atsun12
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by atsun12
-
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Will do. Thank you again for your assistance ! -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Runs okay, no problems as far as i can tell. -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
attached. mbar-log-2014-03-23 (12-21-47).txt system-log.txt -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
ComboFix 14-03-23.01 - Aaron 03/22/2014 22:45:47.4.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2371 [GMT -7:00] Running from: c:\users\Aaron\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . . ((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 ))))))))))))))))))))))))))))))) . . 2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-20 05:22 . 2014-03-21 22:02 -------- d-----w- C:\FRST 2014-03-19 05:24 . 2014-03-19 05:24 -------- d-----w- c:\users\Aaron\AppData\Roaming\AVAST Software 2014-03-19 05:19 . 2014-03-19 05:19 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-03-19 05:00 . 2014-03-19 05:00 -------- d-----w- c:\windows\ERUNT 2014-03-19 04:15 . 2014-03-19 04:44 -------- d-----w- C:\AdwCleaner 2014-03-12 04:43 . 2014-02-23 08:11 2648576 ----a-w- c:\windows\system32\iertutil.dll 2014-03-12 04:40 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 04:40 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 04:40 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2014-03-12 04:40 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-03-12 04:40 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 04:40 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 04:40 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 04:40 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 05:19 . 2013-04-06 17:33 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-19 05:19 . 2013-04-06 17:33 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-19 05:19 . 2012-06-22 03:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-19 05:19 . 2012-06-22 03:25 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-03-19 05:19 . 2012-06-22 03:25 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-19 05:19 . 2012-06-22 03:25 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-19 05:19 . 2012-06-22 03:25 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-03-19 05:19 . 2012-06-22 03:24 43152 ----a-w- c:\windows\avastSS.scr 2014-03-12 04:44 . 2009-11-05 00:38 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-03-12 03:50 . 2012-11-26 09:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50 . 2012-11-26 09:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-01-22 13:52 . 2012-06-22 03:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-24 23:09 . 2014-02-12 03:02 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48 . 2014-02-12 03:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-07-13 09:22 . 2013-07-13 09:22 4188160 ----a-w- c:\program files (x86)\GUT787B.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] "AmazonMP3DownloaderHelper"="c:\users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 400704] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288] "VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMAAD"="c:\program files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 110592] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-19 3767096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ICScsiSV;Image Converter SCSI Service;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x] R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MUsbFltr;BUFFALO Tilt Mouse;c:\windows\system32\drivers\MUsbFltr.sys;c:\windows\SYSNATIVE\drivers\MUsbFltr.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Contents of the 'Scheduled Tasks' folder . 2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 03:50] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-19 05:19 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: ticketmaster.com\www TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias] @="" "0"="ActionsPane Schema for Add-Ins" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2014-03-22 23:13:24 ComboFix-quarantined-files.txt 2014-03-23 06:13 . Pre-Run: 176,388,198,400 bytes free Post-Run: 176,313,192,448 bytes free . - - End Of File - - 386F9DC554EA3636347F19273B215BE0 5C616939100B85E558DA92B899A0FC36 -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Aaron at 2014-03-21 15:02:31 Run:2 Running from C:\Users\Aaron\Desktop\Fix Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 [X] SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key not found. HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => Key not found. "C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found. "C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. ==== End of Fixlog ==== -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
FRST.txt and Addition.txt attached to keep post clean. FRST.txt Addition.txt -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Aaron :: HIMITSU2 [administrator] 3/19/2014 10:28:01 PM mbam-log-2014-03-19 (22-28-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245131 Time elapsed: 8 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x64 Ran by Aaron on Tue 03/18/2014 at 22:00:49.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\freerip" Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{0120E248-D3C3-4182-B2F7-4F04F4941E56} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{23FF907A-7185-4B7C-8D18-F04F02BD8C3B} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{4E977F02-1E03-4819-B5EC-72E5EA0FBAC0} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{60CBB7CF-6D81-43C9-971F-554DAD54AB95} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{72518A99-5812-415E-8CCC-767CC219C69C} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{89187F7E-FC59-46C7-A8EC-E7E8B419BD91} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{94CF4B33-9386-48E2-B544-938FB36CDCDE} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{963C2EA0-EB8E-4B61-B109-26E82053FB75} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D958EA2C-502F-4C72-B8F1-162F757E9208} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D9DD71B7-9CCA-49C5-85F6-D322A7BF5FE9} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{DDC79F3D-DE8B-48B4-81C9-526D681536DF} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{F3B32CF9-20F2-411E-B377-6CD89CB4AE0E} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/18/2014 at 22:08:18.36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
# AdwCleaner v3.022 - Report created 18/03/2014 at 21:44:49 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Aaron - HIMITSU2 # Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Partner Service ***** [ Files / Folders ] ***** [x] Not Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\Partner [x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3 [x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec [x] Not Deleted : C:\Program Files (x86)\FreeRIP3 [x] Not Deleted : C:\Program Files (x86)\myfree codec Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\Program Files (x86)\Common Files\Spigot Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Aaron\AppData\LocalLow\PriceGong ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32 [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Myfree Codec Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Conduit [x] Not Deleted : HKLM\Software\Myfree Codec Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\systweak [x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility [x] Not Deleted : [x64] HKCU\Software\Myfree Codec Key Deleted : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Google Chrome v [ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6317 octets] - [18/03/2014 21:28:38] AdwCleaner[s0].txt - [6317 octets] - [18/03/2014 21:44:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6377 octets] ########## -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
RK Report: RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Aaron [Admin rights] Mode : Scan -- Date : 03/18/2014 17:55:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 18 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578647892-2928166785-2268897593-1001\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS723232L9SA60 +++++ --- User --- [MBR] f5a946cb3c73b4d41171e2d4298cffcd [bSP] b4edb318e6463599526d3e324c234c7e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6310 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12924928 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13129728 | Size: 298833 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03182014_175526.txt >> -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Rogue Killer keeps BSODing my computer.. Here is the error report from Windows: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: 50 BCP1: FFFFFA800D978840 BCP2: 0000000000000001 BCP3: FFFFF88005868830 BCP4: 0000000000000002 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\031714-29125-01.dmp C:\Users\Aaron\AppData\Local\Temp\WER-61573-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Help ? -
I think I have spyware somewhere ?
atsun12 replied to atsun12's topic in Resolved Malware Removal Logs
Nothing detected, I did a scan and removal previously. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.17.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Aaron :: HIMITSU2 [administrator] 3/17/2014 5:57:00 PM mbam-log-2014-03-17 (17-57-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241710 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.51.2 Run by Aaron at 14:14:53 on 2014-03-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2071 [GMT -7:00] . . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Logitech\SolarApp\L4301_Solar.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Protector Suite\upeksvr.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Protector Suite\psqltray.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [AmazonMP3DownloaderHelper] C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\07F6E623 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\37471697F6E6C696E656 : DHCPNameServer = 172.16.0.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\84F657375602F66602C45656 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\D496B656 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{10FF0534-E749-4209-8B6B-59AB8650A830} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{9E496D44-0552-48DF-AF8E-708D23F5BA00} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-6 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-6 189936] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55024] R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-19 25120] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 378944] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-8-13 31136] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2012-8-4 100472] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-21 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-14 46808] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-10-27 411496] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-19 292864] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-17 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104] S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-6-9 24368] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-17 103576] S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2009-11-4 75952] S3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2009-11-4 67760] S3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\System32\drivers\MUsbFltr.sys [2007-4-18 12672] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-27 332272] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-27 167424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-17 204568] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2014-03-12 04:40:29 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-03-12 04:40:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-03-12 04:40:28 484864 ----a-w- C:\Windows\System32\wer.dll 2014-03-12 04:40:28 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 04:40:27 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 04:40:27 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 04:40:27 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 04:40:26 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype 2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec . ==================== Find3M ==================== . 2014-03-12 03:50:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-23 05:39:39 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-02-23 05:35:24 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2014-01-22 13:52:21 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-01-22 13:52:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-01-22 13:52:21 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-01-22 13:52:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-01-22 13:52:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-01-22 13:51:40 41664 ----a-w- C:\Windows\avastSS.scr 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-21 09:39:33 600064 ----a-w- C:\Windows\System32\vbscript.dll 2013-12-21 07:56:10 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-12-19 05:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-13 09:22:52 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp . ============= FINISH: 14:15:17.26 =============== Combofix.txt. ComboFix 14-03-13.01 - Aaron 03/15/2014 14:18:40.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2124 [GMT -7:00] Running from: C:\Users\Aaron\Desktop\ComboFix.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\prefs.js C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{845697C1-3AB3-435F-AF5D-7DEDB7D15FD3}.xps C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb C:\Windows\wininit.ini ((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 ))))))))))))))))))))))))))))))) 2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-03-12 04:43:59 . 2014-02-23 08:11:52 2648576 ----a-w- C:\Windows\system32\iertutil.dll 2014-03-12 04:40:29 . 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\system32\win32k.sys 2014-03-12 04:40:29 . 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\system32\wwansvc.dll 2014-03-12 04:40:28 . 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\system32\wer.dll 2014-03-12 04:40:28 . 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 04:40:27 . 2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\system32\WindowsCodecs.dll 2014-03-12 04:40:27 . 2014-02-04 02:32:12 624128 ----a-w- C:\Windows\system32\qedit.dll 2014-03-12 04:40:27 . 2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 04:40:26 . 2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----w- C:\Program Files (x86)\Common Files\Skype 2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype 2014-02-19 07:49:16 . 2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2014-03-12 04:44:52 . 2009-11-05 00:38:18 90015360 ----a-w- C:\Windows\system32\MRT.exe 2014-03-12 03:50:08 . 2012-11-26 09:18:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50:08 . 2012-11-26 09:18:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-01-22 13:52:21 . 2013-04-06 17:33:24 65336 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys 2014-01-22 13:52:21 . 2013-04-06 17:33:24 189936 ----a-w- C:\Windows\system32\drivers\aswVmm.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:45 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:42 72016 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:41 64288 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:40 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2014-01-22 13:52:19 . 2012-06-22 03:25:45 33400 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2014-01-22 13:52:19 . 2012-06-22 03:25:35 80816 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2014-01-22 13:51:40 . 2012-06-22 03:24:57 41664 ----a-w- C:\Windows\avastSS.scr 2014-01-22 13:51:08 . 2012-06-22 03:25:35 295544 ----a-w- C:\Windows\system32\aswBoot.exe 2013-12-24 23:09:41 . 2014-02-12 03:02:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 . 2014-02-12 03:02:57 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll 2013-12-21 09:39:33 . 2014-02-12 03:08:43 600064 ----a-w- C:\Windows\system32\vbscript.dll 2013-12-21 07:56:10 . 2014-02-12 03:08:43 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-12-19 05:09:39 . 2014-01-20 05:46:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-13 09:22:52 . 2013-07-13 09:22:38 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54:16 433648 ----a-w- C:\ProgramData\Partner\Partner.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 12:40:00 615808] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 23:43:26 59720] "AmazonMP3DownloaderHelper"="C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 20:37:02 400704] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 18:54:06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SmartWiHelper"="C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 23:45:44 80384] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 16:23:14 317288] "VMSwitch"="C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 03:45:34 538472] "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 18:50:42 155648] "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 05:38:56 623992] "googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648] "WMAAD"="C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 02:41:36 110592] "VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 11:44:11 85160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 09:57:28 35760] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 23:57:56 948672] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 19:27:46 89184] "EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 16:13:10 673616] "FUFAXSTM"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 07:00:00 843776] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 08:52:12 43848] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2014-01-22 13:51:33 4858968] "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 18:10:34 468112] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 11:03:04 641704] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 10:59:04 421888] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 16:16:26 254336] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 16:27:00 152392] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=2012.0.1831&mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328" [?] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49:36 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x] R3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x] R3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x] R3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\system32\drivers\MUsbFltr.sys;C:\Windows\SYSNATIVE\drivers\MUsbFltr.sys [x] R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe;C:\ProgramData\Partner\Partner.exe [x] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x] R3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe;C:\Program Files\Sony\VAIO Care\collsvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys;C:\Windows\SYSNATIVE\DRIVERS\shpf.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO64A.SYS;C:\Windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS;C:\Windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x] S2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [x] S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [x] S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys;C:\Windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys;C:\Windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys;C:\Windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys;C:\Windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] Contents of the 'Scheduled Tasks' folder 2014-03-15 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:18:20 . 2014-03-12 03:50:09] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job - C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job - C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54:16 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-22 13:51:06 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 04:34:01 7938080] "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 04:35:03 1833504] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-07-20 18:42:24 84744] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 22:04:36 2399632] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 17:42:10 2419512] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\system32\blank.htm IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: ticketmaster.com\www TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe END ! dds.txt attach.txt ComboFix.txt
-
it runs well but ESET detected stuff... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Aaron :: HIMITSU2 [administrator] 11/27/2012 6:00:31 PM mbam-log-2012-11-27 (18-00-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217159 Time elapsed: 4 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: C:\TDSSKiller_Quarantine\25.11.2012_17.45.15\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan C:\_OTL\MovedFiles\06222012_091010\C_Users\Aaron\AppData\Local\Apple\AOL\dqzev.dll a variant of Win32/Kryptik.AHOG trojan C:\_OTL\MovedFiles\06222012_091010\C_Windows\Installer\{88a3ef15-86f2-57de-1477-2fc96c2d87b1}\U\800000cb.@ Win64/Sirefef.T trojan
-
FSS report: Farbar Service Scanner Version: 09-11-2012 Ran by Aaron (administrator) on 26-11-2012 at 20:35:05 Running from "C:\Users\Aaron\Desktop\New folder (2)" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-13 17:34] - [2012-10-03 09:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
do you need any of the logs posted ?
-
Also, I restarted it in regular mode and there was a popup saying a command line from one of my registry entries could not be found (an .exe file, which I'm hoping/guessing was the trojan ?). So maybe it is clean now ?
-
It runs fine (I think), except all my programs are missing their shortcuts. There doesn't appear to be any lag or anything of the sort. I've been running all my scans in safe mode/networking. I had the whole switch to black background, and lost all my Start>All Programs shortcuts. The directories are there, but they are all empty. Is it cleaned, and I just need to try restarting or is there more work to be done ? FSS report: Farbar Service Scanner Version: 09-11-2012 Ran by Aaron (administrator) on 25-11-2012 at 19:31:48 Running from "C:\Users\Aaron\Desktop" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist. Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist. Unable to retrieve ServiceDll of MpsSvc. The value does not exist. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-13 17:34] - [2012-10-03 09:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** ADW log: # AdwCleaner v2.009 - Logfile created 11/25/2012 at 19:32:56 # Updated 24/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Aaron - HIMITSU2 # Boot Mode : Safe mode with networking # Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\Program Files (x86)\FreeRIP3 Folder Found : C:\ProgramData\FreeRIP Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3 Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Aaron\AppData\LocalLow\Conduit Folder Found : C:\Users\Aaron\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [1798 octets] - [25/11/2012 19:32:56] ########## EOF - C:\AdwCleaner[R1].txt - [1858 octets] ##########
-
DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16455 Run by Aaron at 19:17:09 on 2012-11-25 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2941 [GMT -8:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 mRunOnce: [51BA15F4-9FC3-4697-8F34-76E41CE1D6BE] cmd.exe /C start /D "C:\Users\Aaron\AppData\Local\Temp" /B 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE.exe -postboot StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: HideFastUserSwitching = dword:1 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.nevadadot.com/ACGM/Acgm.cab TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\07F6E623 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\84F657375602F66602C45656 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\D496B656 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{10FF0534-E749-4209-8B6B-59AB8650A830} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{9E496D44-0552-48DF-AF8E-708D23F5BA00} : DHCPNameServer = 172.16.0.1 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup x64-Run: [EmsService] EmsServiceHelper.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 CmgShieldCEF;CmgShieldCEF;C:\Windows\System32\drivers\CMGShCEF.sys [2009-7-31 338544] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55024] R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-19 25120] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2012-8-4 100472] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-17 395264] S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 969200] S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 359464] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-19 203264] S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-21 25232] S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 71600] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-5 44808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-9 23816] S2 EMS;EMS;EMSService.exe --> EMSService.exe [?] S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-10-27 411496] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104] S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-19 292864] S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2009-11-4 75952] S3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2009-11-4 67760] S3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\System32\drivers\MUsbFltr.sys [2007-4-18 12672] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-27 332272] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-27 167424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2012-11-26 03:16:32 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-26 02:39:44 98816 ----a-w- C:\Windows\sed.exe 2012-11-26 02:39:44 256000 ----a-w- C:\Windows\PEV.exe 2012-11-26 02:39:44 208896 ----a-w- C:\Windows\MBR.exe 2012-11-26 01:46:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-25 03:14:51 -------- d-----w- C:\Users\Aaron\AppData\Local\{4E977F02-1E03-4819-B5EC-72E5EA0FBAC0} 2012-11-14 01:48:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 01:48:16 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-14 01:48:16 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-14 01:48:16 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-14 01:37:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-14 01:37:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-14 01:37:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-14 01:37:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-14 01:37:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-14 01:37:46 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 01:37:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-14 01:33:40 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-14 01:33:40 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-09 07:11:46 53248 ----a-r- C:\Users\Aaron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-11-09 07:11:29 -------- d-----w- C:\Users\Aaron\AppData\Local\Logishrd 2012-11-09 07:10:21 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-11-09 07:04:18 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility 2012-11-09 06:57:26 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Logishrd . ==================== Find3M ==================== . 2012-11-26 01:48:04 328704 ----a-w- C:\Windows\System32\services.exe 2012-11-21 00:38:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-21 00:38:35 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-18 09:32:44 55096 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll 2012-09-18 09:32:32 78648 ----a-w- C:\Windows\System32\drivers\LEqdUsb.sys 2012-09-18 09:32:32 75064 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys 2012-09-18 09:32:32 61240 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys 2012-09-18 09:32:32 1845560 ----a-w- C:\Windows\System32\LkmdfCoInst.dll 2012-09-18 09:32:32 15160 ----a-w- C:\Windows\System32\drivers\LHidEqd.sys 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 19:17:25.94 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/4/2009 5:20:29 PM System Uptime: 11/25/2012 5:48:00 PM (2 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | N/A | 2526/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 292 GiB total, 120.139 GiB free. D: is Removable E: is Removable F: is CDROM () G: is Removable K: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: avast! Network Shield Support Device ID: ROOT\LEGACY_ASWTDI\0000 Manufacturer: Name: avast! Network Shield Support PNP Device ID: ROOT\LEGACY_ASWTDI\0000 Service: aswTdi . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Add or Remove Adobe Creative Suite 3 Design Premium Adobe Acrobat 8 Professional Adobe Acrobat 8.1.5 - CPSID_49013 Adobe Acrobat 8.1.5 Professional Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Design Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 11 ActiveX Adobe Flash Player 9 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 1.0 Adobe Premiere Elements 8.0 Adobe Reader 9.3.1 Adobe Setup Adobe Shockwave Player 11.5 Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash AIM 7 AOL Messaging Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update Application Manager for VAIO ArcSoft WebCam Companion 3 ATI Catalyst Install Manager Audacity 1.2.6 avast! Free Antivirus BatteryBar (remove only) BBSAK BitTorrent BlackBerry App World Browser Plugin BlackBerry Desktop Software 7.1 BlackBerry Device Software Updater BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone Bonjour BurnAware Professional 2.4.4 Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MP Navigator EX 5.1 Canon MX890 series MP Drivers Canon MX890 series User Registration Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Click to Disc Click to Disc Editor Combined Community Codec Pack 2011-11-11 Compatibility Pack for the 2007 Office system CPUID CPU-Z 1.60.1 CREDANT EMS 64-bit D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diablo III Download Updater (AOL Inc.) DVD Shrink 3.2 EPSON Artisan 810 Series Printer Uninstall Epson Event Manager Epson FAX Utility Epson PC-FAX Driver Epson Print CD EPSON Scan EpsonNet Print EpsonNet Setup eReg erLT ERUNT 1.1j EVE-ONLINE (remove only) Everyday Auto Backup 2.0 ffdshow (remove only) FreeRIP v3.66 Google Earth Google Quick Search Box Google Talk (remove only) Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.6 HDAUDIO SoftV92 Data Fax Modem with SmartCP Image Converter 3 ImgBurn Intel® Matrix Storage Manager iTunes Java 6 Update 24 Java 7 Update 5 (64-bit) Java SE Development Kit 6 Update 15 (64-bit) Juniper Networks Secure Application Manager Juniper Networks Setup Client Juniper Networks Setup Client Activex Control Junk Mail filter update LAME v3.98.2 for Audacity LexisNexis® CD on Folio® 4 Logitech SetPoint 6.51 Malwarebytes Anti-Malware version 1.65.1.1000 Marvell Miniport Driver Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft AppLocale Microsoft IntelliPoint 8.1 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Application Compatibility Database MixMeister BPM Analyzer 1.0 Move Media Player Mp3tag v2.49b MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyDefrag v4.3.1 Noiseware Standard Edition OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PC Wizard 2012.2.0 PDF Manual NW-A800 Series PDF Settings Picasa 3 PlayReady PC Runtime amd64 Protector Suite 2009 Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver SDFormatter Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Setting Utility Series Skype Toolbars Skype™ 5.10 SmartSound Quicktracks for Premiere Elements 8.0 SmartWi Connection Utility SonicStage 4.3 Sony Video Shared Library Synaptics Pointing Device Driver Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Event Service VAIO Help and Support VAIO Mode Switch VAIO OOBE and Startup Assistant VAIO Power Management VAIO Presentation Support VAIO Update 4 VAIO Wallpaper Contents Ventrilo Client Ventrilo Server Video Downloader VirtualCloneDrive Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VLC media player 2.0.4 WALKMAN Launcher WIDCOMM Bluetooth Software Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 11/25/2012 6:54:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/25/2012 6:52:06 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/25/2012 6:40:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/25/2012 6:39:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/25/2012 5:48:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/25/2012 5:48:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/25/2012 5:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/25/2012 5:48:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/25/2012 5:48:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache ElbyCDIO spldr Wanarpv6 11/25/2012 5:48:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 11/25/2012 5:48:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 11/25/2012 5:48:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/25/2012 2:55:52 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 11/25/2012 2:55:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 11/25/2012 2:45:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 11/25/2012 2:45:19 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 11/25/2012 2:45:19 PM, Error: atikmdag [43029] - Display is not active 11/25/2012 2:03:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80076d9b30, 0xfffffa80076d9e10, 0xfffff80003996460). A dump was saved in: C:\Windows\Minidump\112512-24757-01.dmp. Report Id: 112512-24757-01. 11/25/2012 1:53:27 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 11/25/2012 1:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. . ==== End Of File ===========================
-
Thanks for your help. Hopefully it wont be too much damage. Combofix Report: ComboFix 12-11-25.01 - Aaron 11/25/2012 18:41:27.1.2 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.3227 [GMT -8:00] Running from: c:\users\Aaron\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\sqj.pad c:\windows\apppatch\AppLoc.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 ))))))))))))))))))))))))))))))) . . 2012-11-26 02:52 . 2012-11-26 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-26 01:46 . 2012-11-26 01:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-26 01:36 . 2012-11-26 01:36 -------- d-----w- c:\program files (x86)\ERUNT 2012-11-14 01:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 01:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 01:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 01:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 01:37 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 01:37 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 01:37 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 01:37 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 01:37 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 01:37 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 01:37 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-14 01:33 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-14 01:33 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-09 07:11 . 2012-11-09 07:11 53248 ----a-r- c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-11-09 07:11 . 2012-11-09 07:11 -------- d-----w- c:\users\Aaron\AppData\Local\Logishrd 2012-11-09 07:10 . 2012-11-10 06:05 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-09 07:09 . 2012-11-09 07:12 -------- d-----w- c:\programdata\Logitech 2012-11-09 07:09 . 2012-11-09 07:11 -------- d-----w- c:\programdata\Logishrd 2012-11-09 07:09 . 2012-11-09 07:09 -------- d-----w- c:\program files\Logitech 2012-11-09 07:08 . 2012-11-09 07:11 -------- d-----w- c:\program files\Common Files\Logishrd 2012-11-09 07:04 . 2012-11-09 07:04 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility 2012-11-09 06:57 . 2012-11-09 06:57 -------- d-----w- c:\users\Aaron\AppData\Roaming\Logishrd . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-26 01:48 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe 2012-11-21 00:38 . 2012-03-30 06:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-21 00:38 . 2011-06-14 05:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-14 01:39 . 2009-11-05 00:38 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-09-30 03:54 . 2009-11-05 05:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-18 09:32 . 2012-09-18 09:32 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll 2012-09-18 09:32 . 2012-09-18 09:32 78648 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys 2012-09-18 09:32 . 2012-09-18 09:32 75064 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2012-09-18 09:32 . 2012-09-18 09:32 61240 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2012-09-18 09:32 . 2012-09-18 09:32 1845560 ----a-w- c:\windows\system32\LkmdfCoInst.dll 2012-09-18 09:32 . 2012-09-18 09:32 15160 ----a-w- c:\windows\system32\drivers\LHidEqd.sys 2012-09-14 19:19 . 2012-10-10 01:15 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 01:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 01:08 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 01:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 01:14 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 01:14 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54 433648 ----a-w- c:\programdata\Partner\Partner.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] 2012-11-04 17:42 366904 ----a-w- c:\program files\Logitech\SetPointP\32-bit\SetPointSmooth.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408] "Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392] "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288] "VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMAAD"="c:\program files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 110592] "Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-12 122880] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=2012.0.1831&mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328" [?] "51BA15F4-9FC3-4697-8F34-76E41CE1D6BE"="start" [X] . c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49 98304 ------w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816] R2 EMS;EMS;EMSService.exe [x] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104] R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864] R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632] R3 ICScsiSV;Image Converter SCSI Service;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952] R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760] R3 MUsbFltr;BUFFALO Tilt Mouse;c:\windows\system32\drivers\MUsbFltr.sys [2007-04-18 12672] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-10-27 332272] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] R3 RTCore64;RTCore64;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1255736] S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2009-07-31 338544] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-17 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 11692322 *NewlyCreated* - 66463596 *Deregistered* - 11692322 *Deregistered* - 66463596 . Contents of the 'Scheduled Tasks' folder . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:38] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744] "EmsService"="EmsServiceHelper.exe" [2009-07-31 2295656] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: ticketmaster.com\www TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe SafeBoot-11692322.sys HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-25 18:57:27 ComboFix-quarantined-files.txt 2012-11-26 02:57 . Pre-Run: 128,431,398,912 bytes free Post-Run: 128,903,831,552 bytes free . - - End Of File - - DDBBA2E6FDC66E7A3A3C51FBE8D312F1
-
Any help is much appreciated, thank you !!! aswMBR Report: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-25 17:41:01 ----------------------------- 17:41:01.421 OS Version: Windows x64 6.1.7601 Service Pack 1 17:41:01.421 Number of processors: 2 586 0x170A 17:41:01.421 ComputerName: HIMITSU2 UserName: Aaron 17:41:02.045 Initialize success 17:41:02.092 AVAST engine defs: 12112501 17:41:09.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:41:09.221 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3 17:41:09.237 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007c 17:41:09.237 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0 17:41:09.237 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007d 17:41:09.237 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0 17:41:09.268 Disk 0 MBR read successfully 17:41:09.268 Disk 0 MBR scan 17:41:09.268 Disk 0 Windows VISTA default MBR code 17:41:09.283 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6310 MB offset 2048 17:41:09.299 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 12924928 17:41:09.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298833 MB offset 13129728 17:41:09.315 Disk 0 scanning C:\Windows\system32\drivers 17:41:17.395 Service scanning 17:41:43.557 Modules scanning 17:41:43.557 Scan finished successfully 17:42:26.145 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat" 17:42:26.145 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt" TDSS Report 17:45:15.0356 1700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:45:15.0871 1700 ============================================================ 17:45:15.0871 1700 Current date / time: 2012/11/25 17:45:15.0871 17:45:15.0871 1700 SystemInfo: 17:45:15.0871 1700 17:45:15.0871 1700 OS Version: 6.1.7601 ServicePack: 1.0 17:45:15.0871 1700 Product type: Workstation 17:45:15.0871 1700 ComputerName: HIMITSU2 17:45:15.0871 1700 UserName: Aaron 17:45:15.0871 1700 Windows directory: C:\Windows 17:45:15.0871 1700 System windows directory: C:\Windows 17:45:15.0871 1700 Running under WOW64 17:45:15.0871 1700 Processor architecture: Intel x64 17:45:15.0871 1700 Number of processors: 2 17:45:15.0871 1700 Page size: 0x1000 17:45:15.0871 1700 Boot type: Safe boot with network 17:45:15.0871 1700 ============================================================ 17:45:17.0696 1700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:45:17.0696 1700 ============================================================ 17:45:17.0696 1700 \Device\Harddisk0\DR0: 17:45:17.0712 1700 MBR partitions: 17:45:17.0712 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC53800, BlocksNum 0x32000 17:45:17.0712 1700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC85800, BlocksNum 0x247A8AB0 17:45:17.0712 1700 ============================================================ 17:45:17.0774 1700 C: <-> \Device\Harddisk0\DR0\Partition2 17:45:17.0774 1700 ============================================================ 17:45:17.0774 1700 Initialize success 17:45:17.0774 1700 ============================================================ 17:45:24.0857 1124 ============================================================ 17:45:24.0857 1124 Scan started 17:45:24.0857 1124 Mode: Manual; 17:45:24.0857 1124 ============================================================ 17:45:25.0075 1124 ================ Scan system memory ======================== 17:45:25.0075 1124 System memory - ok 17:45:25.0075 1124 ================ Scan services ============================= 17:45:25.0340 1124 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:45:25.0340 1124 1394ohci - ok 17:45:25.0403 1124 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys 17:45:25.0403 1124 61883 - ok 17:45:25.0559 1124 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 17:45:25.0559 1124 ACDaemon - ok 17:45:25.0606 1124 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:45:25.0621 1124 ACPI - ok 17:45:25.0621 1124 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:45:25.0621 1124 AcpiPmi - ok 17:45:25.0777 1124 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe 17:45:25.0777 1124 Adobe Version Cue CS3 - ok 17:45:25.0918 1124 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:45:25.0918 1124 AdobeFlashPlayerUpdateSvc - ok 17:45:25.0980 1124 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:45:25.0996 1124 adp94xx - ok 17:45:26.0011 1124 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:45:26.0027 1124 adpahci - ok 17:45:26.0027 1124 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:45:26.0027 1124 adpu320 - ok 17:45:26.0120 1124 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:45:26.0120 1124 AeLookupSvc - ok 17:45:26.0183 1124 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:45:26.0198 1124 AFD - ok 17:45:26.0230 1124 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:45:26.0230 1124 agp440 - ok 17:45:26.0245 1124 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:45:26.0261 1124 ALG - ok 17:45:26.0261 1124 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:45:26.0276 1124 aliide - ok 17:45:26.0323 1124 [ 322A2C5D390109A4E50679AB58DEA870 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:45:26.0339 1124 AMD External Events Utility - ok 17:45:26.0339 1124 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:45:26.0339 1124 amdide - ok 17:45:26.0401 1124 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:45:26.0401 1124 AmdK8 - ok 17:45:26.0401 1124 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:45:26.0417 1124 AmdPPM - ok 17:45:26.0479 1124 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:45:26.0479 1124 amdsata - ok 17:45:26.0479 1124 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:45:26.0495 1124 amdsbs - ok 17:45:26.0526 1124 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:45:26.0526 1124 amdxata - ok 17:45:26.0557 1124 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:45:26.0557 1124 AppID - ok 17:45:26.0588 1124 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:45:26.0588 1124 AppIDSvc - ok 17:45:26.0651 1124 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:45:26.0651 1124 Appinfo - ok 17:45:26.0822 1124 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:45:26.0822 1124 Apple Mobile Device - ok 17:45:26.0885 1124 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 17:45:26.0885 1124 AppMgmt - ok 17:45:26.0947 1124 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:45:26.0947 1124 arc - ok 17:45:26.0947 1124 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:45:26.0963 1124 arcsas - ok 17:45:27.0041 1124 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 17:45:27.0041 1124 aswFsBlk - ok 17:45:27.0041 1124 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 17:45:27.0056 1124 aswMonFlt - ok 17:45:27.0056 1124 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 17:45:27.0056 1124 aswRdr - ok 17:45:27.0088 1124 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 17:45:27.0103 1124 aswSnx - ok 17:45:27.0150 1124 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys 17:45:27.0166 1124 aswSP - ok 17:45:27.0212 1124 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 17:45:27.0212 1124 aswTdi - ok 17:45:27.0244 1124 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:45:27.0259 1124 AsyncMac - ok 17:45:27.0290 1124 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:45:27.0290 1124 atapi - ok 17:45:27.0337 1124 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys 17:45:27.0368 1124 athr - ok 17:45:27.0493 1124 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:45:27.0571 1124 atikmdag - ok 17:45:27.0665 1124 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:45:27.0680 1124 AudioEndpointBuilder - ok 17:45:27.0696 1124 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:45:27.0696 1124 AudioSrv - ok 17:45:27.0836 1124 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 17:45:27.0836 1124 avast! Antivirus - ok 17:45:27.0899 1124 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys 17:45:27.0899 1124 Avc - ok 17:45:27.0977 1124 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:45:27.0977 1124 AxInstSV - ok 17:45:28.0055 1124 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:45:28.0055 1124 b06bdrv - ok 17:45:28.0102 1124 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:45:28.0102 1124 b57nd60a - ok 17:45:28.0164 1124 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:45:28.0164 1124 BDESVC - ok 17:45:28.0195 1124 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:45:28.0195 1124 Beep - ok 17:45:28.0258 1124 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:45:28.0320 1124 BITS - ok 17:45:28.0336 1124 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:45:28.0336 1124 blbdrive - ok 17:45:28.0429 1124 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:45:28.0429 1124 Bonjour Service - ok 17:45:28.0492 1124 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:45:28.0492 1124 bowser - ok 17:45:28.0538 1124 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:45:28.0538 1124 BrFiltLo - ok 17:45:28.0538 1124 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:45:28.0538 1124 BrFiltUp - ok 17:45:28.0601 1124 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys 17:45:28.0601 1124 Bridge - ok 17:45:28.0616 1124 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:45:28.0632 1124 BridgeMP - ok 17:45:28.0679 1124 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:45:28.0679 1124 Browser - ok 17:45:28.0694 1124 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:45:28.0694 1124 Brserid - ok 17:45:28.0694 1124 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:45:28.0710 1124 BrSerWdm - ok 17:45:28.0710 1124 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:45:28.0710 1124 BrUsbMdm - ok 17:45:28.0726 1124 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:45:28.0726 1124 BrUsbSer - ok 17:45:28.0788 1124 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:45:28.0788 1124 BthEnum - ok 17:45:28.0804 1124 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:45:28.0804 1124 BTHMODEM - ok 17:45:28.0819 1124 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:45:28.0819 1124 BthPan - ok 17:45:28.0882 1124 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:45:28.0882 1124 BTHPORT - ok 17:45:28.0944 1124 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:45:28.0944 1124 bthserv - ok 17:45:28.0960 1124 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:45:28.0960 1124 BTHUSB - ok 17:45:29.0006 1124 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 17:45:29.0006 1124 btwaudio - ok 17:45:29.0053 1124 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 17:45:29.0053 1124 btwavdt - ok 17:45:29.0131 1124 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:45:29.0147 1124 btwdins - ok 17:45:29.0162 1124 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 17:45:29.0162 1124 btwl2cap - ok 17:45:29.0162 1124 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 17:45:29.0162 1124 btwrchid - ok 17:45:29.0225 1124 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys 17:45:29.0225 1124 CAXHWAZL - ok 17:45:29.0240 1124 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:45:29.0240 1124 cdfs - ok 17:45:29.0318 1124 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 17:45:29.0318 1124 cdrom - ok 17:45:29.0381 1124 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:45:29.0381 1124 CertPropSvc - ok 17:45:29.0412 1124 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:45:29.0428 1124 circlass - ok 17:45:29.0459 1124 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:45:29.0474 1124 CLFS - ok 17:45:29.0568 1124 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:45:29.0568 1124 clr_optimization_v2.0.50727_32 - ok 17:45:29.0615 1124 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:45:29.0615 1124 clr_optimization_v2.0.50727_64 - ok 17:45:29.0740 1124 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:45:29.0786 1124 clr_optimization_v4.0.30319_32 - ok 17:45:29.0818 1124 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:45:29.0818 1124 clr_optimization_v4.0.30319_64 - ok 17:45:29.0864 1124 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:45:29.0880 1124 CmBatt - ok 17:45:29.0911 1124 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:45:29.0911 1124 cmdide - ok 17:45:29.0974 1124 [ B1AC6CFD33EC67AD3D08A15A453FD60F ] CmgShieldCEF C:\Windows\system32\DRIVERS\CMGShCEF.sys 17:45:29.0989 1124 CmgShieldCEF - ok 17:45:30.0036 1124 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:45:30.0052 1124 CNG - ok 17:45:30.0052 1124 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:45:30.0052 1124 Compbatt - ok 17:45:30.0098 1124 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:45:30.0098 1124 CompositeBus - ok 17:45:30.0114 1124 COMSysApp - ok 17:45:30.0176 1124 cpuz134 - ok 17:45:30.0254 1124 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys 17:45:30.0254 1124 cpuz135 - ok 17:45:30.0270 1124 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:45:30.0286 1124 crcdisk - ok 17:45:30.0332 1124 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:45:30.0332 1124 CryptSvc - ok 17:45:30.0426 1124 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 17:45:30.0442 1124 CSC - ok 17:45:30.0473 1124 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 17:45:30.0488 1124 CscService - ok 17:45:30.0551 1124 [ 7F61FBE259C18666D8DDF862F13A5EB0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 17:45:30.0566 1124 dc3d - ok 17:45:30.0613 1124 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:45:30.0629 1124 DcomLaunch - ok 17:45:30.0691 1124 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:45:30.0691 1124 defragsvc - ok 17:45:30.0754 1124 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:45:30.0754 1124 DfsC - ok 17:45:30.0785 1124 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:45:30.0785 1124 Dhcp - ok 17:45:30.0847 1124 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:45:30.0847 1124 discache - ok 17:45:30.0878 1124 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:45:30.0878 1124 Disk - ok 17:45:30.0941 1124 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:45:30.0941 1124 Dnscache - ok 17:45:31.0003 1124 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:45:31.0003 1124 dot3svc - ok 17:45:31.0050 1124 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:45:31.0066 1124 DPS - ok 17:45:31.0081 1124 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:45:31.0081 1124 drmkaud - ok 17:45:31.0144 1124 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:45:31.0159 1124 DXGKrnl - ok 17:45:31.0206 1124 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:45:31.0206 1124 EapHost - ok 17:45:31.0300 1124 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:45:31.0346 1124 ebdrv - ok 17:45:31.0393 1124 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:45:31.0393 1124 EFS - ok 17:45:31.0487 1124 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:45:31.0502 1124 ehRecvr - ok 17:45:31.0534 1124 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:45:31.0534 1124 ehSched - ok 17:45:31.0627 1124 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 17:45:31.0627 1124 ElbyCDIO - ok 17:45:31.0705 1124 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:45:31.0705 1124 elxstor - ok 17:45:31.0721 1124 EMS - ok 17:45:31.0830 1124 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 17:45:31.0830 1124 EpsonBidirectionalService - ok 17:45:31.0830 1124 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:45:31.0830 1124 ErrDev - ok 17:45:31.0924 1124 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:45:31.0924 1124 EventSystem - ok 17:45:31.0955 1124 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:45:31.0955 1124 exfat - ok 17:45:31.0970 1124 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:45:31.0986 1124 fastfat - ok 17:45:32.0048 1124 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:45:32.0064 1124 Fax - ok 17:45:32.0064 1124 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:45:32.0064 1124 fdc - ok 17:45:32.0126 1124 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:45:32.0126 1124 fdPHost - ok 17:45:32.0142 1124 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:45:32.0142 1124 FDResPub - ok 17:45:32.0189 1124 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:45:32.0189 1124 FileInfo - ok 17:45:32.0189 1124 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:45:32.0189 1124 Filetrace - ok 17:45:32.0251 1124 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:45:32.0267 1124 FLEXnet Licensing Service - ok 17:45:32.0282 1124 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:45:32.0282 1124 flpydisk - ok 17:45:32.0345 1124 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:45:32.0345 1124 FltMgr - ok 17:45:32.0407 1124 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:45:32.0438 1124 FontCache - ok 17:45:32.0516 1124 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:45:32.0532 1124 FontCache3.0.0.0 - ok 17:45:32.0563 1124 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:45:32.0563 1124 FsDepends - ok 17:45:32.0594 1124 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:45:32.0594 1124 Fs_Rec - ok 17:45:32.0657 1124 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:45:32.0657 1124 fvevol - ok 17:45:32.0688 1124 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:45:32.0688 1124 gagp30kx - ok 17:45:32.0766 1124 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:45:32.0766 1124 GEARAspiWDM - ok 17:45:32.0828 1124 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:45:32.0828 1124 gpsvc - ok 17:45:33.0016 1124 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:45:33.0016 1124 gupdate - ok 17:45:33.0031 1124 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:45:33.0031 1124 gupdatem - ok 17:45:33.0094 1124 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:45:33.0094 1124 gusvc - ok 17:45:33.0156 1124 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:45:33.0156 1124 hcw85cir - ok 17:45:33.0203 1124 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:45:33.0203 1124 HdAudAddService - ok 17:45:33.0265 1124 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:45:33.0265 1124 HDAudBus - ok 17:45:33.0265 1124 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:45:33.0265 1124 HidBatt - ok 17:45:33.0265 1124 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:45:33.0265 1124 HidBth - ok 17:45:33.0281 1124 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:45:33.0281 1124 HidIr - ok 17:45:33.0328 1124 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 17:45:33.0328 1124 hidserv - ok 17:45:33.0343 1124 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:45:33.0359 1124 HidUsb - ok 17:45:33.0390 1124 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:45:33.0406 1124 hkmsvc - ok 17:45:33.0452 1124 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:45:33.0452 1124 HomeGroupListener - ok 17:45:33.0468 1124 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:45:33.0468 1124 HomeGroupProvider - ok 17:45:33.0499 1124 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:45:33.0499 1124 HpSAMD - ok 17:45:33.0640 1124 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll 17:45:33.0702 1124 HsfXAudioService - ok 17:45:33.0749 1124 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys 17:45:33.0764 1124 HSF_DPV - ok 17:45:33.0842 1124 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:45:33.0842 1124 HTTP - ok 17:45:33.0858 1124 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:45:33.0858 1124 hwpolicy - ok 17:45:33.0920 1124 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:45:33.0920 1124 i8042prt - ok 17:45:34.0030 1124 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 17:45:34.0045 1124 IAANTMON - ok 17:45:34.0092 1124 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:45:34.0092 1124 iaStor - ok 17:45:34.0154 1124 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:45:34.0170 1124 iaStorV - ok 17:45:34.0310 1124 [ 4B2CD05E33D86EBD486DAA0B403743F9 ] ICScsiSV C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe 17:45:34.0310 1124 ICScsiSV - ok 17:45:34.0310 1124 [ F3DA2B062A361C2BC9DC6E42F6D283F0 ] IcVzMonLauncher C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe 17:45:34.0326 1124 IcVzMonLauncher - ok 17:45:34.0404 1124 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 17:45:34.0404 1124 IDriverT - ok 17:45:34.0498 1124 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:45:34.0513 1124 idsvc - ok 17:45:34.0685 1124 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:45:34.0778 1124 igfx - ok 17:45:34.0825 1124 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:45:34.0825 1124 iirsp - ok 17:45:34.0888 1124 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:45:34.0888 1124 IKEEXT - ok 17:45:34.0919 1124 [ FE9BF2EF80A435BA0B5F8FD9C926D5A8 ] Image Converter video recording monitor for VAIO Entertainment C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMon.exe 17:45:34.0919 1124 Image Converter video recording monitor for VAIO Entertainment - ok 17:45:35.0012 1124 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:45:35.0044 1124 IntcAzAudAddService - ok 17:45:35.0059 1124 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:45:35.0059 1124 intelide - ok 17:45:35.0122 1124 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:45:35.0122 1124 intelppm - ok 17:45:35.0168 1124 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:45:35.0168 1124 IPBusEnum - ok 17:45:35.0200 1124 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:45:35.0200 1124 IpFilterDriver - ok 17:45:35.0246 1124 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:45:35.0262 1124 IPMIDRV - ok 17:45:35.0278 1124 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:45:35.0278 1124 IPNAT - ok 17:45:35.0402 1124 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:45:35.0418 1124 iPod Service - ok 17:45:35.0449 1124 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:45:35.0449 1124 IRENUM - ok 17:45:35.0449 1124 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:45:35.0449 1124 isapnp - ok 17:45:35.0480 1124 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:45:35.0480 1124 iScsiPrt - ok 17:45:35.0496 1124 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:45:35.0496 1124 kbdclass - ok 17:45:35.0527 1124 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:45:35.0527 1124 kbdhid - ok 17:45:35.0543 1124 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:45:35.0543 1124 KeyIso - ok 17:45:35.0590 1124 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:45:35.0590 1124 KSecDD - ok 17:45:35.0636 1124 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:45:35.0636 1124 KSecPkg - ok 17:45:35.0699 1124 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:45:35.0699 1124 ksthunk - ok 17:45:35.0761 1124 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:45:35.0761 1124 KtmRm - ok 17:45:35.0824 1124 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 17:45:35.0855 1124 LanmanServer - ok 17:45:35.0870 1124 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:45:35.0870 1124 LanmanWorkstation - ok 17:45:36.0058 1124 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 17:45:36.0073 1124 LBTServ - ok 17:45:36.0136 1124 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys 17:45:36.0136 1124 LEqdUsb - ok 17:45:36.0136 1124 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys 17:45:36.0151 1124 LHidEqd - ok 17:45:36.0167 1124 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 17:45:36.0167 1124 LHidFilt - ok 17:45:36.0229 1124 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:45:36.0229 1124 lltdio - ok 17:45:36.0292 1124 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:45:36.0292 1124 lltdsvc - ok 17:45:36.0307 1124 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:45:36.0307 1124 lmhosts - ok 17:45:36.0307 1124 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 17:45:36.0307 1124 LMouFilt - ok 17:45:36.0354 1124 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:45:36.0354 1124 LSI_FC - ok 17:45:36.0354 1124 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:45:36.0354 1124 LSI_SAS - ok 17:45:36.0370 1124 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:45:36.0370 1124 LSI_SAS2 - ok 17:45:36.0370 1124 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:45:36.0370 1124 LSI_SCSI - ok 17:45:36.0401 1124 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:45:36.0401 1124 luafv - ok 17:45:36.0448 1124 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:45:36.0448 1124 Mcx2Svc - ok 17:45:36.0510 1124 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 17:45:36.0510 1124 mdmxsdk - ok 17:45:36.0510 1124 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:45:36.0510 1124 megasas - ok 17:45:36.0557 1124 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:45:36.0557 1124 MegaSR - ok 17:45:36.0666 1124 Microsoft SharePoint Workspace Audit Service - ok 17:45:36.0713 1124 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:45:36.0728 1124 MMCSS - ok 17:45:36.0760 1124 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:45:36.0760 1124 Modem - ok 17:45:36.0791 1124 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:45:36.0791 1124 monitor - ok 17:45:36.0853 1124 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:45:36.0853 1124 mouclass - ok 17:45:36.0916 1124 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:45:36.0916 1124 mouhid - ok 17:45:36.0962 1124 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:45:36.0978 1124 mountmgr - ok 17:45:36.0978 1124 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:45:36.0978 1124 mpio - ok 17:45:37.0009 1124 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:45:37.0009 1124 mpsdrv - ok 17:45:37.0056 1124 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:45:37.0056 1124 MRxDAV - ok 17:45:37.0087 1124 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:45:37.0087 1124 mrxsmb - ok 17:45:37.0134 1124 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:45:37.0134 1124 mrxsmb10 - ok 17:45:37.0134 1124 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:45:37.0134 1124 mrxsmb20 - ok 17:45:37.0150 1124 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:45:37.0150 1124 msahci - ok 17:45:37.0290 1124 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 17:45:37.0290 1124 MSCSPTISRV - ok 17:45:37.0306 1124 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:45:37.0306 1124 msdsm - ok 17:45:37.0337 1124 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:45:37.0352 1124 MSDTC - ok 17:45:37.0399 1124 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys 17:45:37.0399 1124 MSDV - ok 17:45:37.0415 1124 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:45:37.0415 1124 Msfs - ok 17:45:37.0415 1124 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:45:37.0415 1124 mshidkmdf - ok 17:45:37.0430 1124 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:45:37.0430 1124 msisadrv - ok 17:45:37.0493 1124 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:45:37.0493 1124 MSiSCSI - ok 17:45:37.0508 1124 msiserver - ok 17:45:37.0540 1124 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:45:37.0540 1124 MSKSSRV - ok 17:45:37.0540 1124 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:45:37.0555 1124 MSPCLOCK - ok 17:45:37.0555 1124 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:45:37.0555 1124 MSPQM - ok 17:45:37.0602 1124 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:45:37.0618 1124 MsRPC - ok 17:45:37.0618 1124 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:45:37.0618 1124 mssmbios - ok 17:45:37.0633 1124 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:45:37.0633 1124 MSTEE - ok 17:45:37.0633 1124 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:45:37.0633 1124 MTConfig - ok 17:45:37.0664 1124 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:45:37.0664 1124 Mup - ok 17:45:37.0696 1124 [ C1049DA04C05F3D7AAF83345B9C86EB0 ] MUsbFltr C:\Windows\system32\drivers\MUsbFltr.sys 17:45:37.0696 1124 MUsbFltr - ok 17:45:37.0727 1124 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:45:37.0742 1124 napagent - ok 17:45:37.0805 1124 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:45:37.0805 1124 NativeWifiP - ok 17:45:37.0883 1124 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:45:37.0898 1124 NDIS - ok 17:45:37.0914 1124 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:45:37.0930 1124 NdisCap - ok 17:45:37.0945 1124 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:45:37.0945 1124 NdisTapi - ok 17:45:37.0992 1124 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:45:37.0992 1124 Ndisuio - ok 17:45:37.0992 1124 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:45:37.0992 1124 NdisWan - ok 17:45:38.0023 1124 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:45:38.0023 1124 NDProxy - ok 17:45:38.0117 1124 [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS 17:45:38.0117 1124 NEOFLTR_650_15991 - ok 17:45:38.0132 1124 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:45:38.0148 1124 NetBIOS - ok 17:45:38.0148 1124 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:45:38.0164 1124 NetBT - ok 17:45:38.0179 1124 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:45:38.0179 1124 Netlogon - ok 17:45:38.0242 1124 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:45:38.0257 1124 Netman - ok 17:45:38.0273 1124 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:45:38.0273 1124 netprofm - ok 17:45:38.0320 1124 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:45:38.0335 1124 NetTcpPortSharing - ok 17:45:38.0491 1124 [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 17:45:38.0569 1124 netw5v64 - ok 17:45:38.0632 1124 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:45:38.0632 1124 nfrd960 - ok 17:45:38.0694 1124 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:45:38.0710 1124 NlaSvc - ok 17:45:38.0725 1124 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:45:38.0725 1124 Npfs - ok 17:45:38.0772 1124 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:45:38.0772 1124 nsi - ok 17:45:38.0788 1124 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:45:38.0788 1124 nsiproxy - ok 17:45:38.0850 1124 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:45:38.0881 1124 Ntfs - ok 17:45:38.0928 1124 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:45:38.0928 1124 Null - ok 17:45:38.0959 1124 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:45:38.0959 1124 nvraid - ok 17:45:38.0990 1124 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:45:38.0990 1124 nvstor - ok 17:45:39.0006 1124 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:45:39.0006 1124 nv_agp - ok 17:45:39.0006 1124 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:45:39.0006 1124 ohci1394 - ok 17:45:39.0100 1124 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:45:39.0100 1124 ose - ok 17:45:39.0287 1124 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:45:39.0365 1124 osppsvc - ok 17:45:39.0412 1124 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:45:39.0427 1124 p2pimsvc - ok 17:45:39.0443 1124 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:45:39.0443 1124 p2psvc - ok 17:45:39.0505 1124 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 17:45:39.0505 1124 PACSPTISVR - ok 17:45:39.0552 1124 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:45:39.0568 1124 Parport - ok 17:45:39.0599 1124 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:45:39.0615 1124 partmgr - ok 17:45:39.0708 1124 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe 17:45:39.0708 1124 Partner Service - ok 17:45:39.0724 1124 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:45:39.0739 1124 PcaSvc - ok 17:45:39.0739 1124 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:45:39.0739 1124 pci - ok 17:45:39.0771 1124 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:45:39.0771 1124 pciide - ok 17:45:39.0786 1124 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:45:39.0786 1124 pcmcia - ok 17:45:39.0786 1124 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:45:39.0786 1124 pcw - ok 17:45:39.0817 1124 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:45:39.0833 1124 PEAUTH - ok 17:45:39.0911 1124 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:45:39.0927 1124 PeerDistSvc - ok 17:45:39.0973 1124 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:45:39.0973 1124 PerfHost - ok 17:45:40.0051 1124 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:45:40.0067 1124 pla - ok 17:45:40.0129 1124 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:45:40.0145 1124 PlugPlay - ok 17:45:40.0176 1124 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:45:40.0176 1124 PNRPAutoReg - ok 17:45:40.0207 1124 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:45:40.0207 1124 PNRPsvc - ok 17:45:40.0254 1124 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys 17:45:40.0254 1124 Point64 - ok 17:45:40.0317 1124 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:45:40.0332 1124 PolicyAgent - ok 17:45:40.0363 1124 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:45:40.0363 1124 Power - ok 17:45:40.0426 1124 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:45:40.0426 1124 PptpMiniport - ok 17:45:40.0473 1124 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:45:40.0488 1124 Processor - ok 17:45:40.0519 1124 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:45:40.0519 1124 ProfSvc - ok 17:45:40.0566 1124 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:45:40.0566 1124 ProtectedStorage - ok 17:45:40.0629 1124 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:45:40.0629 1124 Psched - ok 17:45:40.0707 1124 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 17:45:40.0707 1124 PxHlpa64 - ok 17:45:40.0738 1124 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:45:40.0769 1124 ql2300 - ok 17:45:40.0769 1124 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:45:40.0785 1124 ql40xx - ok 17:45:40.0816 1124 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:45:40.0831 1124 QWAVE - ok 17:45:40.0831 1124 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:45:40.0831 1124 QWAVEdrv - ok 17:45:40.0847 1124 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:45:40.0847 1124 RasAcd - ok 17:45:40.0909 1124 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:45:40.0909 1124 RasAgileVpn - ok 17:45:40.0909 1124 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:45:40.0909 1124 RasAuto - ok 17:45:40.0925 1124 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:45:40.0925 1124 Rasl2tp - ok 17:45:40.0987 1124 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:45:40.0987 1124 RasMan - ok 17:45:41.0019 1124 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:45:41.0019 1124 RasPppoe - ok 17:45:41.0050 1124 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:45:41.0050 1124 RasSstp - ok 17:45:41.0065 1124 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:45:41.0065 1124 rdbss - ok 17:45:41.0081 1124 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:45:41.0081 1124 rdpbus - ok 17:45:41.0097 1124 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:45:41.0097 1124 RDPCDD - ok 17:45:41.0159 1124 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:45:41.0159 1124 RDPDR - ok 17:45:41.0175 1124 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:45:41.0175 1124 RDPENCDD - ok 17:45:41.0175 1124 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:45:41.0175 1124 RDPREFMP - ok 17:45:41.0206 1124 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:45:41.0206 1124 RDPWD - ok 17:45:41.0253 1124 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:45:41.0253 1124 rdyboost - ok 17:45:41.0315 1124 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:45:41.0315 1124 RemoteAccess - ok 17:45:41.0346 1124 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:45:41.0362 1124 RemoteRegistry - ok 17:45:41.0377 1124 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:45:41.0377 1124 RFCOMM - ok 17:45:41.0424 1124 [ 9AE85FE1CDB4F89A38B7F47E0E68BD71 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys 17:45:41.0424 1124 rimsptsk - ok 17:45:41.0487 1124 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 17:45:41.0487 1124 RimUsb - ok 17:45:41.0549 1124 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 17:45:41.0549 1124 RimVSerPort - ok 17:45:41.0596 1124 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys 17:45:41.0596 1124 risdptsk - ok 17:45:41.0674 1124 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 17:45:41.0674 1124 ROOTMODEM - ok 17:45:41.0689 1124 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:45:41.0689 1124 RpcEptMapper - ok 17:45:41.0736 1124 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:45:41.0736 1124 RpcLocator - ok 17:45:41.0783 1124 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:45:41.0783 1124 RpcSs - ok 17:45:41.0814 1124 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:45:41.0814 1124 rspndr - ok 17:45:41.0892 1124 RTCore64 - ok 17:45:41.0939 1124 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 17:45:41.0939 1124 RTHDMIAzAudService - ok 17:45:42.0048 1124 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 17:45:42.0048 1124 RtkAudioService - ok 17:45:42.0095 1124 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 17:45:42.0095 1124 s3cap - ok 17:45:42.0235 1124 [ 9A5FB8DE6567BC86FCCDE2F0336857A3 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe 17:45:42.0235 1124 SampleCollector - ok 17:45:42.0251 1124 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:45:42.0251 1124 SamSs - ok 17:45:42.0267 1124 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:45:42.0267 1124 sbp2port - ok 17:45:42.0313 1124 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:45:42.0329 1124 SCardSvr - ok 17:45:42.0376 1124 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:45:42.0376 1124 scfilter - ok 17:45:42.0438 1124 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:45:42.0454 1124 Schedule - ok 17:45:42.0469 1124 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:45:42.0469 1124 SCPolicySvc - ok 17:45:42.0516 1124 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 17:45:42.0516 1124 sdbus - ok 17:45:42.0547 1124 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:45:42.0563 1124 SDRSVC - ok 17:45:42.0641 1124 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:45:42.0641 1124 secdrv - ok 17:45:42.0657 1124 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:45:42.0657 1124 seclogon - ok 17:45:42.0703 1124 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:45:42.0719 1124 SENS - ok 17:45:42.0735 1124 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:45:42.0735 1124 SensrSvc - ok 17:45:42.0750 1124 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:45:42.0750 1124 Serenum - ok 17:45:42.0750 1124 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:45:42.0750 1124 Serial - ok 17:45:42.0766 1124 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:45:42.0766 1124 sermouse - ok 17:45:42.0828 1124 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:45:42.0828 1124 SessionEnv - ok 17:45:42.0891 1124 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys 17:45:42.0891 1124 SFEP - ok 17:45:42.0891 1124 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:45:42.0891 1124 sffdisk - ok 17:45:42.0891 1124 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:45:42.0906 1124 sffp_mmc - ok 17:45:42.0906 1124 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:45:42.0906 1124 sffp_sd - ok 17:45:42.0906 1124 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:45:42.0906 1124 sfloppy - ok 17:45:42.0969 1124 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:45:42.0969 1124 ShellHWDetection - ok 17:45:42.0984 1124 [ C06CCD29F5C15B610237E86F82085E77 ] shpf C:\Windows\system32\DRIVERS\shpf.sys 17:45:42.0984 1124 shpf - ok 17:45:43.0000 1124 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:45:43.0000 1124 SiSRaid2 - ok 17:45:43.0000 1124 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:45:43.0015 1124 SiSRaid4 - ok 17:45:43.0109 1124 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:45:43.0125 1124 SkypeUpdate - ok 17:45:43.0140 1124 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:45:43.0140 1124 Smb - ok 17:45:43.0203 1124 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:45:43.0218 1124 SNMPTRAP - ok 17:45:43.0281 1124 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe 17:45:43.0281 1124 SonicStage Back-End Service - ok 17:45:43.0296 1124 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:45:43.0296 1124 spldr - ok 17:45:43.0343 1124 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:45:43.0359 1124 Spooler - ok 17:45:43.0452 1124 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:45:43.0515 1124 sppsvc - ok 17:45:43.0546 1124 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:45:43.0561 1124 sppuinotify - ok 17:45:43.0608 1124 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe 17:45:43.0608 1124 SPTISRV - ok 17:45:43.0624 1124 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:45:43.0639 1124 srv - ok 17:45:43.0671 1124 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:45:43.0671 1124 srv2 - ok 17:45:43.0749 1124 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 17:45:43.0749 1124 SrvHsfHDA - ok 17:45:43.0795 1124 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 17:45:43.0811 1124 SrvHsfV92 - ok 17:45:43.0827 1124 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 17:45:43.0842 1124 SrvHsfWinac - ok 17:45:43.0889 1124 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:45:43.0905 1124 srvnet - ok 17:45:43.0951 1124 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:45:43.0967 1124 SSDPSRV - ok 17:45:44.0014 1124 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe 17:45:44.0014 1124 SSScsiSV - ok 17:45:44.0029 1124 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:45:44.0029 1124 SstpSvc - ok 17:45:44.0076 1124 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:45:44.0076 1124 stexstor - ok 17:45:44.0139 1124 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:45:44.0139 1124 stisvc - ok 17:45:44.0170 1124 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 17:45:44.0170 1124 storflt - ok 17:45:44.0217 1124 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 17:45:44.0217 1124 StorSvc - ok 17:45:44.0232 1124 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 17:45:44.0232 1124 storvsc - ok 17:45:44.0248 1124 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 17:45:44.0248 1124 swenum - ok 17:45:44.0279 1124 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:45:44.0295 1124 swprv - ok 17:45:44.0341 1124 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 17:45:44.0341 1124 SynTP - ok 17:45:44.0435 1124 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:45:44.0466 1124 SysMain - ok 17:45:44.0513 1124 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:45:44.0513 1124 TabletInputService - ok 17:45:44.0560 1124 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:45:44.0560 1124 TapiSrv - ok 17:45:44.0622 1124 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:45:44.0622 1124 TBS - ok 17:45:44.0716 1124 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:45:44.0747 1124 Tcpip - ok 17:45:44.0778 1124 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:45:44.0778 1124 TCPIP6 - ok 17:45:44.0794 1124 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:45:44.0809 1124 tcpipreg - ok 17:45:44.0856 1124 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:45:44.0856 1124 TDPIPE - ok 17:45:44.0887 1124 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:45:44.0887 1124 TDTCP - ok 17:45:44.0919 1124 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:45:44.0919 1124 tdx - ok 17:45:44.0965 1124 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 17:45:44.0965 1124 TermDD - ok 17:45:45.0028 1124 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:45:45.0043 1124 TermService - ok 17:45:45.0090 1124 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:45:45.0090 1124 Themes - ok 17:45:45.0137 1124 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:45:45.0137 1124 THREADORDER - ok 17:45:45.0153 1124 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 17:45:45.0153 1124 TPM - ok 17:45:45.0153 1124 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:45:45.0168 1124 TrkWks - ok 17:45:45.0215 1124 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:45:45.0231 1124 TrustedInstaller - ok 17:45:45.0231 1124 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:45:45.0231 1124 tssecsrv - ok 17:45:45.0262 1124 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:45:45.0262 1124 TsUsbFlt - ok 17:45:45.0340 1124 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:45:45.0340 1124 tunnel - ok 17:45:45.0371 1124 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:45:45.0371 1124 uagp35 - ok 17:45:45.0387 1124 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:45:45.0402 1124 udfs - ok 17:45:45.0418 1124 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:45:45.0418 1124 UI0Detect - ok 17:45:45.0433 1124 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:45:45.0433 1124 uliagpkx - ok 17:45:45.0480 1124 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 17:45:45.0496 1124 umbus - ok 17:45:45.0496 1124 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:45:45.0496 1124 UmPass - ok 17:45:45.0558 1124 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 17:45:45.0574 1124 UmRdpService - ok 17:45:45.0621 1124 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:45:45.0621 1124 upnphost - ok 17:45:45.0667 1124 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:45:45.0667 1124 USBAAPL64 - ok 17:45:45.0683 1124 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:45:45.0699 1124 usbccgp - ok 17:45:45.0714 1124 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:45:45.0714 1124 usbcir - ok 17:45:45.0745 1124 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:45:45.0761 1124 usbehci - ok 17:45:45.0792 1124 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:45:45.0792 1124 usbhub - ok 17:45:45.0839 1124 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 17:45:45.0839 1124 usbohci - ok 17:45:45.0870 1124 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:45:45.0870 1124 usbprint - ok 17:45:45.0901 1124 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:45:45.0901 1124 usbscan - ok 17:45:45.0917 1124 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:45:45.0917 1124 USBSTOR - ok 17:45:45.0948 1124 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:45:45.0948 1124 usbuhci - ok 17:45:45.0964 1124 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 17:45:45.0979 1124 usbvideo - ok 17:45:46.0026 1124 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:45:46.0026 1124 UxSms - ok 17:45:46.0135 1124 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 17:45:46.0135 1124 VAIO Event Service - ok 17:45:46.0229 1124 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 17:45:46.0229 1124 VAIO Power Management - ok 17:45:46.0245 1124 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:45:46.0245 1124 VaultSvc - ok 17:45:46.0307 1124 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 17:45:46.0307 1124 VClone - ok 17:45:46.0338 1124 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:45:46.0338 1124 vdrvroot - ok 17:45:46.0385 1124 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:45:46.0401 1124 vds - ok 17:45:46.0447 1124 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:45:46.0447 1124 vga - ok 17:45:46.0479 1124 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:45:46.0479 1124 VgaSave - ok 17:45:46.0510 1124 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:45:46.0510 1124 vhdmp - ok 17:45:46.0510 1124 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:45:46.0510 1124 viaide - ok 17:45:46.0525 1124 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 17:45:46.0525 1124 vmbus - ok 17:45:46.0525 1124 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 17:45:46.0525 1124 VMBusHID - ok 17:45:46.0541 1124 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:45:46.0541 1124 volmgr - ok 17:45:46.0572 1124 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:45:46.0572 1124 volmgrx - ok 17:45:46.0588 1124 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:45:46.0588 1124 volsnap - ok 17:45:46.0603 1124 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:45:46.0603 1124 vsmraid - ok 17:45:46.0650 1124 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:45:46.0666 1124 VSS - ok 17:45:46.0697 1124 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:45:46.0697 1124 vwifibus - ok 17:45:46.0728 1124 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:45:46.0728 1124 vwififlt - ok 17:45:46.0791 1124 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:45:46.0791 1124 W32Time - ok 17:45:46.0822 1124 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:45:46.0822 1124 WacomPen - ok 17:45:46.0869 1124 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:45:46.0869 1124 WANARP - ok 17:45:46.0869 1124 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:45:46.0884 1124 Wanarpv6 - ok 17:45:46.0978 1124 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:45:46.0993 1124 WatAdminSvc - ok 17:45:47.0056 1124 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:45:47.0087 1124 wbengine - ok 17:45:47.0149 1124 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:45:47.0149 1124 WbioSrvc - ok 17:45:47.0196 1124 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:45:47.0196 1124 wcncsvc - ok 17:45:47.0212 1124 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:45:47.0227 1124 WcsPlugInService - ok 17:45:47.0259 1124 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:45:47.0259 1124 Wd - ok 17:45:47.0321 1124 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:45:47.0321 1124 Wdf01000 - ok 17:45:47.0337 1124 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:45:47.0337 1124 WdiServiceHost - ok 17:45:47.0337 1124 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:45:47.0352 1124 WdiSystemHost - ok 17:45:47.0368 1124 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:45:47.0383 1124 WebClient - ok 17:45:47.0383 1124 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:45:47.0399 1124 Wecsvc - ok 17:45:47.0415 1124 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:45:47.0415 1124 wercplsupport - ok 17:45:47.0446 1124 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:45:47.0446 1124 WerSvc - ok 17:45:47.0461 1124 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:45:47.0461 1124 WfpLwf - ok 17:45:47.0477 1124 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:45:47.0477 1124 WIMMount - ok 17:45:47.0539 1124 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys 17:45:47.0555 1124 winachsf - ok 17:45:47.0555 1124 WinHttpAutoProxySvc - ok 17:45:47.0649 1124 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:45:47.0664 1124 Winmgmt - ok 17:45:47.0742 1124 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:45:47.0773 1124 WinRM - ok 17:45:47.0851 1124 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 17:45:47.0851 1124 WinUsb - ok 17:45:47.0914 1124 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:45:47.0929 1124 Wlansvc - ok 17:45:48.0101 1124 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:45:48.0132 1124 wlidsvc - ok 17:45:48.0195 1124 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:45:48.0195 1124 WmiAcpi - ok 17:45:48.0241 1124 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:45:48.0241 1124 wmiApSrv - ok 17:45:48.0288 1124 WMPNetworkSvc - ok 17:45:48.0351 1124 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:45:48.0351 1124 WPCSvc - ok 17:45:48.0397 1124 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:45:48.0397 1124 WPDBusEnum - ok 17:45:48.0460 1124 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:45:48.0460 1124 ws2ifsl - ok 17:45:48.0460 1124 WSearch - ok 17:45:48.0553 1124 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:45:48.0585 1124 wuauserv - ok 17:45:48.0647 1124 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:45:48.0647 1124 WudfPf - ok 17:45:48.0663 1124 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:45:48.0663 1124 WUDFRd - ok 17:45:48.0709 1124 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:45:48.0709 1124 wudfsvc - ok 17:45:48.0756 1124 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:45:48.0756 1124 WwanSvc - ok 17:45:48.0819 1124 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys 17:45:48.0819 1124 XAudio - ok 17:45:48.0881 1124 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 17:45:48.0897 1124 yukonw7 - ok 17:45:48.0912 1124 ================ Scan global =============================== 17:45:48.0959 1124 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:45:48.0990 1124 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:45:49.0006 1124 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:45:49.0037 1124 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:45:49.0099 1124 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe 17:45:49.0099 1124 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected 17:45:49.0099 1124 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0) 17:45:49.0099 1124 ================ Scan MBR ================================== 17:45:49.0115 1124 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 17:45:49.0287 1124 \Device\Harddisk0\DR0 - ok 17:45:49.0287 1124 ================ Scan VBR ================================== 17:45:49.0287 1124 [ 673E1CF02DD28FBBD4C17737C41A0E5D ] \Device\Harddisk0\DR0\Partition1 17:45:49.0287 1124 \Device\Harddisk0\DR0\Partition1 - ok 17:45:49.0302 1124 [ 673248BD6CCCC0ED193064107A731EE3 ] \Device\Harddisk0\DR0\Partition2 17:45:49.0302 1124 \Device\Harddisk0\DR0\Partition2 - ok 17:45:49.0302 1124 ============================================================ 17:45:49.0302 1124 Scan finished 17:45:49.0302 1124 ============================================================ 17:45:49.0302 1448 Detected object count: 1 17:45:49.0302 1448 Actual detected object count: 1 17:46:06.0649 1448 C:\Windows\system32\services.exe - copied to quarantine 17:46:26.0383 1448 Backup copy found, using it.. 17:46:26.0493 1448 C:\Windows\system32\services.exe - will be cured on reboot 17:46:26.0493 1448 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure 17:47:07.0770 1980 Deinitialize success RKR Report RogueKiller V8.3.1 [Nov 25 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Aaron [Admin rights] Mode : Scan -- Date : 11/25/2012 17:49:48 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 25 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Artisan 810(Network) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Aaron\AppData\Local\Temp\E_S733C.tmp" /EF "HKCU") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578647892-2928166785-2268897593-1001[...]\Run : Artisan 810(Network) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Aaron\AppData\Local\Temp\E_S733C.tmp" /EF "HKCU") -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE (cmd.exe /C start /D "C:\Users\Aaron\AppData\Local\Temp" /B 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE.exe -postboot) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\@ --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS723232L9SA60 +++++ --- User --- [MBR] f5a946cb3c73b4d41171e2d4298cffcd [bSP] b4edb318e6463599526d3e324c234c7e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6310 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12924928 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13129728 | Size: 298833 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11252012_02d1749.txt >> RKreport[1]_S_11252012_02d1749.txt **End of reports**