260 RpcLocator - ok
18:24:03.0116 5260 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:24:03.0122 5260 RpcSs - ok
18:24:03.0191 5260 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:24:03.0193 5260 rspndr - ok
18:24:03.0273 5260 [ 65330E78C17DB8A99A7FF1BA3C8824B6 ] RtkAudioService C:\Windows\RtkAudioService.exe
18:24:03.0316 5260 RtkAudioService - ok
18:24:03.0421 5260 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:24:03.0422 5260 SamSs - ok
18:24:03.0473 5260 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:24:03.0475 5260 sbp2port - ok
18:24:03.0520 5260 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:24:03.0524 5260 SCardSvr - ok
18:24:03.0720 5260 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:24:03.0732 5260 Schedule - ok
18:24:03.0797 5260 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:24:03.0798 5260 SCPolicySvc - ok
18:24:04.0048 5260 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
18:24:07.0102 5260 ScrybeUpdater - ok
18:24:07.0137 5260 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:24:07.0139 5260 sdbus - ok
18:24:07.0172 5260 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:24:07.0176 5260 SDRSVC - ok
18:24:07.0195 5260 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:24:07.0196 5260 secdrv - ok
18:24:07.0213 5260 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:24:07.0215 5260 seclogon - ok
18:24:07.0277 5260 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:24:07.0279 5260 SENS - ok
18:24:07.0344 5260 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:24:07.0346 5260 Serenum - ok
18:24:07.0369 5260 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:24:07.0372 5260 Serial - ok
18:24:07.0390 5260 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:24:07.0391 5260 sermouse - ok
18:24:07.0431 5260 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:24:07.0433 5260 SessionEnv - ok
18:24:07.0451 5260 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
18:24:07.0453 5260 SFEP - ok
18:24:07.0491 5260 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:24:07.0491 5260 sffdisk - ok
18:24:07.0538 5260 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:24:07.0539 5260 sffp_mmc - ok
18:24:07.0552 5260 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:24:07.0553 5260 sffp_sd - ok
18:24:07.0588 5260 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:07.0589 5260 sfloppy - ok
18:24:07.0661 5260 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:24:07.0663 5260 SharedAccess - ok
18:24:07.0741 5260 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:24:07.0745 5260 ShellHWDetection - ok
18:24:07.0784 5260 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:24:07.0786 5260 sisagp - ok
18:24:07.0856 5260 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:24:07.0858 5260 SiSRaid2 - ok
18:24:07.0894 5260 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:24:07.0896 5260 SiSRaid4 - ok
18:24:07.0996 5260 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:24:07.0998 5260 SkypeUpdate - ok
18:24:08.0320 5260 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:24:08.0418 5260 slsvc - ok
18:24:08.0460 5260 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:24:08.0463 5260 SLUINotify - ok
18:24:08.0501 5260 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:24:08.0503 5260 Smb - ok
18:24:08.0569 5260 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:24:08.0571 5260 SNMPTRAP - ok
18:24:08.0657 5260 [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
18:24:08.0661 5260 SOHCImp - ok
18:24:08.0683 5260 [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
18:24:08.0685 5260 SOHDms - ok
18:24:08.0697 5260 [ 892529EE03211C35AEA7132E119F4862 ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
18:24:08.0699 5260 SOHDs - ok
18:24:08.0726 5260 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:24:08.0727 5260 spldr - ok
18:24:08.0778 5260 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:24:08.0782 5260 Spooler - ok
18:24:08.0813 5260 [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:24:08.0854 5260 SPTISRV - ok
18:24:08.0917 5260 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:24:08.0922 5260 srv - ok
18:24:08.0987 5260 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:24:08.0990 5260 srv2 - ok
18:24:09.0049 5260 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:24:09.0052 5260 srvnet - ok
18:24:09.0126 5260 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:24:09.0129 5260 SSDPSRV - ok
18:24:09.0158 5260 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:24:09.0160 5260 SstpSvc - ok
18:24:09.0205 5260 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:24:09.0209 5260 stisvc - ok
18:24:09.0265 5260 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:24:09.0265 5260 swenum - ok
18:24:09.0348 5260 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:24:09.0351 5260 swprv - ok
18:24:09.0367 5260 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:24:09.0368 5260 Symc8xx - ok
18:24:09.0394 5260 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:24:09.0396 5260 Sym_hi - ok
18:24:09.0430 5260 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:24:09.0432 5260 Sym_u3 - ok
18:24:09.0545 5260 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:24:09.0551 5260 SysMain - ok
18:24:09.0612 5260 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:24:09.0615 5260 TabletInputService - ok
18:24:09.0652 5260 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:24:09.0656 5260 TapiSrv - ok
18:24:09.0680 5260 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:24:09.0682 5260 TBS - ok
18:24:09.0827 5260 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:24:09.0844 5260 Tcpip - ok
18:24:09.0862 5260 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:24:09.0868 5260 Tcpip6 - ok
18:24:09.0915 5260 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:24:09.0916 5260 tcpipreg - ok
18:24:09.0969 5260 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:24:09.0970 5260 TDPIPE - ok
18:24:09.0997 5260 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:24:09.0998 5260 TDTCP - ok
18:24:10.0059 5260 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:24:10.0061 5260 tdx - ok
18:24:10.0097 5260 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:24:10.0098 5260 TermDD - ok
18:24:10.0333 5260 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:24:10.0337 5260 TermService - ok
18:24:10.0364 5260 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:24:10.0367 5260 Themes - ok
18:24:10.0405 5260 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:24:10.0407 5260 THREADORDER - ok
18:24:10.0484 5260 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:24:10.0486 5260 TrkWks - ok
18:24:10.0618 5260 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:24:10.0647 5260 TrustedInstaller - ok
18:24:10.0682 5260 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:10.0683 5260 tssecsrv - ok
18:24:10.0729 5260 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:24:10.0730 5260 tunmp - ok
18:24:10.0769 5260 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:24:10.0770 5260 tunnel - ok
18:24:10.0810 5260 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:24:10.0812 5260 uagp35 - ok
18:24:10.0860 5260 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:24:10.0861 5260 uCamMonitor - ok
18:24:10.0959 5260 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:24:10.0960 5260 udfs - ok
18:24:11.0068 5260 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:24:11.0071 5260 UI0Detect - ok
18:24:11.0077 5260 UIUSys - ok
18:24:11.0183 5260 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:24:11.0185 5260 uliagpkx - ok
18:24:11.0221 5260 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:24:11.0225 5260 uliahci - ok
18:24:11.0241 5260 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:24:11.0244 5260 UlSata - ok
18:24:11.0269 5260 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:24:11.0271 5260 ulsata2 - ok
18:24:11.0355 5260 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:24:11.0357 5260 umbus - ok
18:24:11.0424 5260 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:24:11.0428 5260 upnphost - ok
18:24:11.0502 5260 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:24:11.0504 5260 USBAAPL - ok
18:24:11.0571 5260 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:11.0573 5260 usbccgp - ok
18:24:11.0649 5260 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:24:11.0651 5260 usbcir - ok
18:24:11.0969 5260 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:24:11.0970 5260 usbehci - ok
18:24:12.0028 5260 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:24:12.0031 5260 usbhub - ok
18:24:12.0061 5260 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:24:12.0062 5260 usbohci - ok
18:24:12.0122 5260 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:24:12.0123 5260 usbprint - ok
18:24:12.0168 5260 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:24:12.0169 5260 usbscan - ok
18:24:12.0204 5260 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:12.0206 5260 USBSTOR - ok
18:24:12.0243 5260 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:24:12.0244 5260 usbuhci - ok
18:24:12.0295 5260 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:24:12.0297 5260 usbvideo - ok
18:24:12.0328 5260 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:24:12.0330 5260 UxSms - ok
18:24:12.0472 5260 [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:24:12.0472 5260 VAIO Entertainment TV Device Arbitration Service - ok
18:24:12.0604 5260 [ C1ED0F71D3B9EA8D774FC7C4CBF7EE7F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:24:12.0611 5260 VAIO Power Management - ok
18:24:12.0711 5260 [ 89E0EFDDA4287E0C9C4A61CD7E2A2232 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:24:12.0787 5260 VCFw - ok
18:24:12.0993 5260 [ 27888F132D2EE0B72B28093A5F5F20EB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:24:12.0999 5260 VcmIAlzMgr - ok
18:24:13.0203 5260 [ EE9ABFC2F8F2DCDC624B6A9D5CF3B19D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
18:24:13.0205 5260 VcmXmlIfHelper - ok
18:24:13.0209 5260 Vcsw - ok
18:24:13.0270 5260 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:24:13.0278 5260 vds - ok
18:24:13.0312 5260 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:13.0313 5260 vga - ok
18:24:13.0332 5260 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:24:13.0333 5260 VgaSave - ok
18:24:13.0351 5260 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:24:13.0353 5260 viaagp - ok
18:24:13.0377 5260 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:24:13.0379 5260 ViaC7 - ok
18:24:13.0391 5260 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:24:13.0392 5260 viaide - ok
18:24:13.0430 5260 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:24:13.0432 5260 volmgr - ok
18:24:13.0515 5260 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:24:13.0520 5260 volmgrx - ok
18:24:13.0584 5260 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:24:13.0588 5260 volsnap - ok
18:24:13.0616 5260 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:24:13.0619 5260 vsmraid - ok
18:24:13.0824 5260 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:24:13.0842 5260 VSS - ok
18:24:13.0985 5260 [ 071634532066C2E29350D450C3412837 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:24:14.0031 5260 VzCdbSvc - ok
18:24:14.0127 5260 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:24:14.0130 5260 W32Time - ok
18:24:14.0285 5260 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:24:14.0286 5260 WacomPen - ok
18:24:14.0307 5260 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:24:14.0308 5260 Wanarp - ok
18:24:14.0313 5260 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:24:14.0315 5260 Wanarpv6 - ok
18:24:14.0415 5260 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:24:14.0425 5260 wcncsvc - ok
18:24:14.0449 5260 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:24:14.0452 5260 WcsPlugInService - ok
18:24:14.0514 5260 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:24:14.0515 5260 Wd - ok
18:24:14.0533 5260 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:24:14.0535 5260 WdiServiceHost - ok
18:24:14.0557 5260 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:24:14.0560 5260 WdiSystemHost - ok
18:24:14.0623 5260 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:24:14.0626 5260 WebClient - ok
18:24:14.0723 5260 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:24:14.0752 5260 Wecsvc - ok
18:24:14.0793 5260 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:24:14.0796 5260 wercplsupport - ok
18:24:14.0831 5260 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:24:14.0834 5260 WerSvc - ok
18:24:14.0864 5260 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:24:14.0867 5260 WimFltr - ok
18:24:14.0942 5260 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:24:14.0957 5260 winachsf - ok
18:24:15.0077 5260 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:24:15.0081 5260 WinDefend - ok
18:24:15.0090 5260 WinHttpAutoProxySvc - ok
18:24:15.0249 5260 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:24:15.0273 5260 Winmgmt - ok
18:24:15.0478 5260 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:24:15.0522 5260 WinRM - ok
18:24:15.0637 5260 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:24:15.0647 5260 Wlansvc - ok
18:24:15.0712 5260 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:24:15.0713 5260 WmiAcpi - ok
18:24:15.0760 5260 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:24:15.0828 5260 wmiApSrv - ok
18:24:15.0927 5260 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:24:15.0934 5260 WMPNetworkSvc - ok
18:24:16.0013 5260 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:24:16.0017 5260 WPCSvc - ok
18:24:16.0049 5260 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:24:16.0052 5260 WPDBusEnum - ok
18:24:16.0103 5260 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:24:16.0104 5260 WpdUsb - ok
18:24:16.0301 5260 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:24:16.0318 5260 WPFFontCache_v0400 - ok
18:24:16.0345 5260 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:24:16.0346 5260 ws2ifsl - ok
18:24:16.0406 5260 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:24:16.0409 5260 wscsvc - ok
18:24:16.0432 5260 WSearch - ok
18:24:16.0638 5260 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:24:16.0700 5260 wuauserv - ok
18:24:16.0774 5260 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:16.0776 5260 WUDFRd - ok
18:24:16.0827 5260 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:24:16.0830 5260 wudfsvc - ok
18:24:16.0863 5260 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:24:16.0864 5260 XAudio - ok
18:24:16.0927 5260 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:24:16.0930 5260 XAudioService - ok
18:24:16.0962 5260 [ 7D4CCA3659FA0780603206E3D12A993F ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:24:16.0967 5260 yukonwlh - ok
18:24:16.0972 5260 ================ Scan global ===============================
18:24:17.0072 5260 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:24:17.0175 5260 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:24:17.0187 5260 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:24:17.0250 5260 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:24:17.0256 5260 [Global] - ok
18:24:17.0256 5260 ================ Scan MBR ==================================
18:24:17.0278 5260 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:24:17.0643 5260 \Device\Harddisk0\DR0 - ok
18:24:17.0644 5260 ================ Scan VBR ==================================
18:24:17.0677 5260 [ 132427DDDE69403C40900D18FA2A7E87 ] \Device\Harddisk0\DR0\Partition1
18:24:17.0678 5260 \Device\Harddisk0\DR0\Partition1 - ok
18:24:17.0679 5260 ============================================================
18:24:17.0679 5260 Scan finished
18:24:17.0679 5260 ============================================================
18:24:17.0692 3700 Detected object count: 0
18:24:17.0692 3700 Actual detected object count: 0
18:24:33.0565 4372 ============================================================
18:24:33.0565 4372 Scan started
18:24:33.0565 4372 Mode: Manual;
18:24:33.0565 4372 ============================================================
18:24:33.0791 4372 ================ Scan system memory ========================
18:24:33.0791 4372 System memory - ok
18:24:33.0791 4372 ================ Scan services =============================
18:24:34.0009 4372 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:24:34.0010 4372 ACDaemon - ok
18:24:34.0239 4372 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:24:34.0241 4372 ACPI - ok
18:24:34.0324 4372 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:24:34.0325 4372 AdobeARMservice - ok
18:24:34.0440 4372 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:34.0442 4372 AdobeFlashPlayerUpdateSvc - ok
18:24:34.0618 4372 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:24:34.0621 4372 adp94xx - ok
18:24:34.0670 4372 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:24:34.0672 4372 adpahci - ok
18:24:34.0717 4372 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:24:34.0717 4372 adpu160m - ok
18:24:34.0790 4372 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:24:34.0791 4372 adpu320 - ok
18:24:34.0813 4372 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:24:34.0814 4372 AeLookupSvc - ok
18:24:34.0880 4372 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:24:34.0882 4372 AFD - ok
18:24:34.0948 4372 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:24:34.0949 4372 agp440 - ok
18:24:34.0973 4372 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:24:34.0973 4372 aic78xx - ok
18:24:34.0995 4372 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:24:34.0995 4372 ALG - ok
18:24:35.0018 4372 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:24:35.0019 4372 aliide - ok
18:24:35.0060 4372 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:24:35.0061 4372 amdagp - ok
18:24:35.0087 4372 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:24:35.0087 4372 amdide - ok
18:24:35.0137 4372 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:24:35.0138 4372 AmdK7 - ok
18:24:35.0144 4372 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:24:35.0145 4372 AmdK8 - ok
18:24:35.0188 4372 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:24:35.0189 4372 Appinfo - ok
18:24:35.0297 4372 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:24:35.0298 4372 Apple Mobile Device - ok
18:24:35.0336 4372 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:24:35.0337 4372 arc - ok
18:24:35.0360 4372 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:24:35.0361 4372 arcsas - ok
18:24:35.0426 4372 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:24:35.0426 4372 ArcSoftKsUFilter - ok
18:24:35.0441 4372 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:35.0441 4372 AsyncMac - ok
18:24:35.0482 4372 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:24:35.0482 4372 atapi - ok
18:24:35.0631 4372 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
18:24:35.0637 4372 athr - ok
18:24:36.0204 4372 [ 9F66D1BA97911731133E46212539A08D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:24:36.0229 4372 atikmdag - ok
18:24:36.0359 4372 [ D8E87ADFFAB8A1AD89D60EC4879AC4F9 ] atisvc_jcdge C:\Windows\system32\qsesqt\atisvc_jcdge.exe
18:24:36.0362 4372 atisvc_jcdge - ok
18:24:36.0407 4372 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:24:36.0409 4372 AudioEndpointBuilder - ok
18:24:36.0418 4372 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:24:36.0420 4372 Audiosrv - ok
18:24:36.0473 4372 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:24:36.0473 4372 Beep - ok
18:24:36.0533 4372 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:24:36.0536 4372 BFE - ok
18:24:36.0735 4372 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:24:36.0742 4372 BITS - ok
18:24:36.0914 4372 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:24:36.0915 4372 blbdrive - ok
18:24:37.0057 4372 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:24:37.0060 4372 Bonjour Service - ok
18:24:37.0117 4372 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:24:37.0118 4372 bowser - ok
18:24:37.0151 4372 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:24:37.0152 4372 BrFiltLo - ok
18:24:37.0171 4372 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:24:37.0171 4372 BrFiltUp - ok
18:24:37.0226 4372 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:24:37.0227 4372 Browser - ok
18:24:37.0462 4372 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:24:37.0463 4372 Brserid - ok
18:24:37.0577 4372 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:24:37.0577 4372 BrSerWdm - ok
18:24:37.0594 4372 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:24:37.0595 4372 BrUsbMdm - ok
18:24:37.0626 4372 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:24:37.0626 4372 BrUsbSer - ok
18:24:37.0641 4372 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:24:37.0642 4372 BTHMODEM - ok
18:24:37.0732 4372 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
18:24:37.0733 4372 BVRPMPR5 - ok
18:24:37.0760 4372 catchme - ok
18:24:37.0814 4372 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:24:37.0815 4372 cdfs - ok
18:24:37.0888 4372 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:24:37.0889 4372 cdrom - ok
18:24:37.0975 4372 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:24:37.0976 4372 CertPropSvc - ok
18:24:38.0007 4372 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:24:38.0007 4372 circlass - ok
18:24:38.0114 4372 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:24:38.0116 4372 CLFS - ok
18:24:39.0498 4372 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:39.0498 4372 clr_optimization_v2.0.50727_32 - ok
18:24:39.0632 4372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:39.0634 4372 clr_optimization_v4.0.30319_32 - ok
18:24:39.0730 4372 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:39.0730 4372 CmBatt - ok
18:24:39.0781 4372 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:24:39.0782 4372 cmdide - ok
18:24:39.0806 4372 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:24:39.0807 4372 Compbatt - ok
18:24:39.0816 4372 COMSysApp - ok
18:24:39.0861 4372 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:24:39.0861 4372 crcdisk - ok
18:24:39.0910 4372 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:24:39.0911 4372 Crusoe - ok
18:24:40.0019 4372 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:24:40.0020 4372 CryptSvc - ok
18:24:40.0228 4372 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:24:40.0234 4372 DcomLaunch - ok
18:24:40.0294 4372 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:24:40.0295 4372 DfsC - ok
18:24:40.0610 4372 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:24:40.0623 4372 DFSR - ok
18:24:40.0659 4372 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:24:40.0661 4372 Dhcp - ok
18:24:40.0722 4372 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:24:40.0722 4372 disk - ok
18:24:40.0732 4372 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:24:40.0733 4372 DMICall - ok
18:24:40.0822 4372 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:24:40.0823 4372 Dnscache - ok
18:24:40.0867 4372 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:24:40.0869 4372 dot3svc - ok
18:24:40.0895 4372 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:24:40.0896 4372 DPS - ok
18:24:40.0937 4372 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:24:40.0937 4372 drmkaud - ok
18:24:41.0207 4372 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:24:41.0211 4372 DXGKrnl - ok
18:24:41.0317 4372 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:24:41.0318 4372 E1G60 - ok
18:24:41.0345 4372 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:24:41.0346 4372 EapHost - ok
18:24:41.0381 4372 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:24:41.0382 4372 Ecache - ok
18:24:41.0660 4372 [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:24:41.0663 4372 ehRecvr - ok
18:24:41.0737 4372 [ A3D94C93333619458AF4BDE7531234C5 ] ehSched C:\Windows\ehome\ehsched.exe
18:24:41.0738 4372 ehSched - ok
18:24:41.0756 4372 [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart C:\Windows\ehome\ehstart.dll
18:24:41.0756 4372 ehstart - ok
18:24:41.0788 4372 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:24:41.0790 4372 elxstor - ok
18:24:41.0856 4372 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:24:41.0860 4372 EMDMgmt - ok
18:24:41.0871 4372 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:24:41.0872 4372 ErrDev - ok
18:24:41.0912 4372 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:24:41.0914 4372 EventSystem - ok
18:24:42.0112 4372 [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:24:42.0117 4372 EvtEng - ok
18:24:42.0185 4372 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:24:42.0186 4372 exfat - ok
18:24:42.0264 4372 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:24:42.0265 4372 fastfat - ok
18:24:42.0270 4372 fbtwsbxn - ok
18:24:42.0307 4372 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:24:42.0308 4372 fdc - ok
18:24:42.0334 4372 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:24:42.0335 4372 fdPHost - ok
18:24:42.0920 4372 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:24:42.0921 4372 FDResPub - ok
18:24:43.0045 4372 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:24:43.0045 4372 FileInfo - ok
18:24:43.0091 4372 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:24:43.0091 4372 Filetrace - ok
18:24:43.0238 4372 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:24:43.0242 4372 FLEXnet Licensing Service - ok
18:24:43.0300 4372 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:43.0300 4372 flpydisk - ok
18:24:43.0397 4372 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:24:43.0398 4372 FltMgr - ok
18:24:43.0782 4372 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:24:43.0788 4372 FontCache - ok
18:24:43.0885 4372 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:43.0885 4372 FontCache3.0.0.0 - ok
18:24:44.0089 4372 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:24:44.0089 4372 Fs_Rec - ok
18:24:44.0128 4372 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:24:44.0129 4372 gagp30kx - ok
18:24:44.0165 4372 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:24:44.0165 4372 GEARAspiWDM - ok
18:24:44.0236 4372 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:24:44.0240 4372 gpsvc - ok
18:24:44.0393 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:24:44.0394 4372 gupdate - ok
18:24:44.0399 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:24:44.0401 4372 gupdatem - ok
18:24:44.0485 4372 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:24:44.0486 4372 HdAudAddService - ok
18:24:44.0523 4372 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:24:44.0527 4372 HDAudBus - ok
18:24:44.0585 4372 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:24:44.0585 4372 HidBth - ok
18:24:44.0604 4372 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:24:44.0604 4372 HidIr - ok
18:24:44.0653 4372 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:24:44.0654 4372 hidserv - ok
18:24:44.0721 4372 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:24:44.0721 4372 HidUsb - ok
18:24:44.0798 4372 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:24:44.0800 4372 hkmsvc - ok
18:24:44.0831 4372 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:24:44.0831 4372 HpCISSs - ok
18:24:44.0913 4372 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:24:44.0914 4372 HSFHWAZL - ok
18:24:45.0039 4372 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:24:45.0046 4372 HSF_DPV - ok
18:24:45.0075 4372 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:24:45.0077 4372 HSXHWAZL - ok
18:24:45.0155 4372 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:24:45.0158 4372 HTTP - ok
18:24:45.0216 4372 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:24:45.0217 4372 i2omp - ok
18:24:45.0274 4372 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:24:45.0275 4372 i8042prt - ok
18:24:45.0432 4372 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:24:45.0434 4372 iaStor - ok
18:24:45.0463 4372 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:24:45.0464 4372 iaStorV - ok
18:24:45.0630 4372 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:45.0636 4372 idsvc - ok
18:24:45.0891 4372 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:24:45.0906 4372 igfx - ok
18:24:45.0956 4372 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:24:45.0956 4372 iirsp - ok
18:24:46.0121 4372 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:24:46.0122 4372 IJPLMSVC - ok
18:24:46.0265 4372 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:24:46.0269 4372 IKEEXT - ok
18:24:46.0452 4372 [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:24:46.0466 4372 IntcAzAudAddService - ok
18:24:46.0563 4372 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:24:46.0563 4372 intelide - ok
18:24:46.0610 4372 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:24:46.0611 4372 intelppm - ok
18:24:46.0740 4372 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:24:46.0741 4372 IPBusEnum - ok
18:24:46.0810 4372 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:46.0811 4372 IpFilterDriver - ok
18:24:46.0881 4372 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:24:46.0883 4372 iphlpsvc - ok
18:24:46.0888 4372 IpInIp - ok
18:24:47.0012 4372 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:24:47.0012 4372 IPMIDRV - ok
18:24:47.0040 4372 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:24:47.0041 4372 IPNAT - ok
18:24:47.0220 4372 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:24:47.0226 4372 iPod Service - ok
18:24:47.0239 4372 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:24:47.0240 4372 IRENUM - ok
18:24:47.0276 4372 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:24:47.0277 4372 isapnp - ok
18:24:47.0400 4372 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:24:47.0402 4372 iScsiPrt - ok
18:24:47.0472 4372 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:24:47.0473 4372 iteatapi - ok
18:24:47.0519 4372 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:24:47.0519 4372 iteraid - ok
18:24:47.0580 4372 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:24:47.0581 4372 IviRegMgr - ok
18:24:47.0635 4372 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:24:47.0635 4372 kbdclass - ok
18:24:47.0720 4372 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:24:47.0720 4372 kbdhid - ok
18:24:47.0765 4372 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:24:47.0767 4372 KeyIso - ok
18:24:47.0830 4372 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:24:47.0832 4372 KSecDD - ok
18:24:47.0950 4372 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:24:47.0954 4372 KtmRm - ok
18:24:48.0020 4372 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:24:48.0023 4372 LanmanServer - ok
18:24:48.0098 4372 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:24:48.0101 4372 LanmanWorkstation - ok
18:24:48.0106 4372 lczxfmtq - ok
18:24:48.0332 4372 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:24:48.0333 4372 lltdio - ok
18:24:48.0396 4372 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:24:48.0398 4372 lltdsvc - ok
18:24:48.0600 4372 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:24:48.0601 4372 lmhosts - ok
18:24:48.0661 4372 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:24:48.0662 4372 LSI_FC - ok
18:24:48.0700 4372 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:24:48.0701 4372 LSI_SAS - ok
18:24:48.0767 4372 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:24:48.0768 4372 LSI_SCSI - ok
18:24:48.0797 4372 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:24:48.0797 4372 luafv - ok
18:24:48.0860 4372 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:24:48.0861 4372 MBAMProtector - ok
18:24:48.0991 4372 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:24:48.0994 4372 MBAMScheduler - ok
18:24:49.0029 4372 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:24:49.0034 4372 MBAMService - ok
18:24:49.0071 4372 [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:24:49.0072 4372 Mcx2Svc - ok
18:24:49.0123 4372 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:24:49.0123 4372 mdmxsdk - ok
18:24:49.0169 4372 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:24:49.0169 4372 megasas - ok
18:24:49.0194 4372 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:24:49.0197 4372 MegaSR - ok
18:24:49.0409 4372 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:24:49.0410 4372 Microsoft Office Groove Audit Service - ok
18:24:49.0461 4372 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:24:49.0463 4372 MMCSS - ok
18:24:49.0505 4372 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:24:49.0505 4372 Modem - ok
18:24:49.0546 4372 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:24:49.0547 4372 monitor - ok
18:24:49.0591 4372 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:24:49.0592 4372 mouclass - ok
18:24:49.0632 4372 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:24:49.0632 4372 mouhid - ok
18:24:49.0672 4372 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:24:49.0672 4372 MountMgr - ok
18:24:49.0733 4372 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:24:49.0734 4372 MozillaMaintenance - ok
18:24:49.0783 4372 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:24:49.0784 4372 MpFilter - ok
18:24:49.0842 4372 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:24:49.0843 4372 mpio - ok
18:24:50.0196 4372 [ A69630D039C38018689190234F866D77 ] MpKsl92fb54f1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6518186-10B1-426B-92F6-4C0089591004}\MpKsl92fb54f1.sys
18:24:50.0196 4372 MpKsl92fb54f1 - ok
18:24:50.0252 4372 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:24:50.0252 4372 mpsdrv - ok
18:24:50.0333 4372 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:24:50.0337 4372 MpsSvc - ok
18:24:50.0360 4372 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:24:50.0360 4372 Mraid35x - ok
18:24:50.0628 4372 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:24:50.0629 4372 MRxDAV - ok
18:24:50.0763 4372 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:50.0764 4372 mrxsmb - ok
18:24:50.0821 4372 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:50.0822 4372 mrxsmb10 - ok
18:24:50.0841 4372 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:50.0842 4372 mrxsmb20 - ok
18:24:50.0891 4372 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:24:50.0892 4372 msahci - ok
18:24:51.0053 4372 [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:24:51.0054 4372 MSCSPTISRV - ok
18:24:51.0075 4372 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:24:51.0076 4372 msdsm - ok
18:24:51.0137 4372 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:24:51.0139 4372 MSDTC - ok
18:24:51.0159 4372 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:24:51.0159 4372 Msfs - ok
18:24:51.0193 4372 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:24:51.0194 4372 msisadrv - ok
18:24:51.0284 4372 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:24:51.0285 4372 MSiSCSI - ok
18:24:51.0290 4372 msiserver - ok
18:24:51.0341 4372 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:24:51.0341 4372 MSKSSRV - ok
18:24:51.0466 4372 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:24:51.0466 4372 MsMpSvc - ok
18:24:51.0502 4372 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:51.0503 4372 MSPCLOCK - ok
18:24:51.0514 4372 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:24:51.0514 4372 MSPQM - ok
18:24:51.0590 4372 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:24:51.0592 4372 MsRPC - ok
18:24:51.0624 4372 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:24:51.0624 4372 mssmbios - ok
18:24:51.0654 4372 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:24:51.0654 4372 MSTEE - ok
18:24:51.0687 4372 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:24:51.0688 4372 Mup - ok
18:24:51.0734 4372 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:24:51.0737 4372 napagent - ok
18:24:51.0780 4372 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:24:51.0781 4372 NativeWifiP - ok
18:24:51.0854 4372 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:24:51.0858 4372 NDIS - ok
18:24:51.0888 4372 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:51.0889 4372 NdisTapi - ok
18:24:51.0929 4372 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:51.0930 4372 Ndisuio - ok
18:24:51.0998 4372 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:51.0999 4372 NdisWan - ok
18:24:52.0012 4372 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:24:52.0013 4372 NDProxy - ok
18:24:52.0033 4372 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:24:52.0034 4372 NetBIOS - ok
18:24:52.0068 4372 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:24:52.0069 4372 netbt - ok
18:24:52.0088 4372 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:24:52.0089 4372 Netlogon - ok
18:24:52.0164 4372 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:24:52.0167 4372 Netman - ok
18:24:52.0232 4372 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:24:52.0236 4372 netprofm - ok
18:24:52.0297 4372 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:24:52.0298 4372 NetTcpPortSharing - ok
18:24:52.0790 4372 [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:24:52.0813 4372 NETw5v32 - ok
18:24:52.0896 4372 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:24:52.0897 4372 nfrd960 - ok
18:24:52.0963 4372 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:24:52.0964 4372 NisDrv - ok
18:24:53.0041 4372 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:24:53.0043 4372 NisSrv - ok
18:24:53.0106 4372 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:24:53.0108 4372 NlaSvc - ok
18:24:53.0140 4372 [ B5EFDDCD8A686C4999AFD1D7EC29FA12 ] nlsX86cc C:\Windows\system32\nlssrv32.exe
18:24:53.0142 4372 nlsX86cc - ok
18:24:53.0173 4372 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:24:53.0174 4372 Npfs - ok
18:24:53.0201 4372 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:24:53.0202 4372 nsi - ok
18:24:53.0225 4372 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:24:53.0226 4372 nsiproxy - ok
18:24:53.0351 4372 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:24:53.0358 4372 Ntfs - ok
18:24:53.0399 4372 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:24:53.0400 4372 ntrigdigi - ok
18:24:53.0428 4372 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:24:53.0429 4372 Null - ok
18:24:53.0452 4372 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:24:53.0453 4372 nvraid - ok
18:24:53.0475 4372 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:24:53.0476 4372 nvstor - ok
18:24:53.0527 4372 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:24:53.0528 4372 nv_agp - ok
18:24:53.0533 4372 NwlnkFlt - ok
18:24:53.0539 4372 NwlnkFwd - ok
18:24:53.0698 4372 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:24:53.0701 4372 odserv - ok
18:24:53.0760 4372 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:24:53.0761 4372 ohci1394 - ok
18:24:53.0829 4372 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:24:53.0830 4372 ose - ok
18:24:53.0938 4372 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:24:53.0943 4372 p2pimsvc - ok
18:24:53.0956 4372 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:24:53.0962 4372 p2psvc - ok
18:24:54.0078 4372 [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:24:54.0079 4372 PACSPTISVR - ok
18:24:54.0119 4372 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:24:54.0120 4372 Parport - ok
18:24:54.0178 4372 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:24:54.0179 4372 partmgr - ok
18:24:54.0207 4372 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:24:54.0207 4372 Parvdm - ok
18:24:54.0245 4372 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:24:54.0247 4372 PcaSvc - ok
18:24:54.0276 4372 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:24:54.0278 4372 pci - ok
18:24:54.0320 4372 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:24:54.0320 4372 pciide - ok
18:24:54.0364 4372 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:24:54.0366 4372 pcmcia - ok
18:24:54.0415 4372 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
18:24:54.0416 4372 pcouffin - ok
18:24:54.0502 4372 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:24:54.0508 4372 PEAUTH - ok
18:24:54.0731 4372 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:24:54.0741 4372 pla - ok
18:24:54.0808 4372 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:24:54.0811 4372 PlugPlay - ok
18:24:54.0905 4372 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:24:54.0910 4372 PNRPAutoReg - ok
18:24:54.0927 4372 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:24:54.0932 4372 PNRPsvc - ok
18:24:54.0978 4372 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:24:54.0981 4372 PolicyAgent - ok
18:24:55.0028 4372 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:24:55.0029 4372 PptpMiniport - ok
18:24:55.0079 4372 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:24:55.0080 4372 Processor - ok
18:24:55.0125 4372 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:24:55.0127 4372 ProfSvc - ok
18:24:55.0143 4372 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:24:55.0144 4372 ProtectedStorage - ok
18:24:55.0232 4372 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:24:55.0233 4372 PSched - ok
18:24:55.0268 4372 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:24:55.0269 4372 PxHelp20 - ok
18:24:55.0341 4372 [ 17996CA5C59259AE02CA95BD11D7BEEC ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:24:55.0341 4372 QBCFMonitorService - ok
18:24:55.0420 4372 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:24:55.0421 4372 QBFCService - ok
18:24:55.0664 4372 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:24:55.0671 4372 ql2300 - ok
18:24:55.0689 4372 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:24:55.0690 4372 ql40xx - ok
18:24:55.0722 4372 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:24:55.0725 4372 QWAVE - ok
18:24:55.0754 4372 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:24:55.0755 4372 QWAVEdrv - ok
18:24:55.0798 4372 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:24:55.0798 4372 RasAcd - ok
18:24:55.0826 4372 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:24:55.0828 4372 RasAuto - ok
18:24:55.0845 4372 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:55.0846 4372 Rasl2tp - ok
18:24:55.0948 4372 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:24:55.0951 4372 RasMan - ok
18:24:55.0992 4372 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:55.0993 4372 RasPppoe - ok
18:24:56.0042 4372 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:24:56.0042 4372 RasSstp - ok
18:24:56.0096 4372 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:24:56.0098 4372 rdbss - ok
18:24:56.0140 4372 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:56.0140 4372 RDPCDD - ok
18:24:56.0203 4372 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:24:56.0204 4372 rdpdr - ok
18:24:56.0210 4372 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:24:56.0211 4372 RDPENCDD - ok
18:24:56.0299 4372 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:24:56.0300 4372 RDPWD - ok
18:24:56.0342 4372 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
18:24:56.0343 4372 regi - ok
18:24:56.0404 4372 [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:24:56.0407 4372 RegSrvc - ok
18:24:56.0469 4372 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:24:56.0470 4372 RemoteAccess - ok
18:24:56.0536 4372 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:24:56.0538 4372 RemoteRegistry - ok
18:24:56.0582 4372 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:24:56.0582 4372 rimsptsk - ok
18:24:56.0642 4372 [ 53EA7C7D1D3C4B11AE0EA7C8D75C4E82 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
18:24:56.0643 4372 risdptsk - ok
18:24:56.0671 4372 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:24:56.0672 4372 RpcLocator - ok
18:24:56.0751 4372 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:24:56.0756 4372 RpcSs - ok
18:24:56.0792 4372 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:24:56.0793 4372 rspndr - ok
18:24:56.0840 4372 [ 65330E78C17DB8A99A7FF1BA3C8824B6 ] RtkAudioService C:\Windows\RtkAudioService.exe
18:24:56.0841 4372 RtkAudioService - ok
18:24:56.0866 4372 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:24:56.0867 4372 SamSs - ok
18:24:56.0896 4372 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:24:56.0897 4372 sbp2port - ok
18:24:56.0932 4372 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:24:56.0934 4372 SCardSvr - ok
18:24:57.0043 4372 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:24:57.0048 4372 Schedule - ok
18:24:57.0109 4372 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:24:57.0109 4372 SCPolicySvc - ok
18:24:57.0359 4372 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
18:24:57.0368 4372 ScrybeUpdater - ok
18:24:57.0404 4372 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:24:57.0405 4372 sdbus - ok
18:24:57.0450 4372 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:24:57.0453 4372 SDRSVC - ok
18:24:57.0485 4372 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:24:57.0485 4372 secdrv - ok
18:24:57.0513 4372 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:24:57.0515 4372 seclogon - ok
18:24:57.0577 4372 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:24:57.0579 4372 SENS - ok
18:24:57.0612 4372 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:24:57.0612 4372 Serenum - ok
18:24:57.0648 4372 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:24:57.0649 4372 Serial - ok
18:24:57.0668 4372 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:24:57.0668 4372 sermouse - ok
18:24:57.0710 4372 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:24:57.0712 4372 SessionEnv - ok
18:24:57.0741 4372 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
18:24:57.0741 4372 SFEP - ok
18:24:57.0769 4372 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:24:57.0769 4372 sffdisk - ok
18:24:57.0794 4372 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:24:57.0795 4372 sffp_mmc - ok
18:24:57.0819 4372 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:24:57.0820 4372 sffp_sd - ok
18:24:57.0877 4372 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:57.0878 4372 sfloppy - ok
18:24:57.0950 4372 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:24:57.0953 4372 SharedAccess - ok
18:24:58.0108 4372 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:24:58.0112 4372 ShellHWDetection - ok
18:24:58.0162 4372 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:24:58.0163 4372 sisagp - ok
18:24:58.0179 4372 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:24:58.0179 4372 SiSRaid2 - ok
18:24:58.0205 4372 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:24:58.0206 4372 SiSRaid4 - ok
18:24:58.0353 4372 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:24:58.0354 4372 SkypeUpdate - ok
18:24:58.0487 4372 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:24:58.0510 4372 slsvc - ok
18:24:58.0538 4372 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:24:58.0540 4372 SLUINotify - ok
18:24:58.0580 4372 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:24:58.0580 4372 Smb - ok
18:24:58.0614 4372 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:24:58.0615 4372 SNMPTRAP - ok
18:24:58.0747 4372 [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
18:24:58.0748 4372 SOHCImp - ok
18:24:58.0773 4372 [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
18:24:58.0775 4372 SOHDms - ok
18:24:58.0797 4372 [ 892529EE03211C35AEA7132E119F4862 ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
18:24:58.0798 4372 SOHDs - ok
18:24:58.0837 4372 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:24:58.0838 4372 spldr - ok
18:24:58.0901 4372 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:24:58.0903 4372 Spooler - ok
18:24:58.0947 4372 [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:24:58.0947 4372 SPTISRV - ok
18:24:59.0117 4372 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:24:59.0119 4372 srv - ok
18:24:59.0210 4372 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:24:59.0212 4372 srv2 - ok
18:24:59.0228 4372 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:24:59.0229 4372 srvnet - ok
18:24:59.0371 4372 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:24:59.0374 4372 SSDPSRV - ok
18:24:59.0425 4372 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:24:59.0427 4372 SstpSvc - ok
18:24:59.0483 4372 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:24:59.0487 4372 stisvc - ok
18:24:59.0532 4372 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:24:59.0532 4372 swenum - ok
18:24:59.0626 4372 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:24:59.0630 4372 swprv - ok
18:24:59.0645 4372 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:24:59.0646 4372 Symc8xx - ok
18:24:59.0695 4372 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:24:59.0695 4372 Sym_hi - ok
18:24:59.0742 4372 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:24:59.0743 4372 Sym_u3 - ok
18:24:59.0790 4372 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:24:59.0795 4372 SysMain - ok
18:24:59.0824 4372 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:24:59.0826 4372 TabletInputService - ok
18:24:59.0875 4372 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:24:59.0878 4372 TapiSrv - ok
18:24:59.0903 4372 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:24:59.0905 4372 TBS - ok
18:25:00.0250 4372 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:25:00.0256 4372 Tcpip - ok
18:25:00.0277 4372 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:25:00.0283 4372 Tcpip6 - ok
18:25:00.0304 4372 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:25:00.0305 4372 tcpipreg - ok
18:25:00.0347 4372 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:25:00.0348 4372 TDPIPE - ok
18:25:00.0386 4372 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:25:00.0387 4372 TDTCP - ok
18:25:00.0437 4372 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:25:00.0438 4372 tdx - ok
18:25:00.0497 4372 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:25:00.0498 4372 TermDD - ok
18:25:00.0533 4372 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:25:00.0537 4372 TermService - ok
18:25:00.0575 4372 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:25:00.0578 4372 Themes - ok
18:25:00.0628 4372 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:25:00.0629 4372 THREADORDER - ok
18:25:00.0662 4372 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:25:00.0664 4372 TrkWks - ok
18:25:00.0719 4372 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:25:00.0719 4372 TrustedInstaller - ok
18:25:00.0771 4372 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:00.0772 4372 tssecsrv - ok
18:25:00.0796 4372 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:25:00.0797 4372 tunmp - ok
18:25:00.0836 4372 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:25:00.0836 4372 tunnel - ok
18:25:00.0866 4372 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:25:00.0867 4372 uagp35 - ok
18:25:00.0950 4372 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:25:00.0951 4372 uCamMonitor - ok
18:25:00.0992 4372 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:25:00.0994 4372 udfs - ok
18:25:01.0036 4372 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:25:01.0038 4372 UI0Detect - ok
18:25:01.0042 4372 UIUSys - ok
18:25:01.0083 4372 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:25:01.0084 4372 uliagpkx - ok
18:25:01.0110 4372 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:25:01.0112 4372 uliahci - ok
18:25:01.0131 4372 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:25:01.0132 4372 UlSata - ok
18:25:01.0158 4372 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:25:01.0159 4372 ulsata2 - ok
18:25:01.0189 4372 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:25:01.0190 4372 umbus - ok
18:25:01.0280 4372 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:25:01.0284 4372 upnphost - ok
18:25:01.0324 4372 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:25:01.0325 4372 USBAAPL - ok
18:25:01.0360 4372 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:01.0361 4372 usbccgp - ok
18:25:01.0405 4372 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:25:01.0405 4372 usbcir - ok
18:25:01.0458 4372 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:25:01.0459 4372 usbehci - ok
18:25:01.0495 4372 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:25:01.0496 4372 usbhub - ok
18:25:01.0517 4372 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:25:01.0518 4372 usbohci - ok
18:25:01.0577 4372 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:25:01.0578 4372 usbprint - ok
18:25:01.0601 4372 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:25:01.0602 4372 usbscan - ok
18:25:01.0627 4372 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:01.0628 4372 USBSTOR - ok
18:25:01.0643 4372 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:25:01.0644 4372 usbuhci - ok
18:25:01.0706 4372 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:25:01.0707 4372 usbvideo - ok
18:25:01.0740 4372 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:25:01.0742 4372 UxSms - ok
18:25:01.0839 4372 [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:25:01.0840 4372 VAIO Entertainment TV Device Arbitration Service - ok
18:25:01.0936 4372 [ C1ED0F71D3B9EA8D774FC7C4CBF7EE7F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:25:01.0939 4372 VAIO Power Management - ok
18:25:02.0067 4372 [ 89E0EFDDA4287E0C9C4A61CD7E2A2232 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:25:02.0070 4372 VCFw - ok
18:25:02.0138 4372 [ 27888F132D2EE0B72B28093A5F5F20EB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:25:02.0140 4372 VcmIAlzMgr - ok
18:25:02.0170 4372 [ EE9ABFC2F8F2DCDC624B6A9D5CF3B19D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
18:25:02.0171 4372 VcmXmlIfHelper - ok
18:25:02.0174 4372 Vcsw - ok
18:25:02.0215 4372 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:25:02.0220 4372 vds - ok
18:25:02.0246 4372 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:02.0246 4372 vga - ok
18:25:02.0267 4372 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:25:02.0268 4372 VgaSave - ok
18:25:02.0318 4372 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:25:02.0319 4372 viaagp - ok
18:25:02.0366 4372 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:25:02.0367 4372 ViaC7 - ok
18:25:02.0380 4372 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:25:02.0381 4372 viaide - ok
18:25:02.0397 4372 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:25:02.0398 4372 volmgr - ok
18:25:02.0449 4372 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:25:02.0451 4372 volmgrx - ok
18:25:02.0495 4372 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:25:02.0497 4372 volsnap - ok
18:25:02.0528 4372 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:25:02.0529 4372 vsmraid - ok
18:25:02.0657 4372 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:25:02.0666 4372 VSS - ok
18:25:02.0742 4372 [ 071634532066C2E29350D450C3412837 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:25:02.0744 4372 VzCdbSvc - ok
18:25:02.0783 4372 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:25:02.0786 4372 W32Time - ok
18:25:02.0819 4372 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:25:02.0819 4372 WacomPen - ok
18:25:02.0863 4372 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:25:02.0864 4372 Wanarp - ok
18:25:02.0868 4372 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:25:02.0869 4372 Wanarpv6 - ok
18:25:02.0905 4372 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:25:02.0909 4372 wcncsvc - ok
18:25:02.0939 4372 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:25:02.0941 4372 WcsPlugInService - ok
18:25:02.0959 4372 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:25:02.0959 4372 Wd - ok
18:25:03.0000 4372 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:25:03.0002 4372 WdiServiceHost - ok
18:25:03.0012 4372 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:25:03.0014 4372 WdiSystemHost - ok
18:25:03.0056 4372 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:25:03.0059 4372 WebClient - ok
18:25:03.0132 4372 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:25:03.0135 4372 Wecsvc - ok
18:25:03.0149 4372 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:25:03.0152 4372 wercplsupport - ok
18:25:03.0187 4372 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:25:03.0190 4372 WerSvc - ok
18:25:03.0231 4372 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:25:03.0232 4372 WimFltr - ok
18:25:03.0265 4372 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:25:03.0270 4372 winachsf - ok
18:25:03.0355 4372 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:25:03.0357 4372 WinDefend - ok
18:25:03.0363 4372 WinHttpAutoProxySvc - ok
18:25:03.0439 4372 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:25:03.0440 4372 Winmgmt - ok
18:25:03.0534 4372 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:25:03.0543 4372 WinRM - ok
18:25:03.0605 4372 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:25:03.0610 4372 Wlansvc - ok
18:25:03.0635 4372 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:25:03.0636 4372 WmiAcpi - ok
18:25:03.0672 4372 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:25:03.0673 4372 wmiApSrv - ok
18:25:03.0783 4372 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:25:03.0789 4372 WMPNetworkSvc - ok
18:25:03.0836 4372 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:25:03.0839 4372 WPCSvc - ok
18:25:03.0883 4372 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:25:03.0885 4372 WPDBusEnum - ok
18:25:03.0936 4372 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:25:03.0937 4372 WpdUsb - ok
18:25:04.0246 4372 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:25:04.0251 4372 WPFFontCache_v0400 - ok
18:25:04.0267 4372 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:25:04.0268 4372 ws2ifsl - ok
18:25:04.0329 4372 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:25:04.0331 4372 wscsvc - ok
18:25:04.0336 4372 WSearch - ok
18:25:04.0535 4372 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:25:04.0549 4372 wuauserv - ok
18:25:04.0586 4372 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:04.0587 4372 WUDFRd - ok
18:25:04.0628 4372 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:25:04.0630 4372 wudfsvc - ok
18:25:04.0664 4372 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:25:04.0664 4372 XAudio - ok
18:25:04.0715 4372 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:25:04.0718 4372 XAudioService - ok
18:25:04.0784 4372 [ 7D4CCA3659FA0780603206E3D12A993F ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:25:04.0787 4372 yukonwlh - ok
18:25:04.0792 4372 ================ Scan global ===============================
18:25:04.0817 4372 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:25:04.0886 4372 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:25:04.0899 4372 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:25:04.0939 4372 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:25:04.0942 4372 [Global] - ok
18:25:04.0942 4372 ================ Scan MBR ==================================
18:25:04.0979 4372 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:25:05.0214 4372 \Device\Harddisk0\DR0 - ok
18:25:05.0215 4372 ================ Scan VBR ==================================
18:25:05.0218 4372 [ 132427DDDE69403C40900D18FA2A7E87 ] \Device\Harddisk0\DR0\Partition1
18:25:05.0219 4372 \Device\Harddisk0\DR0\Partition1 - ok
18:25:05.0222 4372 ============================================================
18:25:05.0222 4372 Scan finished
18:25:05.0222 4372 ============================================================
18:25:05.0237 5572 Detected object count: 0
18:25:05.0237 5572 Actual detected object count: 0
18:27:03.0374 6056 Deinitialize success

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 18:27:43
-----------------------------
18:27:43.049 OS Version: Windows 6.0.6002 Service Pack 2
18:27:43.049 Number of processors: 2 586 0x170A
18:27:43.051 ComputerName: WRIGHT-PC UserName:
18:28:31.327 Initialize success
18:29:54.590 AVAST engine defs: 12100400
18:30:25.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:30:25.641 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
18:30:25.644 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000055
18:30:25.647 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
18:30:25.651 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000056
18:30:25.655 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
18:30:25.670 Disk 0 MBR read successfully
18:30:25.674 Disk 0 MBR scan
18:30:25.703 Disk 0 Windows VISTA default MBR code
18:30:25.731 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9298 MB offset 2048
18:30:25.780 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229175 MB offset 19044352
18:30:25.799 Disk 0 scanning sectors +488395120
18:30:25.896 Disk 0 scanning C:\Windows\system32\drivers
18:30:52.288 Service scanning
18:30:56.947 Service atisvc_jcdge C:\Windows\system32\qsesqt\atisvc_jcdge.exe **INFECTED** Win32:Malware-gen
18:31:12.826 Service MpKsl92fb54f1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6518186-10B1-426B-92F6-4C0089591004}\MpKsl92fb54f1.sys **LOCKED** 32
18:31:45.313 Modules scanning
18:31:54.636 Disk 0 trace - called modules:
18:31:54.681 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:31:54.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f97388]
18:31:54.695 3 CLASSPNP.SYS[8a1a98b3] -> nt!IofCallDriver -> [0x8542f1d8]
18:31:54.702 5 acpi.sys[805ba6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8543b028]
18:31:55.684 AVAST engine scan C:\Windows
18:32:03.017 AVAST engine scan C:\Windows\system32
18:37:57.887 AVAST engine scan C:\Windows\system32\drivers
18:38:24.121 AVAST engine scan C:\Users\wright0900
18:56:00.088 File: C:\Users\wright0900\Desktop\VIRUS-MALWARE FILES\RK_Quarantine\xivwxuaggnirrpeecys.exe.vir **INFECTED** Win32:Trojan-gen
19:03:47.155 AVAST engine scan C:\ProgramData
20:42:55.554 Scan finished successfully
20:45:58.529 Disk 0 MBR has been saved successfully to "C:\Users\wright0900\Desktop\MBR.dat"
20:45:58.548 The log file has been saved successfully to "C:\Users\wright0900\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 04 October 2012 - 09:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\qsesqt\atisvc_jcdge.exe
C:\Users\wright0900\Desktop\VIRUS-MALWARE FILES\RK_Quarantine\xivwxuaggnirrpeecys.exe.vir

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 04 October 2012 - 09:10 PM

Thanks Gringo

Only issue that i can see and I don't know if it was there before as this is a friends laptop is the Sonay Vaio care software/update doesn't appear to work correctly and the battery icon/status says it does not detect a battery whether it's plugged in or not.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 04 October 2012 - 09:13 PM

Hello


did you run post 12? and give me more info on the laptop and lets see if we can reinstall the drivers for the battery problem



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Glasjoe

Glasjoe
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 04 October 2012 - 09:35 PM

It's running now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users