Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Alureon.A want to make sure it's gone


  • Please log in to reply
12 replies to this topic

#1 kahall

kahall

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 11:51 AM

Sony VAIO laptop running windows 7 Home Basic
This computer was infected with Trojan:DOS/Alureon.A and using tdsskiller, then malwarebytes which scans clean now I am pretty sure it's gone but I want to make sure.

The reason I think there are still some remnants of the trojan that should not be there is due to the windows system busy animation (the circle) that indicates something is loading is being displayed when it should not. Other than that the PC works fine. Even when the animation (system busy)is being displayed anything I try to run loads right up as it should.
How can I check, or what can I post here for someone to look at to determine the status?
Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 09 November 2012 - 12:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 01:21 PM

Thanks.
TDSSkiller log>

12:09:33.0424 4132 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:09:33.0811 4132 ============================================================
12:09:33.0811 4132 Current date / time: 2012/11/09 12:09:33.0811
12:09:33.0811 4132 SystemInfo:
12:09:33.0811 4132
12:09:33.0811 4132 OS Version: 6.1.7601 ServicePack: 1.0
12:09:33.0811 4132 Product type: Workstation
12:09:33.0811 4132 ComputerName: USER-VAIO
12:09:33.0812 4132 UserName: USER
12:09:33.0812 4132 Windows directory: C:\Windows
12:09:33.0812 4132 System windows directory: C:\Windows
12:09:33.0812 4132 Running under WOW64
12:09:33.0812 4132 Processor architecture: Intel x64
12:09:33.0812 4132 Number of processors: 4
12:09:33.0812 4132 Page size: 0x1000
12:09:33.0812 4132 Boot type: Normal boot
12:09:33.0812 4132 ============================================================
12:09:34.0201 4132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:34.0210 4132 ============================================================
12:09:34.0210 4132 \Device\Harddisk0\DR0:
12:09:34.0210 4132 MBR partitions:
12:09:34.0210 4132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14B5800, BlocksNum 0x32000
12:09:34.0210 4132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14E7800, BlocksNum 0x38E9E030
12:09:34.0210 4132 ============================================================
12:09:34.0236 4132 C: <-> \Device\Harddisk0\DR0\Partition2
12:09:34.0236 4132 ============================================================
12:09:34.0236 4132 Initialize success
12:09:34.0236 4132 ============================================================
12:10:05.0633 5404 ============================================================
12:10:05.0633 5404 Scan started
12:10:05.0633 5404 Mode: Manual; TDLFS;
12:10:05.0633 5404 ============================================================
12:10:06.0114 5404 ================ Scan system memory ========================
12:10:06.0114 5404 System memory - ok
12:10:06.0115 5404 ================ Scan services =============================
12:10:06.0286 5404 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:10:06.0293 5404 1394ohci - ok
12:10:06.0403 5404 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:10:06.0406 5404 ACDaemon - ok
12:10:06.0459 5404 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:10:06.0467 5404 ACPI - ok
12:10:06.0503 5404 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:10:06.0506 5404 AcpiPmi - ok
12:10:06.0643 5404 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:06.0645 5404 AdobeARMservice - ok
12:10:06.0783 5404 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:06.0788 5404 AdobeFlashPlayerUpdateSvc - ok
12:10:06.0854 5404 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:10:06.0867 5404 adp94xx - ok
12:10:06.0904 5404 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:10:06.0914 5404 adpahci - ok
12:10:06.0952 5404 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:10:06.0956 5404 adpu320 - ok
12:10:06.0979 5404 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:10:06.0981 5404 AeLookupSvc - ok
12:10:07.0040 5404 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:10:07.0053 5404 AFD - ok
12:10:07.0097 5404 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:10:07.0100 5404 agp440 - ok
12:10:07.0143 5404 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:10:07.0147 5404 ALG - ok
12:10:07.0177 5404 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:10:07.0179 5404 aliide - ok
12:10:07.0203 5404 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:10:07.0205 5404 amdide - ok
12:10:07.0227 5404 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:10:07.0229 5404 AmdK8 - ok
12:10:07.0234 5404 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:10:07.0236 5404 AmdPPM - ok
12:10:07.0300 5404 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:10:07.0304 5404 amdsata - ok
12:10:07.0342 5404 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:10:07.0347 5404 amdsbs - ok
12:10:07.0371 5404 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:10:07.0373 5404 amdxata - ok
12:10:07.0393 5404 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:10:07.0396 5404 AppID - ok
12:10:07.0410 5404 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:10:07.0412 5404 AppIDSvc - ok
12:10:07.0430 5404 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:10:07.0432 5404 Appinfo - ok
12:10:07.0553 5404 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:10:07.0556 5404 Apple Mobile Device - ok
12:10:07.0590 5404 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:10:07.0594 5404 arc - ok
12:10:07.0603 5404 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:10:07.0606 5404 arcsas - ok
12:10:07.0660 5404 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:10:07.0662 5404 ArcSoftKsUFilter - ok
12:10:07.0742 5404 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:10:07.0744 5404 aspnet_state - ok
12:10:07.0780 5404 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:07.0782 5404 AsyncMac - ok
12:10:07.0824 5404 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:10:07.0826 5404 atapi - ok
12:10:07.0933 5404 [ E8E1AE3CAA4C7286D40715336D8A11D4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:10:07.0977 5404 athr - ok
12:10:08.0029 5404 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:08.0045 5404 AudioEndpointBuilder - ok
12:10:08.0059 5404 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:10:08.0066 5404 AudioSrv - ok
12:10:08.0101 5404 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:10:08.0104 5404 AxInstSV - ok
12:10:08.0143 5404 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:10:08.0152 5404 b06bdrv - ok
12:10:08.0204 5404 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:10:08.0209 5404 b57nd60a - ok
12:10:08.0254 5404 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:10:08.0257 5404 BDESVC - ok
12:10:08.0266 5404 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:10:08.0267 5404 Beep - ok
12:10:08.0317 5404 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:10:08.0329 5404 BFE - ok
12:10:08.0369 5404 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:10:08.0385 5404 BITS - ok
12:10:08.0415 5404 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:08.0417 5404 blbdrive - ok
12:10:08.0498 5404 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:10:08.0509 5404 Bonjour Service - ok
12:10:08.0535 5404 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:10:08.0539 5404 bowser - ok
12:10:08.0571 5404 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:10:08.0573 5404 BrFiltLo - ok
12:10:08.0580 5404 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:10:08.0581 5404 BrFiltUp - ok
12:10:08.0623 5404 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:10:08.0626 5404 Browser - ok
12:10:08.0650 5404 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:10:08.0656 5404 Brserid - ok
12:10:08.0664 5404 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:10:08.0665 5404 BrSerWdm - ok
12:10:08.0670 5404 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:10:08.0672 5404 BrUsbMdm - ok
12:10:08.0676 5404 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:10:08.0678 5404 BrUsbSer - ok
12:10:08.0683 5404 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:10:08.0685 5404 BTHMODEM - ok
12:10:08.0713 5404 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:10:08.0715 5404 bthserv - ok
12:10:08.0732 5404 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:10:08.0734 5404 cdfs - ok
12:10:08.0770 5404 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:10:08.0773 5404 cdrom - ok
12:10:08.0803 5404 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:10:08.0805 5404 CertPropSvc - ok
12:10:08.0835 5404 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:10:08.0836 5404 circlass - ok
12:10:08.0863 5404 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:10:08.0869 5404 CLFS - ok
12:10:08.0926 5404 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:08.0928 5404 clr_optimization_v2.0.50727_32 - ok
12:10:08.0948 5404 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:10:08.0950 5404 clr_optimization_v2.0.50727_64 - ok
12:10:09.0001 5404 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:09.0003 5404 clr_optimization_v4.0.30319_32 - ok
12:10:09.0034 5404 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:10:09.0038 5404 clr_optimization_v4.0.30319_64 - ok
12:10:09.0073 5404 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:10:09.0075 5404 CmBatt - ok
12:10:09.0093 5404 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:10:09.0095 5404 cmdide - ok
12:10:09.0148 5404 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:10:09.0160 5404 CNG - ok
12:10:09.0222 5404 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
12:10:09.0244 5404 CnxtHdAudService - ok
12:10:09.0270 5404 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:10:09.0271 5404 Compbatt - ok
12:10:09.0295 5404 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:10:09.0296 5404 CompositeBus - ok
12:10:09.0310 5404 COMSysApp - ok
12:10:09.0329 5404 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:10:09.0330 5404 crcdisk - ok
12:10:09.0378 5404 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:10:09.0380 5404 CryptSvc - ok
12:10:09.0511 5404 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:10:09.0519 5404 cvhsvc - ok
12:10:09.0560 5404 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:10:09.0570 5404 DcomLaunch - ok
12:10:09.0604 5404 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:10:09.0608 5404 defragsvc - ok
12:10:09.0633 5404 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:10:09.0635 5404 DfsC - ok
12:10:09.0661 5404 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:10:09.0667 5404 Dhcp - ok
12:10:09.0693 5404 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:10:09.0694 5404 discache - ok
12:10:09.0763 5404 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:10:09.0765 5404 Disk - ok
12:10:09.0791 5404 dlbu_device - ok
12:10:09.0853 5404 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:10:09.0859 5404 Dnscache - ok
12:10:09.0897 5404 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:10:09.0905 5404 dot3svc - ok
12:10:09.0925 5404 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:10:09.0931 5404 DPS - ok
12:10:09.0960 5404 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:10:09.0961 5404 drmkaud - ok
12:10:10.0005 5404 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:10:10.0028 5404 DXGKrnl - ok
12:10:10.0090 5404 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
12:10:10.0097 5404 e1yexpress - ok
12:10:10.0136 5404 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:10:10.0140 5404 EapHost - ok
12:10:10.0242 5404 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:10:10.0311 5404 ebdrv - ok
12:10:10.0360 5404 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:10:10.0363 5404 EFS - ok
12:10:10.0426 5404 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:10:10.0441 5404 ehRecvr - ok
12:10:10.0455 5404 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:10:10.0457 5404 ehSched - ok
12:10:10.0502 5404 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:10:10.0510 5404 elxstor - ok
12:10:10.0514 5404 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:10:10.0515 5404 ErrDev - ok
12:10:10.0553 5404 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:10:10.0559 5404 EventSystem - ok
12:10:10.0582 5404 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:10:10.0584 5404 exfat - ok
12:10:10.0607 5404 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:10:10.0610 5404 fastfat - ok
12:10:10.0649 5404 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:10:10.0660 5404 Fax - ok
12:10:10.0682 5404 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:10:10.0683 5404 fdc - ok
12:10:10.0712 5404 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:10:10.0713 5404 fdPHost - ok
12:10:10.0727 5404 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:10:10.0729 5404 FDResPub - ok
12:10:10.0744 5404 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:10:10.0746 5404 FileInfo - ok
12:10:10.0761 5404 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:10:10.0762 5404 Filetrace - ok
12:10:10.0775 5404 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:10:10.0776 5404 flpydisk - ok
12:10:10.0796 5404 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:10:10.0801 5404 FltMgr - ok
12:10:10.0866 5404 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:10:10.0894 5404 FontCache - ok
12:10:10.0930 5404 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:10:10.0931 5404 FontCache3.0.0.0 - ok
12:10:10.0944 5404 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:10:10.0946 5404 FsDepends - ok
12:10:10.0982 5404 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:10:10.0984 5404 Fs_Rec - ok
12:10:11.0026 5404 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:10:11.0031 5404 fvevol - ok
12:10:11.0050 5404 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:10:11.0053 5404 gagp30kx - ok
12:10:11.0106 5404 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:10:11.0108 5404 GEARAspiWDM - ok
12:10:11.0154 5404 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:10:11.0174 5404 gpsvc - ok
12:10:11.0209 5404 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:10:11.0211 5404 hcw85cir - ok
12:10:11.0234 5404 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:11.0240 5404 HdAudAddService - ok
12:10:11.0256 5404 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:10:11.0259 5404 HDAudBus - ok
12:10:11.0263 5404 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:10:11.0264 5404 HidBatt - ok
12:10:11.0272 5404 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:10:11.0274 5404 HidBth - ok
12:10:11.0293 5404 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:10:11.0294 5404 HidIr - ok
12:10:11.0319 5404 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:10:11.0322 5404 hidserv - ok
12:10:11.0356 5404 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:10:11.0357 5404 HidUsb - ok
12:10:11.0379 5404 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:10:11.0382 5404 hkmsvc - ok
12:10:11.0397 5404 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:11.0402 5404 HomeGroupListener - ok
12:10:11.0436 5404 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:11.0441 5404 HomeGroupProvider - ok
12:10:11.0458 5404 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:10:11.0459 5404 HpSAMD - ok
12:10:11.0492 5404 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:10:11.0503 5404 HTTP - ok
12:10:11.0526 5404 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:10:11.0527 5404 hwpolicy - ok
12:10:11.0554 5404 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:10:11.0556 5404 i8042prt - ok
12:10:11.0593 5404 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:10:11.0596 5404 iaStor - ok
12:10:11.0663 5404 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:10:11.0664 5404 IAStorDataMgrSvc - ok
12:10:11.0697 5404 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:10:11.0703 5404 iaStorV - ok
12:10:11.0775 5404 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:10:11.0815 5404 IconMan_R - ok
12:10:11.0854 5404 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:10:11.0868 5404 idsvc - ok
12:10:12.0140 5404 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:10:12.0389 5404 igfx - ok
12:10:12.0430 5404 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:10:12.0431 5404 iirsp - ok
12:10:12.0466 5404 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:10:12.0478 5404 IKEEXT - ok
12:10:12.0534 5404 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:10:12.0539 5404 IntcDAud - ok
12:10:12.0563 5404 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:10:12.0564 5404 intelide - ok
12:10:12.0589 5404 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:10:12.0590 5404 intelppm - ok
12:10:12.0633 5404 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:10:12.0634 5404 IPBusEnum - ok
12:10:12.0640 5404 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:12.0641 5404 IpFilterDriver - ok
12:10:12.0674 5404 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:10:12.0683 5404 iphlpsvc - ok
12:10:12.0701 5404 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:10:12.0702 5404 IPMIDRV - ok
12:10:12.0708 5404 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:10:12.0709 5404 IPNAT - ok
12:10:12.0786 5404 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:10:12.0800 5404 iPod Service - ok
12:10:12.0837 5404 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:10:12.0838 5404 IRENUM - ok
12:10:12.0850 5404 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:10:12.0851 5404 isapnp - ok
12:10:12.0864 5404 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:10:12.0867 5404 iScsiPrt - ok
12:10:12.0897 5404 jbptlqke - ok
12:10:12.0921 5404 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:10:12.0923 5404 kbdclass - ok
12:10:12.0938 5404 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:10:12.0939 5404 kbdhid - ok
12:10:12.0948 5404 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:10:12.0950 5404 KeyIso - ok
12:10:12.0995 5404 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:10:12.0999 5404 KSecDD - ok
12:10:13.0017 5404 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:10:13.0021 5404 KSecPkg - ok
12:10:13.0051 5404 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:10:13.0053 5404 ksthunk - ok
12:10:13.0091 5404 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:10:13.0102 5404 KtmRm - ok
12:10:13.0135 5404 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
12:10:13.0138 5404 L1C - ok
12:10:13.0175 5404 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:10:13.0183 5404 LanmanServer - ok
12:10:13.0211 5404 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:13.0215 5404 LanmanWorkstation - ok
12:10:13.0244 5404 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:10:13.0246 5404 lltdio - ok
12:10:13.0284 5404 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:10:13.0290 5404 lltdsvc - ok
12:10:13.0312 5404 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:10:13.0314 5404 lmhosts - ok
12:10:13.0381 5404 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:10:13.0384 5404 LMS - ok
12:10:13.0423 5404 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:10:13.0426 5404 LSI_FC - ok
12:10:13.0432 5404 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:10:13.0433 5404 LSI_SAS - ok
12:10:13.0439 5404 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:10:13.0441 5404 LSI_SAS2 - ok
12:10:13.0448 5404 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:10:13.0451 5404 LSI_SCSI - ok
12:10:13.0472 5404 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:10:13.0475 5404 luafv - ok
12:10:13.0502 5404 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:10:13.0506 5404 Mcx2Svc - ok
12:10:13.0522 5404 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:10:13.0523 5404 megasas - ok
12:10:13.0541 5404 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:10:13.0548 5404 MegaSR - ok
12:10:13.0568 5404 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:10:13.0573 5404 MEIx64 - ok
12:10:13.0599 5404 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:10:13.0602 5404 MMCSS - ok
12:10:13.0620 5404 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:10:13.0621 5404 Modem - ok
12:10:13.0647 5404 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:10:13.0648 5404 monitor - ok
12:10:13.0681 5404 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:10:13.0682 5404 mouclass - ok
12:10:13.0707 5404 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:10:13.0708 5404 mouhid - ok
12:10:13.0724 5404 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:10:13.0726 5404 mountmgr - ok
12:10:13.0782 5404 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:10:13.0788 5404 MpFilter - ok
12:10:13.0818 5404 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:10:13.0822 5404 mpio - ok
12:10:13.0863 5404 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:10:13.0866 5404 mpsdrv - ok
12:10:13.0908 5404 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:10:13.0927 5404 MpsSvc - ok
12:10:13.0948 5404 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:10:13.0950 5404 MRxDAV - ok
12:10:13.0985 5404 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:13.0988 5404 mrxsmb - ok
12:10:14.0008 5404 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:14.0013 5404 mrxsmb10 - ok
12:10:14.0030 5404 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:14.0033 5404 mrxsmb20 - ok
12:10:14.0051 5404 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:10:14.0052 5404 msahci - ok
12:10:14.0059 5404 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:10:14.0062 5404 msdsm - ok
12:10:14.0072 5404 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:10:14.0076 5404 MSDTC - ok
12:10:14.0101 5404 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:10:14.0103 5404 Msfs - ok
12:10:14.0114 5404 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:10:14.0115 5404 mshidkmdf - ok
12:10:14.0130 5404 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:10:14.0131 5404 msisadrv - ok
12:10:14.0167 5404 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:10:14.0171 5404 MSiSCSI - ok
12:10:14.0175 5404 msiserver - ok
12:10:14.0196 5404 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:10:14.0197 5404 MSKSSRV - ok
12:10:14.0283 5404 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:10:14.0285 5404 MsMpSvc - ok
12:10:14.0298 5404 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:14.0299 5404 MSPCLOCK - ok
12:10:14.0306 5404 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:10:14.0307 5404 MSPQM - ok
12:10:14.0337 5404 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:10:14.0342 5404 MsRPC - ok
12:10:14.0358 5404 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:10:14.0359 5404 mssmbios - ok
12:10:14.0384 5404 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:10:14.0385 5404 MSTEE - ok
12:10:14.0388 5404 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:10:14.0389 5404 MTConfig - ok
12:10:14.0413 5404 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:10:14.0415 5404 Mup - ok
12:10:14.0444 5404 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:10:14.0452 5404 napagent - ok
12:10:14.0490 5404 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:10:14.0498 5404 NativeWifiP - ok
12:10:14.0573 5404 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:10:14.0594 5404 NDIS - ok
12:10:14.0631 5404 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:14.0632 5404 NdisCap - ok
12:10:14.0649 5404 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:14.0649 5404 NdisTapi - ok
12:10:14.0671 5404 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:14.0673 5404 Ndisuio - ok
12:10:14.0683 5404 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:14.0686 5404 NdisWan - ok
12:10:14.0695 5404 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:10:14.0697 5404 NDProxy - ok
12:10:14.0727 5404 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:10:14.0728 5404 NetBIOS - ok
12:10:14.0741 5404 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:10:14.0745 5404 NetBT - ok
12:10:14.0760 5404 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:10:14.0761 5404 Netlogon - ok
12:10:14.0796 5404 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:10:14.0803 5404 Netman - ok
12:10:14.0839 5404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:14.0842 5404 NetMsmqActivator - ok
12:10:14.0849 5404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:14.0850 5404 NetPipeActivator - ok
12:10:14.0869 5404 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:10:14.0877 5404 netprofm - ok
12:10:14.0883 5404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:14.0884 5404 NetTcpActivator - ok
12:10:14.0889 5404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:14.0891 5404 NetTcpPortSharing - ok
12:10:14.0932 5404 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:10:14.0933 5404 nfrd960 - ok
12:10:14.0994 5404 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:10:14.0998 5404 NisDrv - ok
12:10:15.0051 5404 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:10:15.0059 5404 NisSrv - ok
12:10:15.0100 5404 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:10:15.0110 5404 NlaSvc - ok
12:10:15.0132 5404 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:10:15.0133 5404 Npfs - ok
12:10:15.0146 5404 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:10:15.0149 5404 nsi - ok
12:10:15.0166 5404 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:10:15.0167 5404 nsiproxy - ok
12:10:15.0245 5404 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:10:15.0270 5404 Ntfs - ok
12:10:15.0294 5404 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:10:15.0295 5404 Null - ok
12:10:15.0543 5404 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:10:15.0774 5404 nvlddmkm - ok
12:10:15.0879 5404 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:10:15.0883 5404 nvraid - ok
12:10:15.0926 5404 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:10:15.0931 5404 nvstor - ok
12:10:15.0963 5404 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:15.0967 5404 nv_agp - ok
12:10:16.0016 5404 [ 07571684567859DA796A566CC78FFA74 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
12:10:16.0018 5404 Oasis2Service - ok
12:10:16.0034 5404 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:10:16.0037 5404 ohci1394 - ok
12:10:16.0079 5404 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:16.0081 5404 ose - ok
12:10:16.0215 5404 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:10:16.0334 5404 osppsvc - ok
12:10:16.0367 5404 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:10:16.0372 5404 p2pimsvc - ok
12:10:16.0391 5404 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:16.0399 5404 p2psvc - ok
12:10:16.0425 5404 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:10:16.0427 5404 Parport - ok
12:10:16.0472 5404 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:16.0474 5404 partmgr - ok
12:10:16.0507 5404 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:16.0514 5404 PcaSvc - ok
12:10:16.0531 5404 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:10:16.0536 5404 pci - ok
12:10:16.0563 5404 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:16.0564 5404 pciide - ok
12:10:16.0581 5404 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:10:16.0585 5404 pcmcia - ok
12:10:16.0606 5404 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:10:16.0608 5404 pcw - ok
12:10:16.0636 5404 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:16.0647 5404 PEAUTH - ok
12:10:16.0715 5404 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:10:16.0718 5404 PerfHost - ok
12:10:16.0795 5404 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:10:16.0820 5404 pla - ok
12:10:16.0870 5404 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:16.0883 5404 PlugPlay - ok
12:10:16.0949 5404 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:10:16.0962 5404 PMBDeviceInfoProvider - ok
12:10:16.0975 5404 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:10:16.0978 5404 PNRPAutoReg - ok
12:10:17.0001 5404 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:10:17.0006 5404 PNRPsvc - ok
12:10:17.0039 5404 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:17.0049 5404 PolicyAgent - ok
12:10:17.0083 5404 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:10:17.0088 5404 Power - ok
12:10:17.0124 5404 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:17.0127 5404 PptpMiniport - ok
12:10:17.0141 5404 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:10:17.0143 5404 Processor - ok
12:10:17.0200 5404 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:17.0209 5404 ProfSvc - ok
12:10:17.0227 5404 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:17.0230 5404 ProtectedStorage - ok
12:10:17.0253 5404 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:10:17.0257 5404 Psched - ok
12:10:17.0328 5404 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:10:17.0354 5404 ql2300 - ok
12:10:17.0361 5404 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:10:17.0362 5404 ql40xx - ok
12:10:17.0391 5404 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:10:17.0396 5404 QWAVE - ok
12:10:17.0423 5404 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:17.0424 5404 QWAVEdrv - ok
12:10:17.0427 5404 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:17.0428 5404 RasAcd - ok
12:10:17.0459 5404 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:17.0461 5404 RasAgileVpn - ok
12:10:17.0471 5404 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:17.0474 5404 RasAuto - ok
12:10:17.0490 5404 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:17.0493 5404 Rasl2tp - ok
12:10:17.0528 5404 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:10:17.0535 5404 RasMan - ok
12:10:17.0550 5404 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:17.0552 5404 RasPppoe - ok
12:10:17.0561 5404 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:17.0563 5404 RasSstp - ok
12:10:17.0601 5404 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:17.0606 5404 rdbss - ok
12:10:17.0630 5404 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:10:17.0631 5404 rdpbus - ok
12:10:17.0655 5404 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:17.0656 5404 RDPCDD - ok
12:10:17.0674 5404 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:17.0674 5404 RDPENCDD - ok
12:10:17.0684 5404 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:10:17.0685 5404 RDPREFMP - ok
12:10:17.0728 5404 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:17.0731 5404 RDPWD - ok
12:10:17.0758 5404 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:10:17.0762 5404 rdyboost - ok
12:10:17.0789 5404 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:17.0792 5404 RemoteAccess - ok
12:10:17.0830 5404 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:17.0834 5404 RemoteRegistry - ok
12:10:17.0863 5404 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:10:17.0866 5404 RpcEptMapper - ok
12:10:17.0888 5404 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:10:17.0890 5404 RpcLocator - ok
12:10:17.0916 5404 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:10:17.0920 5404 RpcSs - ok
12:10:17.0950 5404 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
12:10:17.0955 5404 RSPCIESTOR - ok
12:10:17.0997 5404 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:17.0999 5404 rspndr - ok
12:10:18.0027 5404 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:10:18.0028 5404 SamSs - ok
12:10:18.0049 5404 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:18.0051 5404 sbp2port - ok
12:10:18.0081 5404 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:18.0085 5404 SCardSvr - ok
12:10:18.0104 5404 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:10:18.0106 5404 scfilter - ok
12:10:18.0137 5404 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:10:18.0155 5404 Schedule - ok
12:10:18.0181 5404 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:18.0182 5404 SCPolicySvc - ok
12:10:18.0220 5404 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:10:18.0222 5404 sdbus - ok
12:10:18.0242 5404 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:18.0247 5404 SDRSVC - ok
12:10:18.0267 5404 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:18.0268 5404 secdrv - ok
12:10:18.0278 5404 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:10:18.0280 5404 seclogon - ok
12:10:18.0298 5404 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:10:18.0300 5404 SENS - ok
12:10:18.0322 5404 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:10:18.0325 5404 SensrSvc - ok
12:10:18.0341 5404 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:10:18.0342 5404 Serenum - ok
12:10:18.0353 5404 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:10:18.0355 5404 Serial - ok
12:10:18.0379 5404 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:10:18.0380 5404 sermouse - ok
12:10:18.0406 5404 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:18.0410 5404 SessionEnv - ok
12:10:18.0437 5404 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
12:10:18.0438 5404 SFEP - ok
12:10:18.0442 5404 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:18.0443 5404 sffdisk - ok
12:10:18.0447 5404 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:18.0448 5404 sffp_mmc - ok
12:10:18.0452 5404 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:18.0453 5404 sffp_sd - ok
12:10:18.0467 5404 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:10:18.0468 5404 sfloppy - ok
12:10:18.0533 5404 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:10:18.0551 5404 Sftfs - ok
12:10:18.0631 5404 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:10:18.0642 5404 sftlist - ok
12:10:18.0666 5404 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:10:18.0672 5404 Sftplay - ok
12:10:18.0685 5404 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:10:18.0687 5404 Sftredir - ok
12:10:18.0708 5404 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:10:18.0710 5404 Sftvol - ok
12:10:18.0754 5404 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:10:18.0760 5404 sftvsa - ok
12:10:18.0795 5404 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:18.0806 5404 SharedAccess - ok
12:10:18.0843 5404 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:18.0851 5404 ShellHWDetection - ok
12:10:18.0879 5404 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:10:18.0881 5404 SiSRaid2 - ok
12:10:18.0900 5404 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:10:18.0902 5404 SiSRaid4 - ok
12:10:18.0923 5404 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:18.0926 5404 Smb - ok
12:10:18.0968 5404 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:18.0971 5404 SNMPTRAP - ok
12:10:19.0045 5404 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:10:19.0047 5404 SOHCImp - ok
12:10:19.0063 5404 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:10:19.0065 5404 SOHDs - ok
12:10:19.0121 5404 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
12:10:19.0128 5404 SpfService - ok
12:10:19.0156 5404 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:19.0157 5404 spldr - ok
12:10:19.0213 5404 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:19.0229 5404 Spooler - ok
12:10:19.0336 5404 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:10:19.0429 5404 sppsvc - ok
12:10:19.0441 5404 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:10:19.0444 5404 sppuinotify - ok
12:10:19.0492 5404 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:19.0498 5404 srv - ok
12:10:19.0515 5404 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:19.0521 5404 srv2 - ok
12:10:19.0537 5404 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:19.0540 5404 srvnet - ok
12:10:19.0566 5404 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:19.0570 5404 SSDPSRV - ok
12:10:19.0598 5404 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:19.0601 5404 SstpSvc - ok
12:10:19.0618 5404 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:10:19.0619 5404 stexstor - ok
12:10:19.0672 5404 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:10:19.0672 5404 StillCam - ok
12:10:19.0723 5404 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:10:19.0740 5404 stisvc - ok
12:10:19.0767 5404 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:10:19.0768 5404 swenum - ok
12:10:19.0801 5404 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:10:19.0809 5404 swprv - ok
12:10:19.0873 5404 [ C43E3CA9C672B2EC30B66CCE0B89BD36 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:10:19.0900 5404 SynTP - ok
12:10:19.0956 5404 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:10:19.0986 5404 SysMain - ok
12:10:20.0005 5404 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:20.0009 5404 TabletInputService - ok
12:10:20.0035 5404 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:20.0042 5404 TapiSrv - ok
12:10:20.0055 5404 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:10:20.0058 5404 TBS - ok
12:10:20.0144 5404 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:20.0188 5404 Tcpip - ok
12:10:20.0255 5404 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:20.0270 5404 TCPIP6 - ok
12:10:20.0294 5404 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:20.0295 5404 tcpipreg - ok
12:10:20.0313 5404 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:20.0314 5404 TDPIPE - ok
12:10:20.0353 5404 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:20.0354 5404 TDTCP - ok
12:10:20.0384 5404 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:20.0387 5404 tdx - ok
12:10:20.0397 5404 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:10:20.0399 5404 TermDD - ok
12:10:20.0444 5404 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:10:20.0462 5404 TermService - ok
12:10:20.0479 5404 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:10:20.0482 5404 Themes - ok
12:10:20.0511 5404 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:20.0513 5404 THREADORDER - ok
12:10:20.0553 5404 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:10:20.0556 5404 TrkWks - ok
12:10:20.0593 5404 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:20.0596 5404 TrustedInstaller - ok
12:10:20.0605 5404 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:20.0606 5404 tssecsrv - ok
12:10:20.0631 5404 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:10:20.0633 5404 TsUsbFlt - ok
12:10:20.0645 5404 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:10:20.0646 5404 TsUsbGD - ok
12:10:20.0665 5404 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:20.0668 5404 tunnel - ok
12:10:20.0672 5404 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:10:20.0674 5404 uagp35 - ok
12:10:20.0730 5404 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:10:20.0731 5404 uCamMonitor - ok
12:10:20.0757 5404 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:20.0762 5404 udfs - ok
12:10:20.0793 5404 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:20.0795 5404 UI0Detect - ok
12:10:20.0812 5404 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:20.0814 5404 uliagpkx - ok
12:10:20.0840 5404 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:10:20.0842 5404 umbus - ok
12:10:20.0845 5404 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:10:20.0846 5404 UmPass - ok
12:10:20.0958 5404 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:10:20.0979 5404 UNS - ok
12:10:21.0007 5404 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:10:21.0013 5404 upnphost - ok
12:10:21.0059 5404 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:10:21.0060 5404 USBAAPL64 - ok
12:10:21.0098 5404 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:21.0102 5404 usbccgp - ok
12:10:21.0129 5404 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:21.0132 5404 usbcir - ok
12:10:21.0144 5404 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:10:21.0146 5404 usbehci - ok
12:10:21.0167 5404 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:21.0172 5404 usbhub - ok
12:10:21.0185 5404 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:10:21.0186 5404 usbohci - ok
12:10:21.0210 5404 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:10:21.0211 5404 usbprint - ok
12:10:21.0243 5404 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:10:21.0245 5404 usbscan - ok
12:10:21.0291 5404 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:21.0294 5404 USBSTOR - ok
12:10:21.0333 5404 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:10:21.0335 5404 usbuhci - ok
12:10:21.0373 5404 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:10:21.0378 5404 usbvideo - ok
12:10:21.0403 5404 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:10:21.0408 5404 UxSms - ok
12:10:21.0453 5404 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
12:10:21.0455 5404 VAIO Event Service - ok
12:10:21.0483 5404 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:10:21.0486 5404 VaultSvc - ok
12:10:21.0544 5404 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:10:21.0558 5404 VCFw - ok
12:10:21.0649 5404 [ 4B7ED2D6F738219068361BB14D19CBDE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:10:21.0662 5404 VcmIAlzMgr - ok
12:10:21.0691 5404 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:10:21.0698 5404 VcmINSMgr - ok
12:10:21.0727 5404 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:10:21.0729 5404 VcmXmlIfHelper - ok
12:10:21.0776 5404 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
12:10:21.0777 5404 VCService - ok
12:10:21.0810 5404 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:10:21.0812 5404 vdrvroot - ok
12:10:21.0852 5404 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:10:21.0863 5404 vds - ok
12:10:21.0874 5404 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:21.0876 5404 vga - ok
12:10:21.0889 5404 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:21.0890 5404 VgaSave - ok
12:10:21.0898 5404 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:10:21.0902 5404 vhdmp - ok
12:10:21.0907 5404 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:21.0908 5404 viaide - ok
12:10:21.0924 5404 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:21.0926 5404 volmgr - ok
12:10:21.0950 5404 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:21.0955 5404 volmgrx - ok
12:10:21.0970 5404 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:21.0972 5404 volsnap - ok
12:10:22.0015 5404 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:10:22.0018 5404 vsmraid - ok
12:10:22.0122 5404 [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
12:10:22.0143 5404 VSNService - ok
12:10:22.0210 5404 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:10:22.0236 5404 VSS - ok
12:10:22.0281 5404 [ 9C665557B314EAD129555599D94233DB ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
12:10:22.0288 5404 VUAgent - ok
12:10:22.0311 5404 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:10:22.0312 5404 vwifibus - ok
12:10:22.0336 5404 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:10:22.0339 5404 vwififlt - ok
12:10:22.0363 5404 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:10:22.0370 5404 W32Time - ok
12:10:22.0383 5404 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:10:22.0384 5404 WacomPen - ok
12:10:22.0423 5404 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:10:22.0425 5404 WANARP - ok
12:10:22.0429 5404 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:22.0431 5404 Wanarpv6 - ok
12:10:22.0506 5404 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:10:22.0535 5404 WatAdminSvc - ok
12:10:22.0589 5404 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:10:22.0615 5404 wbengine - ok
12:10:22.0627 5404 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:10:22.0631 5404 WbioSrvc - ok
12:10:22.0648 5404 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:10:22.0654 5404 wcncsvc - ok
12:10:22.0681 5404 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:22.0683 5404 WcsPlugInService - ok
12:10:22.0697 5404 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:10:22.0699 5404 Wd - ok
12:10:22.0720 5404 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:10:22.0729 5404 Wdf01000 - ok
12:10:22.0738 5404 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:10:22.0741 5404 WdiServiceHost - ok
12:10:22.0747 5404 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:10:22.0749 5404 WdiSystemHost - ok
12:10:22.0773 5404 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:10:22.0778 5404 WebClient - ok
12:10:22.0795 5404 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:10:22.0800 5404 Wecsvc - ok
12:10:22.0810 5404 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:10:22.0813 5404 wercplsupport - ok
12:10:22.0841 5404 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:10:22.0844 5404 WerSvc - ok
12:10:22.0878 5404 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:22.0879 5404 WfpLwf - ok
12:10:22.0895 5404 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:10:22.0896 5404 WIMMount - ok
12:10:22.0911 5404 WinDefend - ok
12:10:22.0917 5404 WinHttpAutoProxySvc - ok
12:10:22.0997 5404 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:10:23.0003 5404 Winmgmt - ok
12:10:23.0071 5404 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:10:23.0104 5404 WinRM - ok
12:10:23.0163 5404 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:23.0163 5404 WinUsb - ok
12:10:23.0224 5404 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:10:23.0247 5404 Wlansvc - ok
12:10:23.0309 5404 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:10:23.0311 5404 wlcrasvc - ok
12:10:23.0453 5404 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:10:23.0498 5404 wlidsvc - ok
12:10:23.0534 5404 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:10:23.0535 5404 WmiAcpi - ok
12:10:23.0560 5404 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:10:23.0565 5404 wmiApSrv - ok
12:10:23.0601 5404 WMPNetworkSvc - ok
12:10:23.0618 5404 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:10:23.0620 5404 WPCSvc - ok
12:10:23.0665 5404 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:10:23.0669 5404 WPDBusEnum - ok
12:10:23.0701 5404 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:10:23.0702 5404 ws2ifsl - ok
12:10:23.0713 5404 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:10:23.0716 5404 wscsvc - ok
12:10:23.0720 5404 WSearch - ok
12:10:23.0824 5404 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:10:23.0859 5404 wuauserv - ok
12:10:23.0871 5404 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:10:23.0872 5404 WudfPf - ok
12:10:23.0899 5404 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:23.0902 5404 WUDFRd - ok
12:10:23.0920 5404 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:10:23.0923 5404 wudfsvc - ok
12:10:23.0943 5404 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:10:23.0948 5404 WwanSvc - ok
12:10:23.0965 5404 ================ Scan global ===============================
12:10:23.0991 5404 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:10:24.0032 5404 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:10:24.0050 5404 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:10:24.0082 5404 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:10:24.0119 5404 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:10:24.0132 5404 [Global] - ok
12:10:24.0133 5404 ================ Scan MBR ==================================
12:10:24.0152 5404 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:10:24.0465 5404 \Device\Harddisk0\DR0 - ok
12:10:24.0466 5404 ================ Scan VBR ==================================
12:10:24.0471 5404 [ 9A559197FFA4C3BE570BEF1467B56515 ] \Device\Harddisk0\DR0\Partition1
12:10:24.0474 5404 \Device\Harddisk0\DR0\Partition1 - ok
12:10:24.0511 5404 [ 41C954FFD3DE2EAE3D1744F53C969F11 ] \Device\Harddisk0\DR0\Partition2
12:10:24.0514 5404 \Device\Harddisk0\DR0\Partition2 - ok
12:10:24.0515 5404 ============================================================
12:10:24.0515 5404 Scan finished
12:10:24.0515 5404 ============================================================
12:10:24.0533 6312 Detected object count: 0
12:10:24.0533 6312 Actual detected object count: 0
12:10:46.0907 1992 Deinitialize success

aswMBR log>

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-09 10:52:39
-----------------------------
10:52:39.501 OS Version: Windows x64 6.1.7601 Service Pack 1
10:52:39.501 Number of processors: 4 586 0x2A07
10:52:39.501 ComputerName: USER-VAIO UserName: User
10:52:40.702 Initialize success
10:53:35.323 AVAST engine defs: 12110900
10:53:44.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:53:44.356 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
10:53:44.372 Disk 0 MBR read successfully
10:53:44.372 Disk 0 MBR scan
10:53:44.387 Disk 0 Windows 7 default MBR code
10:53:44.387 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10602 MB offset 2048
10:53:44.434 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21714944
10:53:44.481 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466236 MB offset 21919744
10:53:44.559 Disk 0 scanning C:\Windows\system32\drivers
10:53:58.162 Service scanning
10:54:39.565 Modules scanning
10:54:39.580 Disk 0 trace - called modules:
10:54:39.612 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:54:39.627 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006601060]
10:54:39.627 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ad3050]
10:54:41.218 AVAST engine scan C:\Windows
10:54:44.463 AVAST engine scan C:\Windows\system32
10:58:40.224 AVAST engine scan C:\Windows\system32\drivers
10:58:55.356 AVAST engine scan C:\Users\User
11:27:32.206 AVAST engine scan C:\ProgramData
11:32:53.925 Scan finished successfully
11:36:34.877 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
11:36:34.924 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Doing the ESET scanner now will post when finished.

Edited by kahall, 09 November 2012 - 01:33 PM.


#4 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 04:30 PM

ESET log>

C:\TDSSKiller_Quarantine\08.11.2012_16.49.36\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\08.11.2012_16.53.32\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdgdgdddbdagbgedjggdadegcdggb\background.html Win32/BHO.OEI trojan
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZNE903ZL\37698-2[2].htm HTML/ScrInject.B.Gen virus
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZNE903ZL\cse[1].htm HTML/Iframe.B.Gen virus
C:\Users\User\AppData\Local\Temp\tbbabylonv2.exe Win32/Toolbar.Babylon application

I did not yet click finish on the scan and had unchecked remove threats before starting the scan.
Thanks again.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 09 November 2012 - 05:07 PM

I did not yet click finish on the scan and had unchecked remove threats before starting the scan.


Checkmark Remove threats option and remove them

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 09:09 PM

Ok, I think I got all the requested info.

Reran ESET as requested and let it remove Threats.

Malwarebytes log>

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
User :: USER-VAIO [administrator]

11/9/2012 6:21:38 PM
mbam-log-2012-11-09 (18-21-38).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346245
Time elapsed: 43 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






mini toolobox log>

MiniToolBox by Farbar Version: 10-11-2012 01
Ran by User (administrator) on 09-11-2012 at 19:27:49
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : User-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 78-84-3C-93-1F-E0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::95fa:cee7:a497:70db%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, November 09, 2012 6:17:22 PM
Lease Expires . . . . . . . . . . : Saturday, November 10, 2012 6:17:22 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 343442492
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-76-27-5D-90-00-4E-BE-C5-CA
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 90-00-4E-BE-C5-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{294BE4E1-8238-4B9D-B127-7AD8DAC4752D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1C907193-FD12-4E63-874C-BE23B9870AB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8db:d40:3f57:fef8(Preferred)
Link-local IPv6 Address . . . . . : fe80::8db:d40:3f57:fef8%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:802::1003
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.110
74.125.225.96
74.125.225.97


Pinging google.com [74.125.225.101] with 32 bytes of data:
Reply from 74.125.225.101: bytes=32 time=34ms TTL=52
Reply from 74.125.225.101: bytes=32 time=35ms TTL=52

Ping statistics for 74.125.225.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 35ms, Average = 34ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=73ms TTL=50
Reply from 72.30.38.140: bytes=32 time=96ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 96ms, Average = 84ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...78 84 3c 93 1f e0 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
11...90 00 4e be c5 ca ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.7 276
192.168.1.7 255.255.255.255 On-link 192.168.1.7 276
192.168.1.255 255.255.255.255 On-link 192.168.1.7 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.7 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.7 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:8db:d40:3f57:fef8/128
On-link
12 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::8db:d40:3f57:fef8/128
On-link
12 276 fe80::95fa:cee7:a497:70db/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/09/2012 06:18:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 04:40:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/09/2012 04:40:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/09/2012 00:22:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/09/2012 10:27:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 10:09:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 09:49:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 09:39:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 10:20:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:50:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/08/2012 08:51:06 PM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated with the following error:
%%-2147467259

Error: (11/08/2012 04:39:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:39:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:39:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:37:47 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.139.1502.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/08/2012 04:37:47 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/08/2012 04:37:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:37:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:37:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/08/2012 04:32:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/09/2012 06:18:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 04:40:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (11/09/2012 04:40:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (11/09/2012 00:22:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (11/09/2012 10:27:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 10:09:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 09:49:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 09:39:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 10:20:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:50:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.142)
ArcSoft WebCam Companion 4 (Version: 4.0.21.392)
Bonjour (Version: 3.0.0.10)
Cisco Connect (Version: 1.4.11299.0)
Conexant HD Audio (Version: 8.54.0.53)
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
Dell Photo AIO Printer 942
Easy Media Player 1.1.12 (Version: 1.1.12)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.64)
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 25.0.571.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Update (Version: 5.003.000.004)
iCloud (Version: 2.0.2.187)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 22 (Version: 6.0.220)
join.me (Version: 1.3.1.429)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Media Gallery (Version: 1.5.0.16020)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Oasis2Service (Version: 1.0.1)
OOBE (Version: 11.2.1.10)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (Version: 1.5.00.02250)
PMB VAIO Edition Plug-in (Version: 1.5.01.04010)
QuickTime (Version: 7.72.80.56)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Remote Keyboard (Version: 1.1.1.03020)
Remote Play with PlayStation 3 (Version: 1.1.0.15070)
Safari (Version: 5.34.57.2)
Sony Corporation (Version: 1.0.0)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.1.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VAIO - Media Gallery (Version: 1.5.0.16020)
VAIO - PMB VAIO Edition Guide (Version: 1.5.00.02250)
VAIO - PMB VAIO Edition Plug-in (Version: 1.5.01.04060)
VAIO - Remote Keyboard (Version: 1.0.1.03020)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.15070)
VAIO Care (Version: 6.4.0.15030)
VAIO Control Center (Version: 4.5.0.03040)
VAIO Data Restore Tool (Version: 1.6.0.13140)
VAIO Easy Connect (Version: 1.0.0.03050)
VAIO Event Service (Version: 5.5.0.03040)
VAIO Gate (Version: 2.3.0.11090)
VAIO Gate Default (Version: 2.4.0.03240)
VAIO Hardware Diagnostics (Version: 4.2.0.14280)
VAIO Help and Support (Version: 14.00.0125)
VAIO Improvement (Version: 1.0.0.14150)
VAIO Manual (Version: 2.0.0.02250)
VAIO Messenger (Version: 2.0.424.0)
VAIO Quick Web Access (Version: 1.4.5.5)
VAIO Sample Contents (Version: 1.4.0.09010)
VAIO Satisfaction Survey. (Version: 3.0)
VAIO Smart Network (Version: 3.5.0.02280)
VAIO Transfer Support (Version: 1.4.0.14230)
VAIO Update (Version: 5.4.0.15300)
VCCx86 (Version: 1.0.0)
VESx64 (Version: 1.0.0)
VESx86 (Version: 1.0.0)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 4043.86 MB
Available physical RAM: 2310.14 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6135.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:455.31 GB) (Free:366.16 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-VAIO

Administrator Guest User

========================= Restore Points ==================================

14-10-2012 14:09:17 Windows Modules Installer
14-10-2012 14:29:25 Windows Update
17-10-2012 16:58:36 Windows Update
17-10-2012 19:58:16 Windows Update
24-10-2012 19:59:35 Windows Update
28-10-2012 03:01:38 Windows Update
01-11-2012 20:32:14 Windows Update
03-11-2012 16:56:29 Windows Update
04-11-2012 12:06:38 Windows Update
04-11-2012 21:05:09 Windows Update
07-11-2012 03:54:14 Windows Update
09-11-2012 00:33:18 Installed Java 7 Update 9

**** End of log ****





Farbar Service Scanner Version: 09-11-2012
Ran by User (administrator) on 09-11-2012 at 19:43:05
Running from "C:\Users\User\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****








# AdwCleaner v2.007 - Logfile created 11/09/2012 at 19:48:23
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-VAIO
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.52] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.55] : keyword = "babylon.com",
Deleted [l.58] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",

*************************

AdwCleaner[S1].txt - [12122 octets] - [08/11/2012 18:23:27]
AdwCleaner[S2].txt - [919 octets] - [09/11/2012 19:48:23]

########## EOF - C:\AdwCleaner[S2].txt - [978 octets] ##########







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.1 (11.09.2012)
OS: Windows 7 Home Premium x64
Ran by user on Fri 11/09/2012 at 19:58:32.19
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\playready"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/09/2012 at 20:01:52.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 09 November 2012 - 09:18 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 09:34 PM

2 MORE LOGS.

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/09/2012 08:22:16 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\User\Desktop\rkill\rkill-11-09-2012-08-22-20.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/09/2012 08:22:31 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)





"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cAudioFilterAgent" "Conexant High Definition Audio Filter Agent" "Conexant Systems, Inc." "c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe"
+ "DLBUCATS" "Timer DLL" "" "c:\windows\system32\spool\drivers\x64\3\dlbutime.dll"
+ "dlbumon.exe" "Lexmark Device Monitor" "Lexmark International, Inc." "c:\program files (x86)\dell photo aio printer 942\dlbumon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MemoryCardManager" "Memory Card Manager Executable" "" "c:\program files (x86)\dell photo aio printer 942\memcard.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "ISBMgr.exe" "" "Sony Corporation" "c:\program files (x86)\sony\isb utility\isbmgr.exe"
+ "PMBVolumeWatcher" "Media Check Tool" "Sony Corporation" "c:\program files (x86)\sony\pmb\pmbvolumewatcher.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HP Deskjet 3050A J611 series (NET)" "ScanToPCActivationApp" "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 3050a j611 series\bin\scantopcactivationapp.exe"
+ "MobileDocuments" "" "" "File not found: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "AddtoVAIOGate" "VAIOGateShellExt" "Sony Corporation" "c:\program files\sony\vaio gate\vaiogateshellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AddtoVAIOGate" "VAIOGateShellExt" "Sony Corporation" "c:\program files\sony\vaio gate\vaiogateshellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\DDNi Startup" "DDNiStartup" "Digital Delivery Networks, Inc." "c:\program files (x86)\ddni\oasis\ddnistartup.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-489034676-3493072374-2434411950-1005Core" "Google Installer" "Google Inc." "c:\users\User\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-489034676-3493072374-2434411950-1005UA" "Google Installer" "Google Inc." "c:\users\User\appdata\local\google\update\googleupdate.exe"
+ "\HP Photo Creations Messager" "" "" "c:\programdata\hp photo creations\messagecheck.exe"
+ "\HPCustParticipation HP Deskjet 3050A J611 series" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 3050a j611 series\bin\hpcustpartic.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Scheduled Update for Ask Toolbar" "" "" "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"
+ "\Sony Corporation\VAIO Care\VAIO Care" "VAIO Care" "Sony Corporation" "c:\program files\sony\vaio care\vcsystray.exe"
+ "\Sony Corporation\VAIO Care\VCOneClick" "VCOneClick" "Sony Corporation" "c:\program files\sony\vaio care\vconeclick.exe"
+ "\Sony Corporation\VAIO Smart Network\VSN Logon Start" "VAIO Smart Network" "Sony Corporation" "c:\program files\sony\vaio smart network\vsnclient.exe"
+ "\Sony Corporation\VAIO Update\Launch Application" "ShellExeProxy.exe" "Sony Corporation" "c:\program files\sony\vaio update 5\shellexeproxy.exe"
+ "\Sony Corporation\VAIO Update\VAIO Update 5" "VAIO Update" "Sony Corporation" "c:\program files\sony\vaio update 5\vaioupdt.exe"
+ "\SONY\VAIO Gate\VAIO Gate" "VAIO Gate" "Sony Corporation" "c:\program files\sony\vaio gate\vaio gate.exe"
+ "\VAIO® Messenger (Administrator)" "VAIO Messenger" "Digital Delivery Networks, Inc." "c:\program files (x86)\ddni\oasis\vaio messenger.exe"
+ "\VAIO® Messenger (User)" "VAIO Messenger" "Digital Delivery Networks, Inc." "c:\program files (x86)\ddni\oasis\vaio messenger.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files (x86)\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "dlbu_device" "Printer Communication System" " " "c:\windows\system32\dlbucoms.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IconMan_R" "Realtek Card Reader Icon Tool." "Realsil Microelectronics Inc." "c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "Oasis2Service" "DDNI Oasis 2 Services" "Digital Delivery Networks, Inc." "c:\program files (x86)\ddni\oasis2service\oasis2service.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PMBDeviceInfoProvider" "Enables PMB to communicate with the device." "Sony Corporation" "c:\program files (x86)\sony\pmb\pmbdeviceinfoprovider.exe"
+ "SampleCollector" "Checks the systems performance for VAIO Care." "Sony Corporation" "c:\program files\sony\vaio care\vcperfservice.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "SOHCImp" "VAIO Content Importer" "Sony Corporation" "c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe"
+ "SOHDs" "VAIO Device Searcher" "Sony Corporation" "c:\program files (x86)\common files\sony shared\sohlib\sohds.exe"
+ "SpfService" "VAIO Entertainment Common Service" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\spf\spfservice64.exe"
+ "uCamMonitor" "Monitor the status of the webcam on PC startup." "ArcSoft, Inc." "c:\program files (x86)\arcsoft\magic-i visual effects 2\ucammonitor.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "VAIO Event Service" "Provides the hardware event managing service for VAIO. During termination of this service, some fuctions such as Special button ,Hotkey ,and VAIO original powermanagement are limited." "Sony Corporation" "c:\program files (x86)\sony\vaio event service\vesmgr.exe"
+ "VCFw" "VAIO Content Folder Watcher" "Sony Corporation" "c:\program files (x86)\common files\sony shared\vaio content folder watcher\vcfw.exe"
+ "VcmIAlzMgr" "Provides the content analysis function used with VAIO original software." "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe"
+ "VcmINSMgr" "Provides the information retrieval service function used with VAIO original software." "Sony Corporation" "c:\program files\sony\vcm intelligent network service manager\vcminsmgr.exe"
+ "VcmXmlIfHelper" "VcmXml Helper Interface" "Sony Corporation" "c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper64.exe"
+ "VCService" "Provides important VAIO Care functionality. If this service is stopped or disabled, VAIO Care may not function correctly." "Sony Corporation" "c:\program files\sony\vaio care\vcservice.exe"
+ "VSNService" "VAIO Smart Network Service" "Sony Corporation" "c:\program files\sony\vaio smart network\vsnservice.exe"
+ "VUAgent" "Agent for VAIO Update." "Sony Corporation" "c:\program files\sony\vaio update 5\vuagent.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "ArcSoftKsUFilter" "For X64" "ArcSoft, Inc." "c:\windows\system32\drivers\arcsoftksufilter.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "e1yexpress" "Intel® Gigabit Network Connection NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1y60x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "jbptlqke" "" "" "File not found: C:\Windows\system32\drivers\jbptlqke.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 185.93 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SFEP" "Sony Firmware Extension Parser driver" "Sony Corporation" "c:\windows\system32\drivers\sfep.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "VAIO Content Metadata Univ Filter" "DirectShow Filter for VCM Intelligent Analyzing Manager" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmsmplcapflt.ax"
+ "VcmIAlzGPDFilter" "VCM Intelligent Analyzing Manager GPD Library" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzgpdfilter.ax"
+ "VcmIAlzGPDFilter2" "VCM Intelligent Analyzing Manager GPD Library" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzgpdfilter2.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon64.dll"
+ "Dell 942 Port" "Printer Communication System" " " "c:\windows\system32\dlbulmpm.dll"
+ "HP a011 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinkstsa011lm.dll"
+ "HP Discovery Port Monitor (HP Deskjet 3050A J611 series)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopma011.dll"
+ "Photo AIO Printer 942 Port" "Printer Communication System" " " "c:\windows\system32\dlbulmpm.dll"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 09 November 2012 - 09:36 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#10 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 09 November 2012 - 11:15 PM

Followed all the instructions in your last post.
Thanks so much.
Obviously there were some things I missed that needed to be addressed/removed and I really appreciate it.
I believe that the PC is about as clean as it's going to get but I'm still getting the "working in background" animation more than I think I should.
For Example: Just clicking on "show hidden icons" in the task bar and then somewhere else to get rid of it causes the animation to show for 5 seconds or so. It does seem to do so less and less the longer the computer is on. I'm not sure what's causing that but I think I'm good.
Thanks again.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 10 November 2012 - 01:18 AM

Try a clean boot

http://www.askdrtech.com/solutions/post/How-to-perform-a-clean-startup-%28clean-boot%29-in-Windows-7.aspx

Reboot the PC,any changes?

#12 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 10 November 2012 - 10:28 AM

Thanks for the tip but the "working in background" animation apparently was being caused by some HP digital imaging startup item. I disabled it in msconfig and it's not doing it now.
One more time, thanks.
Ok to close this thread.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 10 November 2012 - 12:18 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users