Jump to content

winsock hijack in windows 7

shawn1970

By shawn1970
in Resolved Malware Removal Logs

 Share

Recommended Posts

shawn1970

shawn1970

Posted
Posted

I tried to download the DDS file from Bleepingcomputer's website but it appears to be down.

I hope the Hijackthis log and Malwarebytes log helps.

In the services section of HJT log it appears that a number of my files are missing.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:41:29 AM, on 12/12/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Shawn\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2126936641-927109298-4143588652-1006\..\Run: [best Buy pc app] C:\Users\generic account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms (User 'generic account')

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe (file missing)

O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\SymcPCCULaunchSvc.exe

O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

O23 - Service: Stardock WindowFX (WindowFX) - Stardock Corporation - C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12621 bytes

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8357

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/12/2011 12:04:25 PM

mbam-log-2011-12-12 (12-04-25).txt

Scan type: Quick scan

Objects scanned: 188116

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\$Recycle.Bin\s-1-5-21-2126936641-927109298-4143588652-1000\$RCBW3J0.exe (Adware.OpenInstall) -> Quarantined and deleted successfully.

I was able to scan with DDS here are the logs that were created.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shawn at 2:15:04 on 2011-12-16

6.1.7601.1.1252.1.1033.18.4044.1800 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WFX32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\wfx64.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{432C3617-20C7-456C-8A5E-1F8C2E3D1E3B} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{A3E77080-3D8B-43A1-B609-769C007E0B62} : DhcpNameServer = 66.133.150.12 66.133.170.2

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\q18xhjnh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-15 1156216]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111215.001\IDSviA64.sys [2011-12-15 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-30 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-30 2361344]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-11-5 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\SymcPCCULaunchSvc.exe [2011-11-25 123320]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe [2011-11-25 126392]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-8 259192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-30 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-7-30 852160]

R2 WindowFX;Stardock WindowFX;C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-4-11 185648]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-8 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [?]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-16 07:55:01 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-12-16 07:55:01 -------- d-----w- C:\Program Files\CPUID

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 06:53:22 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 06:53:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 06:51:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 06:51:54 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 01:57:33 -------- d-----w- C:\Users\Shawn\AppData\Local\Xenocode

2011-12-13 01:40:24 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll

2011-12-13 01:39:58 74752 ----a-w- C:\Windows\System32\CLEyeDevices.dll

2011-12-13 01:39:56 -------- d-----w- C:\Program Files (x86)\Code Laboratories

2011-12-12 17:53:24 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Malwarebytes

2011-12-12 17:53:12 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-12 17:53:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-12 17:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-11 19:32:40 -------- d-----w- C:\Program Files (x86)\Paprikari

2011-12-11 10:00:23 -------- d-----w- C:\Users\Shawn\AppData\Local\VMware

2011-12-11 08:11:10 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2011-12-11 08:10:40 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2011-12-11 08:10:36 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2011-12-11 08:10:36 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2011-12-11 08:10:33 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2011-12-11 08:10:16 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2011-12-11 08:10:04 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2011-12-11 08:09:09 -------- d-----w- C:\Program Files (x86)\VMware

2011-12-11 08:09:09 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2011-12-11 08:07:52 -------- d-----w- C:\Program Files\Common Files\VMware

2011-12-08 20:02:17 -------- d-----r- C:\Users\Shawn\Virtual Machines

2011-12-08 19:52:25 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui

2011-12-08 19:51:59 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys

2011-12-08 19:51:58 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll

2011-12-08 19:51:58 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys

2011-12-08 19:51:58 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys

2011-12-08 19:51:58 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll

2011-12-08 19:51:58 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe

2011-12-08 19:51:51 4514816 ----a-w- C:\Windows\System32\vpc.exe

2011-12-08 19:51:50 936448 ----a-w- C:\Windows\System32\vmsal.exe

2011-12-08 19:51:50 1210368 ----a-w- C:\Windows\System32\VMWindow.exe

2011-12-08 10:35:04 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Rovio

2011-12-07 08:13:57 -------- d-----w- C:\Users\Shawn\.swt

2011-12-07 08:11:04 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Azureus

2011-12-07 08:10:05 -------- d-----w- C:\Program Files (x86)\Conduit

2011-12-07 08:09:57 -------- d-----w- C:\Users\Shawn\AppData\Local\Conduit

2011-12-07 06:23:31 -------- d-----w- C:\Users\Shawn\AppData\Local\IsolatedStorage

2011-12-07 06:22:44 -------- d-----w- C:\Program Files (x86)\Better Explorer

2011-12-07 00:29:01 -------- d-----w- C:\Users\Shawn\VirtualBox VMs

2011-12-07 00:27:36 -------- d-----w- C:\Users\Shawn\.VirtualBox

2011-12-07 00:25:35 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2011-12-07 00:25:12 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2011-12-07 00:25:02 -------- d-----w- C:\Program Files\Oracle

2011-12-06 23:09:18 -------- d-----w- C:\Program Files (x86)\Skin Pack

2011-12-06 22:46:56 -------- d-----w- C:\Users\Shawn\AppData\Local\TempDIR

2011-12-05 09:11:51 -------- d-----w- C:\Program Files\zabkat

2011-12-05 09:07:48 -------- d-----w- C:\Program Files\Q-Dir

2011-12-05 09:06:39 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Q-Dir

2011-11-29 18:37:43 -------- d-----w- C:\Users\Shawn\AppData\Local\ODUI

2011-11-29 05:51:14 -------- dc-h--w- C:\ProgramData\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}

2011-11-29 05:39:55 -------- d-----w- C:\Users\Shawn\AppData\Local\Stardock

2011-11-29 04:20:45 -------- d-----w- C:\Users\Shawn\AppData\Local\Stardock_Corporation

2011-11-29 04:11:27 -------- dc-h--w- C:\ProgramData\{43EF429C-1EBC-469E-8706-50B6D1875EF0}

2011-11-29 04:08:16 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Stardock

2011-11-29 04:08:15 -------- dc-h--w- C:\ProgramData\{071012C3-2764-457D-B41E-93AA7ADE5F06}

2011-11-29 04:08:14 -------- d-----w- C:\Program Files\Stardock

2011-11-29 04:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock

2011-11-29 03:54:05 -------- dc-h--w- C:\ProgramData\{DC76174F-5D90-49F1-8CD4-59D3E2D28310}

2011-11-29 03:35:25 53904 ----a-w- C:\Windows\System32\wbload.dll

2011-11-29 03:35:21 57904 ----a-w- C:\Windows\SysWow64\wbload.dll

2011-11-29 03:35:21 42672 ----a-w- C:\Windows\SysWow64\wbsys.dll

2011-11-29 03:35:20 -------- d-----w- C:\Program Files (x86)\Stardock

2011-11-28 01:43:40 -------- d-----w- C:\ProgramData\MemeoCommon

2011-11-27 23:53:28 119808 ----a-r- C:\Users\Shawn\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2011-11-27 14:00:17 -------- d--h--w- C:\$WINDOWS.~BT

2011-11-27 04:26:43 1114624 ----a-w- C:\Windows\memorb.exe

2011-11-26 23:05:13 -------- d-----w- C:\Windows\Downloaded Installations

2011-11-26 02:58:14 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\02000F0.057

2011-11-26 02:58:14 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64

2011-11-26 02:58:14 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup

2011-11-21 14:20:01 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2011-11-21 13:58:46 -------- d-----w- C:\Program Files\CCleaner

2011-11-19 06:00:57 -------- d-----w- C:\Program Files (x86)\Silver Oak Casino

2011-11-19 03:33:58 -------- d-----w- C:\ProgramData\Stardock

2011-11-19 03:33:55 -------- dc-h--w- C:\ProgramData\~0

2011-11-19 03:33:03 -------- d-----w- C:\Users\Shawn\AppData\Local\PackageAware

2011-11-17 05:58:08 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Rainmeter

2011-11-17 04:49:13 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Real Desktop

2011-11-16 23:04:01 -------- d-----w- C:\ProgramData\MSScanAppDataDir

.

==================== Find3M ====================

.

2011-12-12 02:15:05 20911104 ----a-w- C:\Windows\System32\imageres.dll

2011-12-06 23:08:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.tmp

2011-12-06 23:08:34 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.tmp

2011-12-06 23:08:31 2851840 ----a-w- C:\Windows\System32\themeui.dll

2011-12-06 23:08:30 44544 ----a-w- C:\Windows\System32\themeservice.dll

2011-12-06 23:08:29 332288 ----a-w- C:\Windows\System32\uxtheme.dll

2011-11-14 03:59:58 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll

2011-11-14 03:33:56 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll

2011-11-14 03:33:56 48752 ----a-w- C:\Windows\System32\vnetinst.dll

2011-11-14 03:33:56 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys

2011-11-14 03:33:56 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys

2011-11-14 03:33:56 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys

2011-11-14 02:53:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-14 02:05:42 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-05 22:43:37 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-20 15:23:40 317776 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys

.

============= FINISH: 2:15:50.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

Boot Device: \Device\HarddiskVolume2

Install Date: 11/3/2011 3:07:56 PM

System Uptime: 12/15/2011 10:10:10 PM (4 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | N/A | 2200/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 565 GiB total, 438.741 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 592.826 GiB free.

W: is FIXED (NTFS) - 20 GiB total, 2.705 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP91: 12/5/2011 8:07:59 AM - Windows Backup

RP92: 12/5/2011 9:30:43 AM - Windows Backup

RP93: 12/6/2011 4:45:44 PM - crystal skin

RP94: 12/6/2011 6:24:21 PM - Installed Oracle VM VirtualBox 4.1.6

RP95: 12/7/2011 2:58:39 AM - VAIO Care Automatic Restore Point

RP96: 12/7/2011 3:00:25 AM - Installed VAIO Update 5

RP97: 12/8/2011 4:25:56 AM - Removed VAIO Care

RP98: 12/8/2011 4:26:49 AM - Installed VAIO Care

RP99: 12/8/2011 4:53:41 AM - Installed 3D Pool Game Demo

RP100: 12/8/2011 5:05:36 AM - Installed Converter Plus

RP101: 12/8/2011 6:12:02 AM - Windows Update

RP102: 12/8/2011 6:19:00 AM - Removed Converter Plus

RP103: 12/8/2011 6:19:46 AM - Removed 3D Pool Game Demo

RP104: 12/8/2011 1:51:15 PM - Windows Update

RP105: 12/11/2011 6:44:51 AM - Norton 360 Registry Clean

RP106: 12/12/2011 7:38:03 AM - Windows Modules Installer

RP107: 12/12/2011 1:06:21 PM - Norton 360 Registry Clean

RP108: 12/12/2011 7:40:52 PM - Device Driver Package Install: AlexP

RP109: 12/14/2011 12:58:11 AM - Windows Update

RP110: 12/15/2011 10:32:18 PM - Windows Backup

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

AC 130

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1) MUI

Apple Application Support

Apple Software Update

Application Manager for VAIO

ArcSoft WebCam Companion 4

Best Buy pc app

Better Explorer

CL-Eye Driver

Cool Cat Casino

Crystal Skin Pack 1.0-X64

D3DX10

DDD Pool 1.2

DesktopX

Fences Pro

Google Earth

IconDeveloper

IconPackager

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® WiDi

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 29

John Deere Drive Green

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Norton 360

Norton PC Checkup

Oasis2Service 1.0

ObjectDock Plus

OOBE

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

QuickTime

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation 3

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

SkinStudio 7

SSLx86

Theme Manager

Tiles

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Improvement

VAIO Manual

VAIO Messenger

VAIO Quick Web Access

VAIO Sample Contents

VAIO Satisfaction Survey.

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VCCx86

VESx86

VIx86

VMware Player

VWSTx86

WindowBlinds

WindowFX

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

12/15/2011 10:11:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ccSet_NIS

12/15/2011 10:11:10 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the file specified.

12/12/2011 11:24:56 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

12/11/2011 5:14:24 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

12/11/2011 11:44:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

12/11/2011 11:34:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

.

==== End Of File ===========================

hijackthis.log

mbam-log-2011-12-12 (12-04-25).txt

Link to post
Share on other sites
  • 2 weeks later...
shawn1970

shawn1970

Posted
  • Author
Posted

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, try downloading DDS again. Run it and post DDS.txt directly in your reply.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122306

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/23/2011 3:47:33 AM

mbam-log-2011-12-23 (03-47-33).txt

Scan type: Quick scan

Objects scanned: 190506

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shawn at 3:49:25 on 2011-12-23

6.1.7601.1.1252.1.1033.18.4044.1695 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe

C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{432C3617-20C7-456C-8A5E-1F8C2E3D1E3B} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{A3E77080-3D8B-43A1-B609-769C007E0B62} : DhcpNameServer = 66.133.150.12 66.133.170.2

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\d9r5zwvh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111222.001\IDSviA64.sys [2011-12-22 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-30 13336]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-11-5 130008]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-8 259192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-30 2656280]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-7-30 852160]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-16 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-8 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [?]

S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [?]

S3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-30 2361344]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]

S4 WindowFX;Stardock WindowFX;C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-4-11 185648]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-23 08:13:20 -------- d-----w- C:\Users\Shawn\AppData\Local\{A7389217-673D-4384-AF9B-95E78CF9DCDB}

2011-12-23 08:12:38 -------- d-----w- C:\Users\Shawn\AppData\Local\{5697FCFE-9E8A-4056-9A60-3611756B6DEB}

2011-12-23 07:33:48 -------- d-----w- C:\Windows\en

2011-12-23 07:30:04 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-12-23 06:27:36 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f52f7dc21ccc13b22\bingbarsetup.exe

2011-12-23 06:22:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\36d98f4b1ccc13b1b\MeshBetaRemover.exe

2011-12-23 03:43:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-23 03:43:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-23 03:43:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-23 03:43:10 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-21 00:31:12 -------- d-----w- C:\Program Files\iTunes

2011-12-16 22:59:53 -------- d-----w- C:\ProgramData\SecTaskMan

2011-12-16 19:48:05 -------- d-----w- C:\Users\Shawn\AppData\Roaming\AusLogics

2011-12-16 09:03:56 -------- d-----w- C:\Users\Shawn\2011Orbiter

2011-12-16 07:55:01 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-12-16 07:55:01 -------- d-----w- C:\Program Files\CPUID

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 06:53:22 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 06:53:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 06:51:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 06:51:54 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 01:57:33 -------- d-----w- C:\Users\Shawn\AppData\Local\Xenocode

2011-12-13 01:40:24 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll

2011-12-13 01:39:58 74752 ----a-w- C:\Windows\System32\CLEyeDevices.dll

2011-12-13 01:39:56 -------- d-----w- C:\Program Files (x86)\Code Laboratories

2011-12-12 17:53:24 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Malwarebytes

2011-12-12 17:53:12 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-12 17:53:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-12 17:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-11 19:32:40 -------- d-----w- C:\Program Files (x86)\Paprikari

2011-12-11 10:00:23 -------- d-----w- C:\Users\Shawn\AppData\Local\VMware

2011-12-08 20:02:17 -------- d-----r- C:\Users\Shawn\Virtual Machines

2011-12-08 19:52:25 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui

2011-12-08 19:51:59 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys

2011-12-08 19:51:58 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll

2011-12-08 19:51:58 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys

2011-12-08 19:51:58 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys

2011-12-08 19:51:58 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll

2011-12-08 19:51:58 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe

2011-12-08 19:51:51 4514816 ----a-w- C:\Windows\System32\vpc.exe

2011-12-08 19:51:50 936448 ----a-w- C:\Windows\System32\vmsal.exe

2011-12-08 19:51:50 1210368 ----a-w- C:\Windows\System32\VMWindow.exe

2011-12-07 08:13:57 -------- d-----w- C:\Users\Shawn\.swt

2011-12-07 08:11:04 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Azureus

2011-12-07 08:10:05 -------- d-----w- C:\Program Files (x86)\Conduit

2011-12-07 08:09:57 -------- d-----w- C:\Users\Shawn\AppData\Local\Conduit

2011-12-07 06:23:31 -------- d-----w- C:\Users\Shawn\AppData\Local\IsolatedStorage

2011-12-07 00:25:35 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2011-12-07 00:25:12 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2011-12-06 23:09:18 -------- d-----w- C:\Program Files (x86)\Skin Pack

2011-12-06 23:08:58 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-12-06 23:08:57 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2011-12-06 23:08:56 2871808 ----a-w- C:\Windows\explorer.exe

2011-12-06 23:08:55 1927680 ----a-w- C:\Windows\System32\authui.dll

2011-12-06 23:08:54 1866240 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-12-06 23:08:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.tmp

2011-12-06 23:08:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup

2011-12-06 23:08:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.tmp

2011-12-06 23:08:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup

2011-12-06 23:08:31 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup

2011-12-06 23:08:30 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup

2011-12-06 23:08:29 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup

2011-12-06 22:46:56 -------- d-----w- C:\Users\Shawn\AppData\Local\TempDIR

2011-12-05 09:06:39 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Q-Dir

2011-11-29 18:37:43 -------- d-----w- C:\Users\Shawn\AppData\Local\ODUI

2011-11-29 05:51:14 -------- dc-h--w- C:\ProgramData\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}

2011-11-29 05:39:55 -------- d-----w- C:\Users\Shawn\AppData\Local\Stardock

2011-11-29 04:20:45 -------- d-----w- C:\Users\Shawn\AppData\Local\Stardock_Corporation

2011-11-29 04:11:27 -------- dc-h--w- C:\ProgramData\{43EF429C-1EBC-469E-8706-50B6D1875EF0}

2011-11-29 04:08:16 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Stardock

2011-11-29 04:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock

2011-11-29 03:54:05 -------- dc-h--w- C:\ProgramData\{DC76174F-5D90-49F1-8CD4-59D3E2D28310}

2011-11-29 03:35:25 53904 ----a-w- C:\Windows\System32\wbload.dll

2011-11-29 03:35:21 42672 ------w- C:\Windows\SysWow64\wbsys.dll

2011-11-29 03:35:20 -------- d-----w- C:\Program Files (x86)\Stardock

2011-11-28 01:43:40 -------- d-----w- C:\ProgramData\MemeoCommon

2011-11-27 23:53:28 119808 ----a-r- C:\Users\Shawn\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2011-11-27 14:00:17 -------- d--h--w- C:\$WINDOWS.~BT

2011-11-27 04:26:43 1114624 ----a-w- C:\Windows\memorb.exe

2011-11-26 23:05:13 -------- d-----w- C:\Windows\Downloaded Installations

.

==================== Find3M ====================

.

2011-12-17 06:35:45 20266496 ----a-w- C:\Windows\System32\imageres.dll

2011-11-14 02:53:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-14 02:05:42 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-05 22:43:37 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 3:50:30.98 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
shawn1970

shawn1970

Posted
  • Author
Posted

I did the scan and now I cant open exlplorer, firefox, chrome, I cant even open the log file that combofix created. The only way i'm able to reply is I logged in on another account and pulled the log from the other user i did the scan on. Weird. On this user i can open firefox and all the other programs i mentioned. Another thin my Microsoft Security Essentials wont open at all.

Please help with this. Here is the log for combofix.

ComboFix 11-12-28.03 - Shawn 12/28/2011 12:37:30.1.4 - x64

6.1.7601.1.1252.1.1033.18.4044.2518 [GMT -6:00]

Running from: c:\users\Shawn\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Shawn\AppData\Local\TempDIR

c:\users\Shawn\AppData\Local\TempDIR\BetterInstaller.exe

c:\windows\SysWow64\PowerToyReadme.htm

c:\windows\SysWow64\themeui.dll.tmp

c:\windows\SysWow64\uxtheme.dll.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))

.

.

2011-12-28 18:45 . 2011-12-28 18:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C42E143A-8AE1-43AB-905F-BC124EDFF0EF}\offreg.dll

2011-12-28 18:06 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C42E143A-8AE1-43AB-905F-BC124EDFF0EF}\mpengine.dll

2011-12-26 22:41 . 2011-12-26 22:41 -------- d-----w- C:\Converted Music

2011-12-26 22:28 . 2011-12-27 06:08 -------- d-----w- c:\programdata\xml_param

2011-12-26 20:25 . 2011-12-26 20:40 -------- d-----w- c:\users\Spoonmanpro

2011-12-26 20:05 . 2011-12-26 20:05 -------- d-----w- c:\users\generic account\AppData\Roaming\Apple Computer

2011-12-26 03:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-26 03:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-12-26 03:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-12-26 03:11 . 2011-12-26 03:12 -------- d-----w- c:\program files\iTunes

2011-12-25 20:11 . 2010-12-24 21:27 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys

2011-12-25 20:10 . 2010-12-24 21:27 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys

2011-12-25 20:10 . 2010-12-24 21:27 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys

2011-12-25 20:10 . 2010-12-24 21:27 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys

2011-12-25 20:09 . 2010-12-24 21:27 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

2011-12-25 20:09 . 2010-12-24 21:27 892928 ----a-w- c:\windows\SysWow64\iconv.dll

2011-12-25 20:09 . 2010-12-24 21:27 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax

2011-12-25 20:09 . 2010-12-24 21:27 496640 ----a-w- c:\windows\SysWow64\xvid.ax

2011-12-25 20:09 . 2011-01-15 20:08 153600 ----a-w- c:\windows\SysWow64\WS_ATLMovie.dll

2011-12-25 20:09 . 2011-12-25 20:09 -------- d-----w- c:\program files (x86)\Aimersoft

2011-12-25 19:48 . 2011-12-25 19:55 167936 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

2011-12-25 19:48 . 2011-12-25 19:48 -------- d-----w- c:\program files (x86)\Illustrate

2011-12-24 01:01 . 2011-12-24 06:32 -------- d-----w- c:\users\Shawn\X-Plane 10 Demo

2011-12-23 21:14 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-23 20:21 . 2011-12-23 20:21 -------- d-----w- c:\programdata\IsolatedStorage

2011-12-23 20:21 . 2011-12-23 20:21 -------- d-----w- c:\programdata\John Deere Ag Management Solutions

2011-12-23 20:21 . 2011-12-23 20:21 -------- d-----w- c:\users\Shawn\AppData\Local\John Deere Ag Management Solutions

2011-12-23 20:13 . 2011-12-23 20:13 -------- d-----w- c:\program files (x86)\GreenStar

2011-12-23 20:10 . 2011-12-23 20:13 -------- d-----w- c:\program files (x86)\John Deere Ag Management Solutions

2011-12-23 20:10 . 2011-12-23 20:35 -------- d-----w- c:\users\Shawn\AppData\Local\ApplicationHistory

2011-12-23 20:10 . 2011-12-23 20:10 -------- d-----w- c:\program files (x86)\Microsoft WSE

2011-12-23 20:04 . 2011-12-23 20:05 -------- d-----w- c:\program files\Microsoft SQL Server

2011-12-23 20:04 . 2011-12-23 21:15 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2011-12-23 20:03 . 2011-12-23 20:03 -------- d-----w- c:\windows\SysWow64\URTTEMP

2011-12-23 11:21 . 2011-12-23 11:21 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9977B155-ABC0-4C56-8698-1243D44AEAC3}\gapaengine.dll

2011-12-23 11:12 . 2011-12-23 11:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-23 11:12 . 2011-12-23 11:12 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-23 07:33 . 2011-12-23 07:33 -------- d-----w- c:\windows\en

2011-12-23 07:30 . 2011-12-23 07:30 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-12-23 06:27 . 2011-12-23 06:27 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f52f7dc21ccc13b22\bingbarsetup.exe

2011-12-23 06:22 . 2011-12-23 06:22 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\36d98f4b1ccc13b1b\MeshBetaRemover.exe

2011-12-16 22:59 . 2011-12-21 06:42 -------- d-----w- c:\programdata\SecTaskMan

2011-12-16 19:48 . 2011-12-16 20:32 -------- d-----w- c:\users\Shawn\AppData\Roaming\AusLogics

2011-12-16 09:03 . 2011-12-16 18:32 -------- d-----w- c:\users\Shawn\2011Orbiter

2011-12-16 07:55 . 2011-12-16 18:24 -------- d-----w- c:\program files\CPUID

2011-12-16 07:55 . 2010-11-09 21:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2011-12-14 06:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-14 06:53 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-14 06:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-14 06:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-14 06:51 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-14 06:51 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 01:57 . 2011-12-13 01:57 -------- d-----w- c:\users\Shawn\AppData\Local\Xenocode

2011-12-13 01:40 . 2011-12-13 01:40 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll

2011-12-13 01:39 . 2011-12-13 01:40 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll

2011-12-13 01:39 . 2011-12-16 18:31 -------- d-----w- c:\program files (x86)\Code Laboratories

2011-12-12 17:53 . 2011-12-12 17:53 -------- d-----w- c:\users\Shawn\AppData\Roaming\Malwarebytes

2011-12-12 17:53 . 2011-12-16 18:24 -------- d-----w- c:\programdata\Malwarebytes

2011-12-12 17:53 . 2011-12-28 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-12 17:53 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-12 13:44 . 2011-12-12 13:44 -------- d-----w- c:\users\generic account\AppData\Local\Mozilla

2011-12-12 13:44 . 2011-12-12 13:44 -------- d-----w- c:\users\generic account\AppData\Local\Best Buy pc app

2011-12-12 13:43 . 2011-12-12 13:43 -------- d-----w- c:\users\generic account\AppData\Roaming\Stardock

2011-12-11 19:32 . 2011-12-11 19:32 -------- d-----w- c:\program files (x86)\Paprikari

2011-12-11 10:00 . 2011-12-11 19:26 -------- d-----w- c:\users\Shawn\AppData\Local\VMware

2011-12-11 10:00 . 2011-12-16 20:52 -------- d-----w- c:\users\Shawn\AppData\Roaming\VMware

2011-12-11 08:09 . 2011-12-16 20:55 -------- d-----w- c:\programdata\VMware

2011-12-11 07:35 . 2011-12-11 07:35 -------- d-----w- c:\windows\Sun

2011-12-08 20:02 . 2011-12-16 18:32 -------- d-----r- c:\users\Shawn\Virtual Machines

2011-12-08 19:52 . 2010-11-20 11:03 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui

2011-12-08 19:52 . 2010-11-20 11:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui

2011-12-08 19:52 . 2010-11-20 11:02 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui

2011-12-08 19:52 . 2010-11-20 11:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui

2011-12-08 19:52 . 2010-11-20 11:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui

2011-12-08 19:52 . 2010-11-20 11:35 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys

2011-12-08 19:52 . 2010-11-20 13:25 2264064 ----a-w- c:\windows\system32\VPCWizard.exe

2011-12-08 19:52 . 2010-11-20 10:52 793600 ----a-w- c:\windows\SysWow64\vmsal.exe

2011-12-08 19:51 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys

2011-12-08 19:51 . 2010-11-20 13:34 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys

2011-12-08 19:51 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys

2011-12-08 19:51 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll

2011-12-08 19:51 . 2010-11-20 13:25 1369600 ----a-w- c:\windows\system32\VPCSettings.exe

2011-12-08 19:51 . 2010-11-20 11:35 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll

2011-12-08 19:51 . 2010-11-20 13:25 4514816 ----a-w- c:\windows\system32\vpc.exe

2011-12-08 19:51 . 2010-11-20 11:37 936448 ----a-w- c:\windows\system32\vmsal.exe

2011-12-08 19:51 . 2010-11-20 11:37 1210368 ----a-w- c:\windows\system32\VMWindow.exe

2011-12-07 08:13 . 2011-12-16 18:31 -------- d-----w- c:\users\Shawn\.swt

2011-12-07 08:11 . 2011-12-16 18:32 -------- d-----w- c:\users\Shawn\AppData\Roaming\Azureus

2011-12-07 08:10 . 2011-12-16 18:31 -------- d-----w- c:\program files (x86)\Conduit

2011-12-07 08:09 . 2011-12-08 08:16 -------- d-----w- c:\users\Shawn\AppData\Local\Conduit

2011-12-07 06:23 . 2011-12-07 06:23 -------- d-----w- c:\users\Shawn\AppData\Local\IsolatedStorage

2011-12-07 00:25 . 2011-11-04 18:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-12-07 00:25 . 2011-11-04 18:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-12-06 23:09 . 2011-12-16 18:31 -------- d-----w- c:\program files (x86)\Skin Pack

2011-12-06 23:08 . 2010-11-21 03:25 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2011-12-06 23:08 . 2011-07-13 01:22 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2011-12-06 23:08 . 2011-07-13 01:21 2871808 ----a-w- c:\windows\explorer.exe

2011-12-06 23:08 . 2010-11-21 03:23 1927680 ----a-w- c:\windows\system32\authui.dll

2011-12-06 23:08 . 2010-11-21 03:24 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-12-06 23:08 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup

2011-12-06 23:08 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup

2011-12-06 23:08 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup

2011-12-06 23:08 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup

2011-12-06 23:08 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup

2011-12-05 09:06 . 2011-12-05 09:09 -------- d-----w- c:\users\Shawn\AppData\Roaming\Q-Dir

2011-11-29 18:37 . 2011-12-16 18:32 -------- d-----w- c:\users\Shawn\AppData\Local\ODUI

2011-11-29 05:51 . 2011-11-29 05:51 -------- dc-h--w- c:\programdata\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}

2011-11-29 05:39 . 2011-12-17 03:39 -------- d-----w- c:\users\Shawn\AppData\Local\Stardock

2011-11-29 04:11 . 2011-12-17 13:40 -------- dc-h--w- c:\programdata\{43EF429C-1EBC-469E-8706-50B6D1875EF0}

2011-11-29 04:08 . 2011-11-29 18:37 -------- d-----w- c:\users\Shawn\AppData\Roaming\Stardock

2011-11-29 04:07 . 2011-12-16 20:50 -------- d-----w- c:\program files (x86)\Common Files\Stardock

2011-11-29 03:54 . 2011-11-29 03:54 -------- dc-h--w- c:\programdata\{DC76174F-5D90-49F1-8CD4-59D3E2D28310}

2011-11-29 03:35 . 2010-06-07 21:59 53904 ----a-w- c:\windows\system32\wbload.dll

2011-11-29 03:35 . 2011-06-11 21:37 42672 ------w- c:\windows\SysWow64\wbsys.dll

2011-11-29 03:35 . 2011-12-16 18:24 -------- d-----w- c:\program files (x86)\Stardock

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-23 16:48 . 2011-11-11 03:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-17 06:35 . 2009-07-13 23:57 20266496 ----a-w- c:\windows\system32\imageres.dll

2011-11-27 23:53 . 2011-11-27 23:53 119808 ----a-r- c:\users\Shawn\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2011-11-21 20:13 . 2011-11-27 04:26 1114624 ----a-w- c:\windows\memorb.exe

2011-11-14 02:05 . 2011-07-30 06:59 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-09 06:31 . 2011-11-09 06:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-11-09 06:31 . 2011-11-09 06:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-11-09 06:30 . 2011-11-09 06:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-11-09 06:29 . 2011-11-09 06:29 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-03 11:06 . 2011-07-30 07:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [x]

R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]

R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]

R4 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-04-11 185648]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 MSSQL$APEX2005;SQL Server (APEX2005);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2126936641-927109298-4143588652-1000Core.job

- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 17:16]

.

2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2126936641-927109298-4143588652-1000UA.job

- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 17:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\d9r5zwvh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-dBpowerAMP - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpowerAMP Arrange Music - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpowerAMP Mp4 Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-dMC Power Pack - c:\windows\system32\SpoonUninstall.exe

AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{071012C3-2764-457D-B41E-93AA7ADE5F06}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2126936641-927109298-4143588652-1000\Software\SecuROM\License information*]

"datasecu"=hex:55,6a,b3,58,76,d5,d3,49,5b,93,8b,5b,0f,64,8f,86,4b,e6,15,ca,50,

0a,b5,af,52,c2,f3,0b,61,df,f0,48,e9,db,a7,b5,43,67,5b,6f,08,c6,07,d1,6b,65,\

"rkeysecu"=hex:94,44,5b,4f,b9,db,c3,d4,39,70,09,30,d4,cd,9f,a3

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0c\03\07\08\0d\17?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\SysWOW64\DllHost.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\Sony\VAIO Care\listener.exe

.

**************************************************************************

.

Completion time: 2011-12-28 12:51:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-28 18:51

.

Pre-Run: 465,507,397,632 bytes free

Post-Run: 466,564,116,480 bytes free

.

- - End Of File - - 3667C17C815D309E3543F2DA11BF0356

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
shawn1970

shawn1970

Posted
  • Author
Posted

here is the DDS log file

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shawn at 0:25:57 on 2011-12-29

6.1.7601.1.1252.1.1033.18.4044.2625 [GMT -6:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{432C3617-20C7-456C-8A5E-1F8C2E3D1E3B} : DhcpNameServer = 192.168.254.254 192.168.254.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\d9r5zwvh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-28 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-30 13336]

R2 MSSQL$APEX2005;SQL Server (APEX2005);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-8 259192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-30 2656280]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-7-30 852160]

R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-8 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]

S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [?]

S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-28 127192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [?]

S3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-30 2361344]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]

S4 WindowFX;Stardock WindowFX;C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-4-11 185648]

.

=============== Created Last 30 ================

.

2011-12-29 06:11:04 -------- d-----w- C:\Users\Shawn\AppData\Local\{5F37D918-5B4F-4C3E-BDFF-7A0D1F83796B}

2011-12-29 06:10:24 -------- d-----w- C:\Users\Shawn\AppData\Local\{CD120E82-ADBE-4841-A549-A45261840D41}

2011-12-28 23:04:39 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-12-28 23:04:23 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-12-28 23:04:23 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-12-28 23:04:22 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-12-28 23:02:58 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2011-12-28 23:02:49 41184 ----a-w- C:\Windows\avastSS.scr

2011-12-28 23:02:39 -------- d-----w- C:\ProgramData\AVAST Software

2011-12-28 23:02:39 -------- d-----w- C:\Program Files\AVAST Software

2011-12-28 18:47:33 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-28 18:35:15 98816 ----a-w- C:\Windows\sed.exe

2011-12-28 18:35:15 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-28 18:35:15 256000 ----a-w- C:\Windows\PEV.exe

2011-12-28 18:35:15 208896 ----a-w- C:\Windows\MBR.exe

2011-12-28 17:55:25 -------- d-----w- C:\Users\Shawn\AppData\Local\{A38628F9-43E5-4F70-BCB8-0A2EED13D8F1}

2011-12-28 17:54:45 -------- d-----w- C:\Users\Shawn\AppData\Local\{44C2E4EE-EA05-4143-9BFF-62B84E621E71}

2011-12-26 22:41:10 -------- d-----w- C:\Converted Music

2011-12-26 22:28:31 -------- d-----w- C:\ProgramData\xml_param

2011-12-26 20:30:37 -------- d-----w- C:\Users\Shawn\AppData\Local\{542DC51D-0828-457A-BCEE-79A57D961184}

2011-12-26 20:29:57 -------- d-----w- C:\Users\Shawn\AppData\Local\{094392DC-B909-4BF9-AB41-7332A31FDC8A}

2011-12-26 19:38:43 -------- d-----w- C:\Users\Shawn\AppData\Local\{BFDF01D1-415D-48F6-9035-7827439833E7}

2011-12-26 04:00:38 -------- d-----w- C:\Users\Shawn\AppData\Local\{46734CC7-87BB-41CC-B696-A4078224A7D6}

2011-12-26 03:59:58 -------- d-----w- C:\Users\Shawn\AppData\Local\{651AFF54-AAA5-412C-AFDA-41D481FC5500}

2011-12-26 03:12:53 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-12-26 03:12:53 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-12-26 03:12:53 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-12-26 03:11:55 -------- d-----w- C:\Program Files\iTunes

2011-12-25 20:11:16 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys

2011-12-25 20:10:52 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys

2011-12-25 20:10:28 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys

2011-12-25 20:10:07 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys

2011-12-25 20:09:28 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys

2011-12-25 20:09:20 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2011-12-25 20:09:20 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2011-12-25 20:09:20 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-12-25 20:09:18 153600 ----a-w- C:\Windows\SysWow64\WS_ATLMovie.dll

2011-12-25 20:09:16 -------- d-----w- C:\Program Files (x86)\Aimersoft

2011-12-25 19:48:47 167936 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

2011-12-24 01:01:13 -------- d-----w- C:\Users\Shawn\X-Plane 10 Demo

2011-12-23 20:47:49 -------- d-----w- C:\Users\Shawn\AppData\Local\{A1476BCB-CD6E-4FED-AF3A-0F70EFC3BEAB}

2011-12-23 20:47:09 -------- d-----w- C:\Users\Shawn\AppData\Local\{998581E0-B66E-4696-9F3F-EB383840C696}

2011-12-23 20:21:15 -------- d-----w- C:\ProgramData\John Deere Ag Management Solutions

2011-12-23 20:21:15 -------- d-----w- C:\ProgramData\IsolatedStorage

2011-12-23 20:21:10 -------- d-----w- C:\Users\Shawn\AppData\Local\John Deere Ag Management Solutions

2011-12-23 20:18:26 -------- d-----w- C:\Users\Shawn\AppData\Local\{9A49FA64-C49B-407D-BCB8-97D252708A20}

2011-12-23 20:13:00 -------- d-----w- C:\Program Files (x86)\GreenStar

2011-12-23 20:10:24 -------- d-----w- C:\Program Files (x86)\John Deere Ag Management Solutions

2011-12-23 20:10:21 -------- d-----w- C:\Users\Shawn\AppData\Local\ApplicationHistory

2011-12-23 20:10:19 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-12-23 20:04:54 -------- d-----w- C:\Program Files\Microsoft SQL Server

2011-12-23 20:04:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2011-12-23 20:03:06 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2011-12-23 08:13:20 -------- d-----w- C:\Users\Shawn\AppData\Local\{A7389217-673D-4384-AF9B-95E78CF9DCDB}

2011-12-23 08:12:38 -------- d-----w- C:\Users\Shawn\AppData\Local\{5697FCFE-9E8A-4056-9A60-3611756B6DEB}

2011-12-23 07:33:48 -------- d-----w- C:\Windows\en

2011-12-23 07:30:04 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-12-23 06:27:36 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f52f7dc21ccc13b22\bingbarsetup.exe

2011-12-23 06:22:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\36d98f4b1ccc13b1b\MeshBetaRemover.exe

2011-12-23 03:43:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-23 03:43:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-23 03:43:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-23 03:43:10 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-16 22:59:53 -------- d-----w- C:\ProgramData\SecTaskMan

2011-12-16 19:48:05 -------- d-----w- C:\Users\Shawn\AppData\Roaming\AusLogics

2011-12-16 09:03:56 -------- d-----w- C:\Users\Shawn\2011Orbiter

2011-12-16 07:55:01 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-12-16 07:55:01 -------- d-----w- C:\Program Files\CPUID

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 06:53:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 06:53:22 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 06:53:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 06:51:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 06:51:54 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 01:57:33 -------- d-----w- C:\Users\Shawn\AppData\Local\Xenocode

2011-12-13 01:40:24 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll

2011-12-13 01:39:58 74752 ----a-w- C:\Windows\System32\CLEyeDevices.dll

2011-12-13 01:39:56 -------- d-----w- C:\Program Files (x86)\Code Laboratories

2011-12-12 17:53:24 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Malwarebytes

2011-12-12 17:53:12 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-12 17:53:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-12 17:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-11 19:32:40 -------- d-----w- C:\Program Files (x86)\Paprikari

2011-12-11 10:00:23 -------- d-----w- C:\Users\Shawn\AppData\Local\VMware

2011-12-08 20:02:17 -------- d-----r- C:\Users\Shawn\Virtual Machines

2011-12-08 19:52:25 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui

2011-12-08 19:51:59 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys

2011-12-08 19:51:58 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll

2011-12-08 19:51:58 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys

2011-12-08 19:51:58 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys

2011-12-08 19:51:58 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll

2011-12-08 19:51:58 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe

2011-12-08 19:51:51 4514816 ----a-w- C:\Windows\System32\vpc.exe

2011-12-08 19:51:50 936448 ----a-w- C:\Windows\System32\vmsal.exe

2011-12-08 19:51:50 1210368 ----a-w- C:\Windows\System32\VMWindow.exe

2011-12-07 08:13:57 -------- d-----w- C:\Users\Shawn\.swt

2011-12-07 08:11:04 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Azureus

2011-12-07 08:10:05 -------- d-----w- C:\Program Files (x86)\Conduit

2011-12-07 08:09:57 -------- d-----w- C:\Users\Shawn\AppData\Local\Conduit

2011-12-07 06:23:31 -------- d-----w- C:\Users\Shawn\AppData\Local\IsolatedStorage

2011-12-07 00:25:35 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2011-12-07 00:25:12 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2011-12-06 23:09:18 -------- d-----w- C:\Program Files (x86)\Skin Pack

2011-12-06 23:08:58 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-12-06 23:08:57 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2011-12-06 23:08:56 2871808 ----a-w- C:\Windows\explorer.exe

2011-12-06 23:08:55 1927680 ----a-w- C:\Windows\System32\authui.dll

2011-12-06 23:08:54 1866240 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-12-06 23:08:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup

2011-12-06 23:08:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup

2011-12-06 23:08:31 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup

2011-12-06 23:08:30 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup

2011-12-06 23:08:29 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup

2011-12-05 09:06:39 -------- d-----w- C:\Users\Shawn\AppData\Roaming\Q-Dir

2011-11-29 18:37:43 -------- d-----w- C:\Users\Shawn\AppData\Local\ODUI

.

==================== Find3M ====================

.

2011-12-23 16:48:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-17 06:35:45 20266496 ----a-w- C:\Windows\System32\imageres.dll

2011-11-21 20:13:06 1114624 ----a-w- C:\Windows\memorb.exe

2011-11-14 02:05:42 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 0:26:13.00 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

How odd. Did that happen directly after running ComboFix?

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

Link to post
Share on other sites
shawn1970

shawn1970

Posted
  • Author
Posted

How odd. Did that happen directly after running ComboFix?

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

Yes it happened directly after. After a reboot I was able to use my account. Did same thing this time, I click on Firefox and give a error of file not accessible. I just log in a different user acct and this is how im replying to you. I deleted old CF Downloaded new one, and named it like you said. Before scan it said my Avast was still running but I had shut off the virus and spy engines. During the scan I got ALOT of pev.3xe not running and will close, searching for a fix. I kept closing out of it so the scan would finish.

On another note I just got a new user added to my PC just the other day, I have exclusive access to my PC. "uuid:10000000-0000-0000-0200-00125AAF45E5 (Shawn-VAIO\Mcx1-SHAWN-VAIO)" is the user account with full permissions! All folders are empty but I don't like it.

Here is the Combofix log.

ComboFix 12-01-01.06 - Shawn 01/02/2012 1:53.3.4 - x64 MINIMAL

6.1.7601.1.1252.1.1033.18.4044.3387 [GMT -6:00]

Running from: c:\users\Shawn\Desktop\Sega.com.exe

Command switches used :: /killall /nombr

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\asyncmac.sys

[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys

[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys

.

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\kbdclass.sys

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys

.

[7] 2010-11-21 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys

.

[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\ERDNT\cache64\ntfs.sys

[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys

[7] 2010-11-21 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys

.

[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\null.sys

[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys

[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys

.

[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys

[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\ERDNT\cache64\tcpip.sys

[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

[7] 2011-06-21 . F0E98C00A09FDF791525829A1D14240F . 1923968 . . [6.1.7601.17638] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys

[7] 2011-06-21 . A0EB71E0DC047C7CC95CD6AB4036296E . 1914752 . . [6.1.7601.21754] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys

[7] 2011-04-25 . B77977AEB2FF159D01DB08A309989C5F . 1927552 . . [6.1.7601.21712] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

[7] 2011-04-25 . 92CE29D95AC9DD2D0EE9061D551BA250 . 1923968 . . [6.1.7601.17603] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys

[7] 2010-11-21 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys

[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys

.

[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\tdx.sys

[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys

.

[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\browser.dll

[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll

[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll

.

[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\lsass.exe

[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\system32\lsass.exe

.

[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\netman.dll

[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll

.

[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\ERDNT\cache64\qmgr.dll

[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll

.

[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\rpcss.dll

[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll

.

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

.

[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\winlogon.exe

[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe

.

[7] 2010-11-21 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\ERDNT\cache64\wuauclt.exe

[7] 2010-11-21 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe

[7] 2010-11-21 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\system32\wuauclt.exe

.

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\ERDNT\cache64\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll

[7] 2010-11-21 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll

.

[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\ERDNT\cache64\comres.dll

[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll

[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll

.

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\cryptsvc.dll

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll

.

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\ERDNT\cache64\es.dll

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll

.

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\imm32.dll

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll

.

[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\ERDNT\cache64\usp10.dll

[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll

.

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\ERDNT\cache64\kernel32.dll

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll

[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll

[7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll

.

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\linkinfo.dll

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll

.

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll

.

[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\hnetcfg.dll

[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll

[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll

.

[7] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\ERDNT\cache64\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll

[7] 2011-09-01 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll

[7] 2011-09-01 . 0254785C0A7715E478FE89540A992CB5 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_88661f790ded918c\mshtml.dll

[7] 2011-07-13 . 82682BA2DF50B94CD798B8315B3F7896 . 17773056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_87e150ddf4cd3dc7\mshtml.dll

[7] 2011-07-13 . B2716DEC935FD5C8EEA66C1C0F7F5504 . 8995328 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_8be17f70affc8c29\mshtml.dll

[7] 2011-07-13 . 929F6341D1743D018D15B574B18B0D97 . 8995328 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_8c6e1d19c91777f8\mshtml.dll

[7] 2011-07-13 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll

[7] 2011-07-13 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll

[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll

.

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\ERDNT\cache64\msvcrt.dll

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\system32\msvcrt.dll

.

[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\mswsock.dll

[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll

[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll

.

[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll

.

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\powrprof.dll

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll

.

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\scecli.dll

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll

.

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\sfc.dll

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll

.

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\svchost.exe

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe

.

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\tapisrv.dll

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\user32.dll

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\userinit.exe

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe

.

[7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\ERDNT\cache64\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll

[7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16437] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll

[7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.20537] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll

[7] 2011-07-13 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll

[7] 2011-07-13 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll

[7] 2011-07-13 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll

[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll

.

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ws2_32.dll

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll

.

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ws2help.dll

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll

.

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\ole32.dll

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll

.

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\cngaudit.dll

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll

.

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\wininit.exe

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe

.

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ctfmon.exe

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe

.

[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\shsvcs.dll

[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll

[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll

.

[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\regsvc.dll

[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll

[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll

.

[7] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\schedsvc.dll

[7] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll

.

[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ssdpsrv.dll

[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll

[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll

.

[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\termsrv.dll

[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll

.

[7] 2011-07-13 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe

[7] 2011-07-13 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\ERDNT\cache64\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe

[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe

[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\system32\ntoskrnl.exe

.

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ksuser.dll

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll

.

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\ERDNT\cache64\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll

[7] 2010-11-21 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll

[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll

.

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\cryptsvc.dll

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll

[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll

.

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\ERDNT\cache64\es.dll

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll

.

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\imm32.dll

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll

.

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\ERDNT\cache64\kernel32.dll

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll

[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll

[7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll

.

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\linkinfo.dll

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll

.

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll

.

[7] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\ERDNT\cache64\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll

[7] 2011-09-01 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll

[7] 2011-09-01 . 0254785C0A7715E478FE89540A992CB5 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_88661f790ded918c\mshtml.dll

[7] 2011-07-13 . 82682BA2DF50B94CD798B8315B3F7896 . 17773056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_87e150ddf4cd3dc7\mshtml.dll

[7] 2011-07-13 . B2716DEC935FD5C8EEA66C1C0F7F5504 . 8995328 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_8be17f70affc8c29\mshtml.dll

[7] 2011-07-13 . 929F6341D1743D018D15B574B18B0D97 . 8995328 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_8c6e1d19c91777f8\mshtml.dll

[7] 2011-07-13 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll

[7] 2011-07-13 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll

[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll

.

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\ERDNT\cache64\msvcrt.dll

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\system32\msvcrt.dll

.

[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\mswsock.dll

[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll

.

[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\netlogon.dll

[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll

.

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\powrprof.dll

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll

.

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\scecli.dll

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll

.

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\sfc.dll

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll

.

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\svchost.exe

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe

.

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\tapisrv.dll

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll

[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\user32.dll

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\userinit.exe

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe

.

[7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\ERDNT\cache64\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll

[7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16437] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll

[7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.20537] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll

[7] 2011-07-13 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll

[7] 2011-07-13 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll

[7] 2011-07-13 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll

[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll

.

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ws2_32.dll

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll

[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll

.

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ws2help.dll

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll

.

[7] 2011-07-13 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[7] 2011-07-13 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe

[7] 2011-07-13 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[7] 2011-07-13 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

.

[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\regedit.exe

[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe

.

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache64\ole32.dll

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll

[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll

.

[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\ERDNT\cache64\usp10.dll

[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll

[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll

.

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ksuser.dll

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll

.

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\ctfmon.exe

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe

.

[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll

.

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\cngaudit.dll

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll

.

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\wininit.exe

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe

.

[7] 2009-07-14 . 39415B10172C431F5AB87488D79E9DC4 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_5726e0135925cd59\ias.dll

[7] 2009-07-14 . 39415B10172C431F5AB87488D79E9DC4 . 26624 . . [6.1.7600.16385] .. c:\windows\system32\ias.dll

.

.

.

[7] 2009-07-14 . D47EC6A8E81633DD18D2436B19BAF6DE . 353792 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476\upnphost.dll

[7] 2009-07-14 . D47EC6A8E81633DD18D2436B19BAF6DE . 353792 . . [6.1.7600.16385] .. c:\windows\system32\upnphost.dll

.

[7] 2009-07-14 . 9110FFAD124283F37D38771BB60556AF . 540672 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_b490afff5b93e5a7\dsound.dll

[7] 2009-07-14 . 9110FFAD124283F37D38771BB60556AF . 540672 . . [6.1.7600.16385] .. c:\windows\system32\dsound.dll

.

[7] 2010-11-21 . 4C3DAEE652B005B483F16B8E9131C99D . 2067456 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d9.dll

[7] 2010-11-21 . 4C3DAEE652B005B483F16B8E9131C99D . 2067456 . . [6.1.7601.17514] .. c:\windows\system32\d3d9.dll

.

[7] 2009-07-14 . A6C09924C6730DE8DEED9890A12AA691 . 569344 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564\ddraw.dll

[7] 2009-07-14 . A6C09924C6730DE8DEED9890A12AA691 . 569344 . . [6.1.7600.16385] .. c:\windows\system32\ddraw.dll

.

.

[7] 2009-07-14 . 8056A3E51B569C3F437A5026A0ABE66D . 44544 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f\perfctrs.dll

[7] 2009-07-14 . 8056A3E51B569C3F437A5026A0ABE66D . 44544 . . [6.1.7600.16385] .. c:\windows\system32\perfctrs.dll

.

[7] 2009-07-14 . 94E026870A55AAEAFF7853C1754091E9 . 29184 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_70f340d66a96c29b\version.dll

[7] 2009-07-14 . 94E026870A55AAEAFF7853C1754091E9 . 29184 . . [6.1.7600.16385] .. c:\windows\system32\version.dll

.

[7] 2011-07-13 . F1424C1B9B1813BF825E45DF3790BC8A . 754480 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe

[7] 2010-11-21 . 86257731DDB311FBC283534CC0091634 . 695056 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe

.

.

[7] 2011-07-13 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe

[7] 2011-07-13 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\ERDNT\cache64\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe

[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe

[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\system32\ntoskrnl.exe

.

[7] 2009-07-14 . CA2A0750ED830678997695FF61B04C30 . 20480 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\midimap.dll

[7] 2009-07-14 . CA2A0750ED830678997695FF61B04C30 . 20480 . . [6.1.7600.16385] .. c:\windows\system32\midimap.dll

.

[7] 2009-07-14 . 88351B29B622B30962D2FEB6CA8D860B . 16384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasadhlp.dll

[7] 2009-07-14 . 88351B29B622B30962D2FEB6CA8D860B . 16384 . . [6.1.7600.16385] .. c:\windows\system32\rasadhlp.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-12-28_18.47.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-28 23:02 . 2011-11-28 18:01 41184 c:\windows\avastSS.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]

R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]

R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R4 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R4 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-04-11 185648]

R4 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]

R4 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]

R4 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]

R4 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]

R4 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 MSSQL$APEX2005;SQL Server (APEX2005);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2126936641-927109298-4143588652-1000Core.job

- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 17:16]

.

2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2126936641-927109298-4143588652-1000UA.job

- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 17:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\d9r5zwvh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2126936641-927109298-4143588652-1000\Software\SecuROM\License information*]

"datasecu"=hex:e2,70,d4,69,de,75,10,d3,41,67,2d,08,cc,dd,a9,ab,91,96,85,af,7a,

82,19,eb,4c,90,e0,db,9f,25,83,9e,f2,8f,f8,11,6d,fa,61,f2,ff,85,73,b1,b3,98,\

"rkeysecu"=hex:94,41,ef,72,33,49,69,8d,86,a2,ab,25,e2,5b,54,ed

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0c\03\07\08\0d\17?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-02 02:21:42 - machine was rebooted

.

Pre-Run: 470,418,751,488 bytes free

Post-Run: 470,357,635,072 bytes free

.

Link to post
Share on other sites
shawn1970

shawn1970

Posted
  • Author
Posted

Yes we could do that. So far after I reboot everything works, but not until a reboot. What did you think about the new user that has been mysteriously created? Still no data in any of the folders.

Nevermind on the mystery user turns out it's my X-box that I enabled Windows media. I got a BSOD yesterday for the first time. It said somethin about BAD-POOL-CALLER. I was looking through the firewall tab/application rules in Avast finding that two programs don't have signed files?? Seems like the furether I look the more questionable things I find.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Without more details I can't really comment on the BSoD.

Download BlueScreenView and save it to your Desktop.

  • Double click on BlueScreenView.exe file to run the program.
  • When it finishes scanning, click Edit --> Select All.
  • Click File --> Save Selected Items
  • Save the report as BSOD.txt to your Desktop.
  • Post the contents of BSOD.txtin your next reply.

Link to post
Share on other sites
shawn1970

shawn1970

Posted
  • Author
Posted

Well it appears there isn't a report. I did a system restore to a month ago and therefore must not be a mini dump file. I apologize for making changes to my system without you giving the word. Other than missing files in some scans the PC doesn't act funny. I have changed anti-virus programs a couple times now and really have no clue which I should run. Started with Norton 360 then went to Avast paid version, now running Microsoft Security Essentials.

Reading other forums I believe I have some kind of infection due to missing files and going through some of my PC's event reports. I will wait for your suggestions and not install or uninstall any software. Otherwise I'm about ready to bring it in and have it wiped and re install the OS.

Thank you for all of your help.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Formatting the hard drive and reinstalling Windows may be the best option at this point. Getting a fresh start is always good, and then you can set your security programs without the clutter of what the others left behind. Let me know if that is what you would like to do.

Not sure what you mean by missing files though.

Link to post
Share on other sites
  • 2 months later...
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.