Jump to content

Recommended Posts

My brother did a number on his computer. I ran spybot, ccleaner, malwarebytes, and norton and it cleaned up ALOT of various trojans and other problems. it is running much better now but every 10 seconds or so svchost gets blocked by malwarebytes and i dont want to be messing with svchost on my own >.>

=====================

DDS log:

=====================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Kevin at 12:08:29 on 2012-01-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1618 [GMT -8:00]

.

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://sony.msn.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-NUJTH.exe" /REG /REGSVRMODE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{65A63C67-7443-4324-BD86-A4F725A89919} : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{65A63C67-7443-4324-BD86-A4F725A89919}\363696F536F6E6E6563647 : DhcpNameServer = 10.121.3.4 10.121.11.137

TCP: Interfaces\{DF805F43-CB24-4816-A91F-997C5EC357BD} : DhcpNameServer = 192.52.120.29

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar - No File

BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-NUJTH.exe" /REG /REGSVRMODE

AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-28 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-22 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-22 1817088]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-1 652872]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2012-1-1 126392]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-1 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

.

=============== Created Last 30 ================

.

2012-01-01 09:56:51 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys

2012-01-01 09:56:50 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys

2012-01-01 09:56:50 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys

2012-01-01 09:56:50 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys

2012-01-01 09:56:49 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys

2012-01-01 09:56:49 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys

2012-01-01 09:56:49 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys

2012-01-01 09:55:23 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005

2012-01-01 09:39:19 709968 ----a-w- C:\Windows\is-NUJTH.exe

2012-01-01 07:29:41 -------- d-----w- C:\Users\Kevin\AppData\Local\PMB Files

2012-01-01 07:27:27 20480 ----a-w- C:\Windows\svchost.exe

2012-01-01 04:12:24 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2012-01-01 02:56:30 208896 ----a-w- C:\Windows\MBR.exe

2012-01-01 02:56:29 98816 ----a-w- C:\Windows\sed.exe

2012-01-01 02:56:29 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-01 02:56:29 256000 ----a-w- C:\Windows\PEV.exe

2012-01-01 02:56:03 -------- d-s---w- C:\ComboFix

2012-01-01 02:44:11 -------- d-----w- C:\ProgramData\PC Tools

2012-01-01 02:44:10 -------- d-----w- C:\Users\Kevin\AppData\Roaming\TestApp

2012-01-01 02:39:06 1832 ----a-w- C:\Windows\SysWow64\tmp.reg

2012-01-01 02:33:48 87552 ----a-w- C:\Windows\SysWow64\VACFix.exe

2012-01-01 02:33:48 82944 ----a-w- C:\Windows\SysWow64\IEDFix.exe

2012-01-01 02:33:48 82944 ----a-w- C:\Windows\SysWow64\IEDFix.C.exe

2012-01-01 02:33:48 82432 ----a-w- C:\Windows\SysWow64\404Fix.exe

2012-01-01 02:33:48 80384 ----a-w- C:\Windows\SysWow64\o4Patch.exe

2012-01-01 02:33:48 78336 ----a-w- C:\Windows\SysWow64\Agent.OMZ.Fix.exe

2012-01-01 02:33:48 75776 ----a-w- C:\Windows\SysWow64\WS2Fix.exe

2012-01-01 02:33:48 51200 ----a-w- C:\Windows\SysWow64\dumphive.exe

2012-01-01 02:33:48 289144 ----a-w- C:\Windows\SysWow64\VCCLSID.exe

2012-01-01 02:33:47 53248 ----a-w- C:\Windows\SysWow64\Process.exe

2012-01-01 02:33:47 288417 ----a-w- C:\Windows\SysWow64\SrchSTS.exe

2012-01-01 01:29:17 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-01-01 01:29:17 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll

2012-01-01 01:29:17 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll

2012-01-01 01:28:43 -------- d-----w- C:\Program Files (x86)\Norton 360

2012-01-01 01:28:33 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2011-12-31 22:22:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-12-31 22:22:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-12-31 22:22:34 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2011-12-31 22:21:52 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-31 22:21:51 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-31 22:21:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-31 22:18:07 -------- d-----w- C:\Users\Kevin\AppData\Roaming\GetRightToGo

2011-12-30 22:15:04 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP

2011-12-30 21:19:07 -------- d-----w- C:\Program Files\Symantec

2011-12-28 05:09:45 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Tific

2011-12-28 05:09:43 -------- d-----w- C:\Users\Kevin\AppData\Local\Symantec

2011-12-28 04:51:54 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-12-26 20:56:59 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll

2011-12-26 20:55:59 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll

2011-12-26 20:53:38 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll

2011-12-26 20:53:37 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll

2011-12-26 20:53:36 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll

2011-12-26 20:53:29 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2011-12-19 22:19:49 -------- d-----w- C:\Users\Kevin\AppData\Local\LogMeIn Hamachi

2011-12-19 22:18:38 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-12-17 21:24:38 102400 ----a-w- C:\Windows\SysWow64\srrstr.dll

2011-12-16 22:20:34 -------- d-----w- C:\Users\Kevin\AppData\Local\Ilivid Player

2011-12-16 22:19:52 -------- dc-h--w- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}

2011-12-16 22:19:37 -------- d-----w- C:\Program Files (x86)\iLivid

2011-12-16 22:18:53 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar

2011-12-16 22:18:40 -------- d-----w- C:\Users\Kevin\AppData\Local\PackageAware

2011-12-14 02:04:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2011-12-14 02:04:10 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2011-12-14 02:04:09 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2011-12-14 02:04:09 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2011-12-14 02:04:08 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2011-12-14 02:04:07 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2011-12-14 02:04:06 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2011-12-09 03:26:47 -------- d-----w- C:\Program Files (x86)\Steam

.

==================== Find3M ====================

.

2012-01-01 01:29:04 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-23 02:16:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 03:16:09 2829 ----a-w- C:\Windows\War3Unin.pif

2011-11-17 03:16:09 139264 ----a-w- C:\Windows\War3Unin.exe

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

.

============= FINISH: 12:12:53.25 ===============

=====================

Attach log:

=====================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/27/2011 13:32:48

System Uptime: 1/1/2012 12:01:05 (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | N/A | 782/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 585 GiB total, 525.422 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP51: 1/1/2012 01:30:27 - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1) MUI

Application Manager for VAIO

ArcSoft WebCam Companion 4

Best Buy pc app

Corel WinDVD

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dota 2

Dwarfs!?

GameTap Web Player

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

iLivid

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Wireless Display

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

League of Legends

LogMeIn Hamachi

Magicka

Malwarebytes Anti-Malware version 1.60.0.1800

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Might and Magic Heroes VI Demo

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Norton 360

Oasis2Service

OOBE

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation 3

Rise of Immortals

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype Click to Call

Skype™ 5.5

Spybot - Search & Destroy

SSLx86

Steam

Super Mario Bros. X version 1.3

Terraria

The Lord of the Rings Online™ v03.03.05.8039

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Improvement

VAIO Manual

VAIO Messenger

VAIO Quick Web Access

VAIO Sample Contents

VAIO Satisfaction Survey.

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VCCx86

Ventrilo Client

VESx86

VIx86

VWSTx86

War Inc. Battlezone

Warcraft III

Warcraft III: All Products

Windows iLivid Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

12/31/2011 21:48:36, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/31/2011 21:41:54, Error: Service Control Manager [7000] - The RetrogamerService service failed to start due to the following error: The system cannot find the path specified.

12/31/2011 20:08:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

12/31/2011 19:37:44, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/31/2011 19:20:29, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/31/2011 17:23:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP SymIRON

12/31/2011 17:23:49, Error: Service Control Manager [7000] - The Norton 360 service failed to start due to the following error: The system cannot find the file specified.

12/30/2011 18:27:33, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kevin-Rhodes\KKR SID (S-1-5-21-2488756530-924728428-4039354960-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/30/2011 17:50:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff960000ae627, 0xfffff880079e7c30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123011-60575-01.

12/30/2011 16:47:25, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259

12/30/2011 14:39:01, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/30/2011 14:03:47, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/29/2011 12:15:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff960000ae627, 0xfffff88007db8c30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-46503-01.

12/29/2011 12:04:36, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

12/29/2011 11:49:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff9600010e627, 0xfffff880083e8c30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-66440-01.

12/29/2011 11:45:30, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/29/2011 10:38:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/29/2011 10:38:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/29/2011 10:38:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/29/2011 10:37:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/29/2011 10:36:46, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

12/29/2011 10:36:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6

12/29/2011 10:05:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d05b5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-71713-01.

12/29/2011 07:47:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff9600010e627, 0xfffff88007dcbc30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-32292-01.

12/28/2011 22:35:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

12/28/2011 21:07:37, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/28/2011 21:07:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/28/2011 21:07:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2011 21:07:17, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2011 17:46:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

12/28/2011 17:45:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.

12/28/2011 13:47:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

12/28/2011 05:46:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/28/2011 05:46:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VAIO Event Service service.

1/1/2012 12:11:26, Error: bowser [8003] - The master browser has received a server announcement from the computer OK-COMPUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{65A63C67-7443-4324-BD86-A4F725A89919}. The master browser is stopping or an election is being forced.

1/1/2012 10:47:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbcf6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010112-40731-01.

1/1/2012 01:57:22, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.

1/1/2012 01:56:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

1/1/2012 01:56:25, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/1/2012 01:49:57, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

1/1/2012 01:49:57, Error: Service Control Manager [7000] - The Symantec Real Time Storage Protection x64 service failed to start due to the following error: Cannot create a file when that file already exists.

1/1/2012 01:40:02, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

1/1/2012 01:39:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351).

1/1/2012 01:30:31, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/1/2012 01:04:16, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

1/1/2012 00:39:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

1/1/2012 00:39:28, Error: Service Control Manager [7000] - The RetrogamerService service failed to start due to the following error: The system cannot find the file specified.

1/1/2012 00:39:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00541c000, 0x0000000000000000, 0xfffff80002ce938e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010112-65598-01.

1/1/2012 00:39:02, Error: SRTSP [4] - Error loading virus definitions.

1/1/2012 00:16:06, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Thanks in advance

-Sage

Turns out, it was probably a rootkit. I ran tdsskiller and it caught and removed something. i went ahead and ran malwarebytes again, and nothing showed up this time, so im guessing it was taken care of. in any case if someone could help me confirm that everything is as it should be, that would be appreciated.

kdsskiller log, incase it helps:

14:04:54.0252 2840 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

14:04:54.0268 2840 ============================================================

14:04:54.0268 2840 Current date / time: 2012/01/02 14:04:54.0268

14:04:54.0268 2840 SystemInfo:

14:04:54.0268 2840

14:04:54.0268 2840 OS Version: 6.1.7601 ServicePack: 1.0

14:04:54.0268 2840 Product type: Workstation

14:04:54.0268 2840 ComputerName: KEVIN-RHODES

14:04:54.0268 2840 UserName: Kevin

14:04:54.0268 2840 Windows directory: C:\Windows

14:04:54.0268 2840 System windows directory: C:\Windows

14:04:54.0268 2840 Running under WOW64

14:04:54.0268 2840 Processor architecture: Intel x64

14:04:54.0268 2840 Number of processors: 4

14:04:54.0268 2840 Page size: 0x1000

14:04:54.0268 2840 Boot type: Normal boot

14:04:54.0268 2840 ============================================================

14:04:55.0672 2840 Initialize success

14:05:00.0492 3020 ============================================================

14:05:00.0492 3020 Scan started

14:05:00.0492 3020 Mode: Manual;

14:05:00.0492 3020 ============================================================

14:05:00.0882 3020 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:05:00.0898 3020 1394ohci - ok

14:05:01.0038 3020 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:05:01.0069 3020 ACPI - ok

14:05:01.0412 3020 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:05:01.0412 3020 AcpiPmi - ok

14:05:01.0724 3020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:05:01.0740 3020 adp94xx - ok

14:05:01.0896 3020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:05:01.0912 3020 adpahci - ok

14:05:02.0224 3020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:05:02.0224 3020 adpu320 - ok

14:05:02.0426 3020 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

14:05:02.0426 3020 AFD - ok

14:05:02.0582 3020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:05:02.0582 3020 agp440 - ok

14:05:02.0738 3020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:05:02.0738 3020 aliide - ok

14:05:02.0863 3020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:05:02.0863 3020 amdide - ok

14:05:03.0050 3020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:05:03.0050 3020 AmdK8 - ok

14:05:03.0191 3020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

14:05:03.0191 3020 AmdPPM - ok

14:05:03.0331 3020 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:05:03.0331 3020 amdsata - ok

14:05:03.0503 3020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:05:03.0503 3020 amdsbs - ok

14:05:03.0643 3020 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:05:03.0643 3020 amdxata - ok

14:05:03.0784 3020 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:05:03.0784 3020 AppID - ok

14:05:03.0924 3020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:05:03.0924 3020 arc - ok

14:05:04.0064 3020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:05:04.0064 3020 arcsas - ok

14:05:04.0376 3020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:05:04.0376 3020 AsyncMac - ok

14:05:04.0610 3020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:05:04.0626 3020 atapi - ok

14:05:04.0860 3020 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

14:05:04.0876 3020 athr - ok

14:05:05.0078 3020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:05:05.0078 3020 b06bdrv - ok

14:05:05.0188 3020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:05:05.0188 3020 b57nd60a - ok

14:05:05.0312 3020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:05:05.0312 3020 Beep - ok

14:05:05.0578 3020 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys

14:05:05.0578 3020 BHDrvx64 - ok

14:05:05.0687 3020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:05:05.0687 3020 blbdrive - ok

14:05:05.0812 3020 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:05:05.0812 3020 bowser - ok

14:05:05.0874 3020 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\Windows\system32\DRIVERS\bpenum.sys

14:05:05.0874 3020 bpenum - ok

14:05:05.0983 3020 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\Windows\system32\DRIVERS\bpmp.sys

14:05:05.0983 3020 bpmp - ok

14:05:06.0108 3020 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\Windows\system32\Drivers\bpusb.sys

14:05:06.0108 3020 bpusb - ok

14:05:06.0233 3020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:05:06.0233 3020 BrFiltLo - ok

14:05:06.0342 3020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:05:06.0342 3020 BrFiltUp - ok

14:05:06.0529 3020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:05:06.0545 3020 Brserid - ok

14:05:06.0701 3020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:05:06.0701 3020 BrSerWdm - ok

14:05:06.0810 3020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:05:06.0826 3020 BrUsbMdm - ok

14:05:06.0935 3020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:05:06.0935 3020 BrUsbSer - ok

14:05:07.0106 3020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:05:07.0106 3020 BTHMODEM - ok

14:05:07.0184 3020 catchme - ok

14:05:07.0340 3020 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys

14:05:07.0340 3020 ccHP - ok

14:05:07.0668 3020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:05:07.0668 3020 cdfs - ok

14:05:07.0824 3020 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:05:07.0824 3020 cdrom - ok

14:05:07.0996 3020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:05:07.0996 3020 circlass - ok

14:05:08.0042 3020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:05:08.0042 3020 CLFS - ok

14:05:08.0230 3020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:05:08.0230 3020 CmBatt - ok

14:05:08.0339 3020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:05:08.0339 3020 cmdide - ok

14:05:08.0542 3020 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

14:05:08.0542 3020 CNG - ok

14:05:08.0682 3020 CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys

14:05:08.0698 3020 CnxtHdAudService - ok

14:05:08.0822 3020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:05:08.0822 3020 Compbatt - ok

14:05:08.0947 3020 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:05:08.0947 3020 CompositeBus - ok

14:05:09.0134 3020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:05:09.0134 3020 crcdisk - ok

14:05:09.0322 3020 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:05:09.0322 3020 DfsC - ok

14:05:09.0509 3020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:05:09.0524 3020 discache - ok

14:05:09.0883 3020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:05:09.0883 3020 Disk - ok

14:05:10.0289 3020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:05:10.0289 3020 drmkaud - ok

14:05:10.0367 3020 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:05:10.0367 3020 DXGKrnl - ok

14:05:10.0538 3020 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

14:05:10.0538 3020 e1yexpress - ok

14:05:10.0835 3020 EagleX64 - ok

14:05:11.0178 3020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:05:11.0240 3020 ebdrv - ok

14:05:11.0381 3020 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:05:11.0396 3020 eeCtrl - ok

14:05:11.0599 3020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:05:11.0615 3020 elxstor - ok

14:05:11.0724 3020 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:05:11.0724 3020 EraserUtilRebootDrv - ok

14:05:11.0833 3020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:05:11.0833 3020 ErrDev - ok

14:05:11.0974 3020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:05:11.0974 3020 exfat - ok

14:05:12.0005 3020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:05:12.0005 3020 fastfat - ok

14:05:12.0192 3020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

14:05:12.0192 3020 fdc - ok

14:05:12.0317 3020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:05:12.0317 3020 FileInfo - ok

14:05:12.0442 3020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:05:12.0442 3020 Filetrace - ok

14:05:13.0003 3020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

14:05:13.0003 3020 flpydisk - ok

14:05:13.0019 3020 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:05:13.0034 3020 FltMgr - ok

14:05:13.0206 3020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:05:13.0206 3020 FsDepends - ok

14:05:13.0362 3020 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:05:13.0362 3020 Fs_Rec - ok

14:05:13.0502 3020 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:05:13.0502 3020 fvevol - ok

14:05:14.0064 3020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:05:14.0064 3020 gagp30kx - ok

14:05:14.0158 3020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:05:14.0158 3020 GEARAspiWDM - ok

14:05:14.0314 3020 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

14:05:14.0314 3020 hamachi - ok

14:05:14.0938 3020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:05:14.0938 3020 hcw85cir - ok

14:05:15.0172 3020 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:05:15.0172 3020 HdAudAddService - ok

14:05:15.0296 3020 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:05:15.0312 3020 HDAudBus - ok

14:05:15.0546 3020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:05:15.0546 3020 HidBatt - ok

14:05:15.0640 3020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:05:15.0640 3020 HidBth - ok

14:05:15.0764 3020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:05:15.0764 3020 HidIr - ok

14:05:15.0889 3020 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:05:15.0889 3020 HidUsb - ok

14:05:16.0108 3020 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:05:16.0108 3020 HpSAMD - ok

14:05:16.0232 3020 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:05:16.0248 3020 HTTP - ok

14:05:16.0373 3020 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:05:16.0373 3020 hwpolicy - ok

14:05:16.0591 3020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:05:16.0591 3020 i8042prt - ok

14:05:17.0106 3020 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

14:05:17.0106 3020 iaStor - ok

14:05:17.0262 3020 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:05:17.0278 3020 iaStorV - ok

14:05:17.0449 3020 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111228.001\IDSvia64.sys

14:05:17.0449 3020 IDSVia64 - ok

14:05:17.0746 3020 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys

14:05:17.0948 3020 igfx - ok

14:05:18.0073 3020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:05:18.0073 3020 iirsp - ok

14:05:18.0198 3020 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

14:05:18.0198 3020 IntcDAud - ok

14:05:18.0276 3020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:05:18.0276 3020 intelide - ok

14:05:18.0385 3020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:05:18.0385 3020 intelppm - ok

14:05:18.0494 3020 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:05:18.0494 3020 IpFilterDriver - ok

14:05:18.0588 3020 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:05:18.0588 3020 IPMIDRV - ok

14:05:18.0713 3020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:05:18.0728 3020 IPNAT - ok

14:05:18.0853 3020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:05:18.0853 3020 IRENUM - ok

14:05:18.0978 3020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:05:18.0978 3020 isapnp - ok

14:05:19.0103 3020 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:05:19.0103 3020 iScsiPrt - ok

14:05:19.0243 3020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:05:19.0259 3020 kbdclass - ok

14:05:19.0352 3020 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:05:19.0352 3020 kbdhid - ok

14:05:19.0462 3020 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

14:05:19.0462 3020 KSecDD - ok

14:05:19.0571 3020 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

14:05:19.0571 3020 KSecPkg - ok

14:05:19.0696 3020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:05:19.0696 3020 ksthunk - ok

14:05:19.0805 3020 L1C (95ca93fc12be372bb952669f37fff9c5) C:\Windows\system32\DRIVERS\L1C62x64.sys

14:05:19.0805 3020 L1C - ok

14:05:19.0945 3020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:05:19.0945 3020 lltdio - ok

14:05:20.0101 3020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:05:20.0101 3020 LSI_FC - ok

14:05:20.0210 3020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:05:20.0210 3020 LSI_SAS - ok

14:05:20.0320 3020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:05:20.0320 3020 LSI_SAS2 - ok

14:05:20.0444 3020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:05:20.0444 3020 LSI_SCSI - ok

14:05:20.0554 3020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:05:20.0554 3020 luafv - ok

14:05:20.0678 3020 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

14:05:20.0678 3020 MBAMProtector - ok

14:05:20.0819 3020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:05:20.0819 3020 megasas - ok

14:05:20.0944 3020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:05:20.0944 3020 MegaSR - ok

14:05:21.0053 3020 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

14:05:21.0053 3020 MEIx64 - ok

14:05:21.0162 3020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:05:21.0162 3020 Modem - ok

14:05:21.0256 3020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:05:21.0256 3020 monitor - ok

14:05:21.0318 3020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:05:21.0318 3020 mouclass - ok

14:05:21.0458 3020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:05:21.0458 3020 mouhid - ok

14:05:21.0536 3020 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:05:21.0536 3020 mountmgr - ok

14:05:21.0614 3020 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:05:21.0630 3020 mpio - ok

14:05:21.0755 3020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:05:21.0755 3020 mpsdrv - ok

14:05:21.0880 3020 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:05:21.0880 3020 MRxDAV - ok

14:05:22.0004 3020 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:05:22.0004 3020 mrxsmb - ok

14:05:22.0098 3020 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:05:22.0098 3020 mrxsmb10 - ok

14:05:22.0238 3020 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:05:22.0254 3020 mrxsmb20 - ok

14:05:22.0348 3020 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:05:22.0348 3020 msahci - ok

14:05:22.0441 3020 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:05:22.0441 3020 msdsm - ok

14:05:22.0566 3020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:05:22.0566 3020 Msfs - ok

14:05:22.0691 3020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:05:22.0691 3020 mshidkmdf - ok

14:05:22.0800 3020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:05:22.0800 3020 msisadrv - ok

14:05:22.0925 3020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:05:22.0940 3020 MSKSSRV - ok

14:05:23.0050 3020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:05:23.0050 3020 MSPCLOCK - ok

14:05:23.0174 3020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:05:23.0174 3020 MSPQM - ok

14:05:23.0284 3020 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:05:23.0284 3020 MsRPC - ok

14:05:23.0408 3020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:05:23.0408 3020 mssmbios - ok

14:05:23.0549 3020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:05:23.0549 3020 MSTEE - ok

14:05:23.0689 3020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:05:23.0689 3020 MTConfig - ok

14:05:23.0845 3020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:05:23.0845 3020 Mup - ok

14:05:24.0048 3020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:05:24.0048 3020 NativeWifiP - ok

14:05:24.0282 3020 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111231.022\ENG64.SYS

14:05:24.0282 3020 NAVENG - ok

14:05:24.0875 3020 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111231.022\EX64.SYS

14:05:24.0890 3020 NAVEX15 - ok

14:05:25.0202 3020 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:05:25.0202 3020 NDIS - ok

14:05:25.0670 3020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:05:25.0670 3020 NdisCap - ok

14:05:26.0138 3020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:05:26.0138 3020 NdisTapi - ok

14:05:26.0575 3020 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:05:26.0575 3020 Ndisuio - ok

14:05:26.0934 3020 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:05:26.0934 3020 NdisWan - ok

14:05:27.0074 3020 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:05:27.0074 3020 NDProxy - ok

14:05:27.0340 3020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:05:27.0340 3020 NetBIOS - ok

14:05:27.0776 3020 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:05:27.0776 3020 NetBT - ok

14:05:29.0118 3020 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

14:05:29.0290 3020 NETwNs64 - ok

14:05:29.0508 3020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:05:29.0695 3020 nfrd960 - ok

14:05:29.0882 3020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:05:29.0882 3020 Npfs - ok

14:05:29.0914 3020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:05:29.0914 3020 nsiproxy - ok

14:05:30.0319 3020 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:05:30.0335 3020 Ntfs - ok

14:05:30.0647 3020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:05:30.0647 3020 Null - ok

14:05:31.0708 3020 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:05:31.0942 3020 nvlddmkm - ok

14:05:32.0300 3020 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:05:32.0300 3020 nvraid - ok

14:05:32.0566 3020 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:05:32.0566 3020 nvstor - ok

14:05:32.0940 3020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:05:32.0956 3020 nv_agp - ok

14:05:33.0346 3020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:05:33.0346 3020 ohci1394 - ok

14:05:33.0954 3020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:05:33.0954 3020 Parport - ok

14:05:34.0235 3020 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:05:34.0235 3020 partmgr - ok

14:05:34.0328 3020 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:05:34.0328 3020 pci - ok

14:05:34.0406 3020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:05:34.0406 3020 pciide - ok

14:05:34.0516 3020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:05:34.0516 3020 pcmcia - ok

14:05:34.0578 3020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:05:34.0578 3020 pcw - ok

14:05:34.0640 3020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:05:34.0640 3020 PEAUTH - ok

14:05:35.0062 3020 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:05:35.0062 3020 PptpMiniport - ok

14:05:35.0405 3020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:05:35.0405 3020 Processor - ok

14:05:35.0498 3020 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:05:35.0498 3020 Psched - ok

14:05:35.0920 3020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:05:35.0998 3020 ql2300 - ok

14:05:36.0419 3020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:05:36.0419 3020 ql40xx - ok

14:05:36.0622 3020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:05:36.0622 3020 QWAVEdrv - ok

14:05:36.0700 3020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:05:36.0700 3020 RasAcd - ok

14:05:36.0887 3020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:05:36.0887 3020 RasAgileVpn - ok

14:05:37.0043 3020 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:05:37.0058 3020 Rasl2tp - ok

14:05:37.0105 3020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:05:37.0121 3020 RasPppoe - ok

14:05:37.0246 3020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:05:37.0246 3020 RasSstp - ok

14:05:37.0292 3020 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:05:37.0308 3020 rdbss - ok

14:05:37.0339 3020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

14:05:37.0355 3020 rdpbus - ok

14:05:37.0433 3020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:05:37.0433 3020 RDPCDD - ok

14:05:37.0542 3020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:05:37.0542 3020 RDPENCDD - ok

14:05:37.0604 3020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:05:37.0604 3020 RDPREFMP - ok

14:05:37.0682 3020 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

14:05:37.0682 3020 RDPWD - ok

14:05:37.0698 3020 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:05:37.0698 3020 rdyboost - ok

14:05:37.0838 3020 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

14:05:37.0838 3020 regi - ok

14:05:38.0353 3020 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys

14:05:38.0353 3020 RSPCIESTOR - ok

14:05:38.0852 3020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:05:38.0852 3020 rspndr - ok

14:05:39.0118 3020 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:05:39.0118 3020 sbp2port - ok

14:05:39.0539 3020 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:05:39.0554 3020 scfilter - ok

14:05:40.0132 3020 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

14:05:40.0132 3020 sdbus - ok

14:05:40.0818 3020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:05:40.0818 3020 secdrv - ok

14:05:41.0255 3020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

14:05:41.0255 3020 Serenum - ok

14:05:41.0364 3020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

14:05:41.0364 3020 Serial - ok

14:05:41.0395 3020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:05:41.0395 3020 sermouse - ok

14:05:41.0567 3020 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys

14:05:41.0567 3020 SFEP - ok

14:05:41.0816 3020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:05:41.0816 3020 sffdisk - ok

14:05:42.0050 3020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:05:42.0050 3020 sffp_mmc - ok

14:05:42.0300 3020 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:05:42.0300 3020 sffp_sd - ok

14:05:42.0503 3020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:05:42.0503 3020 sfloppy - ok

14:05:42.0768 3020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:05:42.0768 3020 SiSRaid2 - ok

14:05:42.0877 3020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:05:42.0877 3020 SiSRaid4 - ok

14:05:43.0142 3020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:05:43.0142 3020 Smb - ok

14:05:43.0766 3020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:05:43.0766 3020 spldr - ok

14:05:44.0422 3020 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS

14:05:44.0422 3020 SRTSP - ok

14:05:44.0921 3020 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS

14:05:44.0921 3020 SRTSPX - ok

14:05:45.0404 3020 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:05:45.0404 3020 srv - ok

14:05:45.0857 3020 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:05:45.0857 3020 srv2 - ok

14:05:46.0372 3020 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:05:46.0372 3020 srvnet - ok

14:05:46.0574 3020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:05:46.0574 3020 stexstor - ok

14:05:46.0684 3020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:05:46.0684 3020 swenum - ok

14:05:46.0855 3020 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS

14:05:46.0855 3020 SymDS - ok

14:05:47.0089 3020 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS

14:05:47.0089 3020 SymEFA - ok

14:05:47.0199 3020 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

14:05:47.0199 3020 SymEvent - ok

14:05:47.0292 3020 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS

14:05:47.0292 3020 SymIRON - ok

14:05:47.0433 3020 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS

14:05:47.0433 3020 SYMTDIv - ok

14:05:47.0573 3020 SynTP (c43e3ca9c672b2ec30b66cce0b89bd36) C:\Windows\system32\DRIVERS\SynTP.sys

14:05:47.0573 3020 SynTP - ok

14:05:47.0807 3020 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:05:47.0823 3020 Tcpip - ok

14:05:48.0010 3020 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:05:48.0010 3020 TCPIP6 - ok

14:05:48.0197 3020 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:05:48.0197 3020 tcpipreg - ok

14:05:48.0400 3020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:05:48.0415 3020 TDPIPE - ok

14:05:48.0431 3020 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

14:05:48.0431 3020 TDTCP - ok

14:05:48.0462 3020 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:05:48.0462 3020 tdx - ok

14:05:48.0478 3020 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:05:48.0478 3020 TermDD - ok

14:05:48.0525 3020 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:05:48.0525 3020 tssecsrv - ok

14:05:48.0556 3020 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:05:48.0556 3020 TsUsbFlt - ok

14:05:48.0571 3020 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:05:48.0571 3020 TsUsbGD - ok

14:05:48.0618 3020 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:05:48.0618 3020 tunnel - ok

14:05:48.0649 3020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:05:48.0649 3020 uagp35 - ok

14:05:48.0665 3020 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:05:48.0665 3020 udfs - ok

14:05:48.0712 3020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:05:48.0712 3020 uliagpkx - ok

14:05:48.0743 3020 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:05:48.0743 3020 umbus - ok

14:05:48.0759 3020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

14:05:48.0759 3020 UmPass - ok

14:05:48.0821 3020 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:05:48.0821 3020 usbccgp - ok

14:05:48.0837 3020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:05:48.0837 3020 usbcir - ok

14:05:48.0868 3020 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:05:48.0868 3020 usbehci - ok

14:05:48.0899 3020 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:05:48.0899 3020 usbhub - ok

14:05:48.0930 3020 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:05:48.0930 3020 usbohci - ok

14:05:48.0961 3020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

14:05:48.0961 3020 usbprint - ok

14:05:48.0993 3020 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:05:48.0993 3020 USBSTOR - ok

14:05:49.0024 3020 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:05:49.0024 3020 usbuhci - ok

14:05:49.0071 3020 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

14:05:49.0071 3020 usbvideo - ok

14:05:49.0102 3020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:05:49.0102 3020 vdrvroot - ok

14:05:49.0133 3020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:05:49.0149 3020 vga - ok

14:05:49.0164 3020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:05:49.0164 3020 VgaSave - ok

14:05:49.0164 3020 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:05:49.0180 3020 vhdmp - ok

14:05:49.0180 3020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:05:49.0195 3020 viaide - ok

14:05:49.0227 3020 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:05:49.0227 3020 volmgr - ok

14:05:49.0242 3020 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:05:49.0258 3020 volmgrx - ok

14:05:49.0320 3020 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:05:49.0320 3020 volsnap - ok

14:05:49.0367 3020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:05:49.0367 3020 vsmraid - ok

14:05:49.0429 3020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:05:49.0429 3020 vwifibus - ok

14:05:49.0445 3020 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:05:49.0445 3020 vwififlt - ok

14:05:49.0476 3020 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

14:05:49.0476 3020 vwifimp - ok

14:05:49.0507 3020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:05:49.0507 3020 WacomPen - ok

14:05:49.0554 3020 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:05:49.0554 3020 WANARP - ok

14:05:49.0570 3020 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:05:49.0570 3020 Wanarpv6 - ok

14:05:49.0617 3020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:05:49.0617 3020 Wd - ok

14:05:49.0710 3020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:05:49.0726 3020 Wdf01000 - ok

14:05:49.0882 3020 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys

14:05:49.0882 3020 wdkmd - ok

14:05:50.0022 3020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:05:50.0022 3020 WfpLwf - ok

14:05:50.0147 3020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:05:50.0147 3020 WIMMount - ok

14:05:50.0334 3020 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:05:50.0334 3020 WinUsb - ok

14:05:50.0506 3020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:05:50.0506 3020 WmiAcpi - ok

14:05:50.0646 3020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:05:50.0646 3020 ws2ifsl - ok

14:05:50.0771 3020 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:05:50.0771 3020 WudfPf - ok

14:05:50.0911 3020 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:05:50.0911 3020 WUDFRd - ok

14:05:50.0958 3020 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

14:05:50.0989 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

14:05:50.0989 3020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

14:05:50.0989 3020 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1

14:05:58.0243 3020 \Device\Harddisk1\DR1 - ok

14:05:58.0275 3020 Boot (0x1200) (17367cd1e3944321544a54c60508085e) \Device\Harddisk0\DR0\Partition0

14:05:58.0275 3020 \Device\Harddisk0\DR0\Partition0 - ok

14:05:58.0290 3020 Boot (0x1200) (f768241a21403a8323bf9e4b3801e799) \Device\Harddisk0\DR0\Partition1

14:05:58.0290 3020 \Device\Harddisk0\DR0\Partition1 - ok

14:05:58.0290 3020 Boot (0x1200) (8404995c06019db14f281717f0d0ce07) \Device\Harddisk1\DR1\Partition0

14:05:58.0290 3020 \Device\Harddisk1\DR1\Partition0 - ok

14:05:58.0290 3020 ============================================================

14:05:58.0290 3020 Scan finished

14:05:58.0290 3020 ============================================================

14:05:58.0306 3000 Detected object count: 1

14:05:58.0306 3000 Actual detected object count: 1

14:06:10.0723 3000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

14:06:10.0723 3000 \Device\Harddisk0\DR0 - ok

14:06:10.0723 3000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

14:06:13.0812 2388 Deinitialize success

Post Merged

Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

FSS log:

Farbar Service Scanner

Ran by Kevin (administrator) on 06-01-2012 at 11:03:10

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Rouguekiller Log:

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Kevin [Admin rights]

Mode: Scan -- Date : 01/06/2012 11:03:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] winupd.job : C:\Users\Kevin\AppData\Local\Temp:winupd.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 6567ef6e90d99f20db2ee594506ce221

[bSP] efeed16a79f1d6284d6ae7539f9d1b38 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 11460 Mo

1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 22386688 | Size: 104 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 22591488 | Size: 628567 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 16bb170d881993d75e02499f1e72f5e2

[bSP] dec9f0908d0564afbcbcc26fa1ab4266 : MBR Code unknown

Partition table:

0 - [ACTIVE] FAT16 [VISIBLE] Offset (sectors): 63 | Size: 2021 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

After a restart, it seems to have fixed itself.

Log file:

ComboFix 12-01-06.01 - Kevin 01/06/2012 11:30:28.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2250 [GMT -8:00]

Running from: c:\users\Kevin\Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))

.

.

2012-01-06 19:40 . 2012-01-06 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-02 22:25 . 2012-01-02 22:25 -------- d-----w- c:\users\Kevin\AppData\Local\Mozilla

2012-01-01 20:41 . 2012-01-02 04:34 -------- d-----w- c:\windows\system32\drivers\N360x64\0404000.00C

2012-01-01 07:29 . 2012-01-01 08:42 -------- d-----w- c:\users\Kevin\AppData\Local\PMB Files

2012-01-01 04:12 . 2012-01-01 07:26 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2012-01-01 02:44 . 2012-01-01 02:44 -------- d-----w- c:\programdata\PC Tools

2012-01-01 02:44 . 2012-01-01 02:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\TestApp

2012-01-01 01:29 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-01 01:29 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll

2012-01-01 01:29 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll

2012-01-01 01:28 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\Norton 360

2012-01-01 01:28 . 2012-01-01 08:46 -------- d-----w- c:\program files (x86)\NortonInstaller

2011-12-31 22:22 . 2012-01-02 22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-12-31 22:22 . 2012-01-02 22:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-12-31 22:22 . 2012-01-01 08:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2011-12-31 22:21 . 2012-01-01 08:47 -------- d-----w- c:\programdata\Malwarebytes

2011-12-31 22:21 . 2012-01-01 09:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-31 22:21 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-31 22:18 . 2012-01-01 09:00 -------- d-----w- c:\users\Kevin\AppData\Roaming\GetRightToGo

2011-12-31 02:17 . 2012-01-01 09:16 -------- d-----w- c:\users\KKR

2011-12-30 22:15 . 2011-12-30 22:15 -------- d-----w- c:\windows\SysWow64\N360_BACKUP

2011-12-30 21:19 . 2012-01-01 01:29 -------- d-----w- c:\program files\Symantec

2011-12-28 05:09 . 2011-12-28 05:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Tific

2011-12-28 05:09 . 2011-12-28 05:09 -------- d-----w- c:\users\Kevin\AppData\Local\Symantec

2011-12-28 04:51 . 2012-01-01 08:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-12-26 20:56 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-12-26 20:55 . 2007-03-16 00:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2011-12-26 20:53 . 2009-03-16 22:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2011-12-26 20:53 . 2009-03-16 22:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll

2011-12-26 20:53 . 2009-03-16 22:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2011-12-26 20:53 . 2006-09-29 00:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

2011-12-19 22:19 . 2012-01-02 22:31 -------- d-----w- c:\users\Kevin\AppData\Local\LogMeIn Hamachi

2011-12-19 22:18 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2011-12-17 21:24 . 2011-12-17 14:07 102400 ----a-w- c:\windows\SysWow64\srrstr.dll

2011-12-16 22:20 . 2011-12-16 22:20 -------- d-----w- c:\users\Kevin\AppData\Local\Ilivid Player

2011-12-16 22:19 . 2011-12-16 22:19 -------- dc-h--w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}

2011-12-16 22:19 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\iLivid

2011-12-16 22:18 . 2011-12-16 22:19 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar

2011-12-16 22:18 . 2011-12-16 22:18 -------- d-----w- c:\users\Kevin\AppData\Local\PackageAware

2011-12-14 02:04 . 2010-02-04 18:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2011-12-14 02:04 . 2010-02-04 18:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2011-12-14 02:04 . 2010-02-04 18:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2011-12-14 02:04 . 2010-02-04 18:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2011-12-14 02:04 . 2009-03-09 23:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-12-14 02:04 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2011-12-14 02:04 . 2007-03-13 00:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2011-12-09 03:26 . 2012-01-02 22:31 -------- d-----w- c:\program files (x86)\Steam

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 01:29 . 2011-08-27 21:03 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-11-23 02:16 . 2011-09-05 15:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 03:16 . 2011-11-17 03:04 2829 ----a-w- c:\windows\War3Unin.pif

2011-11-17 03:16 . 2011-11-17 03:04 139264 ----a-w- c:\windows\War3Unin.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-02_21.06.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-12 17:01 . 2012-01-02 22:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-11-12 17:01 . 2012-01-02 20:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-11-21 03:09 . 2012-01-06 19:01 55090 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-06 19:01 35258 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-01-02 20:30 35258 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-27 20:34 . 2012-01-06 19:01 10242 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2488756530-924728428-4039354960-1000_UserData.bin

- 2011-07-22 21:00 . 2012-01-02 20:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-22 21:00 . 2012-01-06 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-22 21:00 . 2012-01-02 20:35 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-22 21:00 . 2012-01-06 19:41 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-06 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-02 20:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-27 20:37 . 2012-01-02 20:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-27 20:37 . 2012-01-06 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-01-06 19:04 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-08-27 20:37 . 2012-01-06 19:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-27 20:37 . 2012-01-02 20:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-27 20:37 . 2012-01-06 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-27 20:37 . 2012-01-02 20:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-27 20:30 . 2012-01-06 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:30 . 2012-01-02 20:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:30 . 2012-01-02 20:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-27 20:30 . 2012-01-06 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-02 23:03 . 2012-01-02 23:03 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\53a04d67925ebd229e6b1abd7856b774\System.Xaml.Hosting.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\a9f5d739951335baf2cea57a4e54fd9c\System.Web.DynamicData.Design.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\5489f3d82b02843c58a4942afd3807e6\System.Xaml.Hosting.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\55b0452fe2e58293dfd0f6e76c69521f\System.Web.DynamicData.Design.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll

- 2012-01-02 21:06 . 2012-01-02 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-06 19:41 . 2012-01-06 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-06 19:41 . 2012-01-06 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-02 21:06 . 2012-01-02 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-01-06 19:07 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-02 20:44 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-02 20:44 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-06 19:07 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 02:36 . 2012-01-02 06:55 685320 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-01-06 19:04 685320 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-01-02 06:55 131082 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-01-06 19:04 131082 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2012-01-02 20:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-01-06 19:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-01-06 19:40 414528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-02 20:39 414528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-02 23:03 . 2012-01-02 23:03 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\c47cd2fc542c0fc7e20689433fa5123c\System.Web.Entity.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\efc6dead4b44c8e2e1963b7a3acd4988\System.Web.Entity.Design.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\23d96e7cca727a45aca6f28b5bec7dc5\System.Web.DynamicData.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\7257d37f6ed2f933793381870db07a81\System.Web.DataVisualization.Design.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\92b694399f4f39b23a78ba679073f375\System.ServiceModel.Activation.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\fd8d112a2b0b4a65909d4174d503ae47\System.Runtime.Remoting.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\f36f39f48842409277d30dce974f6e7d\System.Data.Services.Design.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\09cc3399142a93d77f317dda8c18a346\ComSvcConfig.ni.exe

+ 2012-01-02 22:58 . 2012-01-02 22:58 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c4688bf6b864e76fbd936a7fdd5f0748\System.Web.Extensions.Design.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\8614eb36d94b640ab78ca4b7165f08f8\System.Web.Entity.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\8e2860651899e90f4de23486fbd5be87\System.Web.Entity.Design.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\b1c10c1591154f94a93dad7bb306f3ed\System.Web.DynamicData.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\17f371e10888ff6fdee8274a11f2605a\System.Web.DataVisualization.Design.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b998d241c567915a2069d0c790dd6c53\System.ServiceModel.Activation.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b209c76b6b03bee6deedfa3e1a8c4290\System.Runtime.Remoting.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8feecdcd543403861ae71d1c7c37a67b\System.Data.Services.Design.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\c6a7103a6ee46deb73a7343bd7e71e61\ComSvcConfig.ni.exe

+ 2012-01-02 22:56 . 2012-01-02 22:56 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\453bbfe8e7f07f9be9fe1c690687e15b\AspNetMMCExt.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\15347f91b5a091f3766e27e0eb9c9292\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a65a432874fde197f6c5466452f7735f\WindowsLive.Writer.BlogClient.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\72ab11551def45e791a57481ec7af77a\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\326ae4e97e859027271b08de5edb11d9\WindowsLive.Writer.HtmlParser.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll

+ 2009-07-14 04:54 . 2012-01-06 19:07 2736128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-02 20:44 2736128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-22 21:08 . 2012-01-02 20:39 2248728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-22 21:08 . 2012-01-06 19:40 2248728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-31 02:20 . 2012-01-02 20:39 2752516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1005-8192.dat

+ 2011-12-31 02:20 . 2012-01-03 01:33 2752516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1005-8192.dat

+ 2011-08-27 20:59 . 2012-01-06 19:40 2547696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1000-8192.dat

- 2011-08-27 20:59 . 2012-01-01 08:42 2547696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1000-8192.dat

+ 2012-01-02 23:03 . 2012-01-02 23:03 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\b581bfffc1808ae8b75717f2a8dd2135\System.WorkflowServices.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 2887680 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\e69d85c8210a988b4c104948f04cf5aa\System.Workflow.Runtime.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\572967d338f59ea254e9c1affc52695d\System.Workflow.Activities.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\43728abc794e8a2f8b9178d83299f691\System.Web.Services.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\ae6e69ee7b8f89872246462ba8b6b186\System.Web.Mobile.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\6d04600d11baa5d8a09b594b591d0572\System.Web.Extensions.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\5a312292936c549b4a013fac180e2187\System.Web.Extensions.Design.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\4c3d1f744e5edf4b2ee6a6001c4e19c3\System.Web.DataVisualization.ni.dll

+ 2012-01-02 23:03 . 2012-01-02 23:03 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\cfbec2879ae56c6bb8b1ba78a92694e9\System.ServiceModel.Web.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 2702848 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\0bd655a7f8793293240accf4c65758c8\System.Data.Services.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\18688c8627c24053b0b967d88210548b\System.Data.Entity.Design.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\61b5e642d21b7e31457885975af7ce11\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\122733b12d421862dca6ce320ac6b733\AspNetMMCExt.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c62d9d8bb2b22f8eaf9d8cbbf6123e47\System.WorkflowServices.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e8804a70f32e7804d259792e7d27b5b8\System.Workflow.Runtime.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\a0ba653e91dcb6fbbfb94e37e18ed736\System.Workflow.Activities.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\53f1ed558eef032f8678a10b623db2c6\System.Web.Services.ni.dll

+ 2012-01-02 22:58 . 2012-01-02 22:58 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f2f7d93088dc2d346d680763d464c03f\System.Web.Mobile.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 3126784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\3722b214046f3e48d9e78d9adf233263\System.Web.Extensions.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a439f6190b9ad82d9345292736777c85\System.Web.DataVisualization.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d40d01d24635877797a3c389510d9c3a\System.ServiceModel.Web.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\66ebacc95030b565991917af67cbd885\System.Data.Services.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\3713bc9e571e75a2f26a3b082b3f2609\System.Data.Entity.Design.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8c2ab599a8499bf042f4a256355ff223\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll

+ 2012-01-02 23:01 . 2012-01-02 23:01 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll

+ 2012-01-02 22:59 . 2012-01-02 22:59 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-01-02 22:59 . 2012-01-02 22:59 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll

+ 2012-01-02 22:59 . 2012-01-02 22:59 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef77fefbed4775eba3cac73b9f322bc7\WindowsLive.Writer.CoreServices.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 7025664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\931fbaed2e80ea2f949aaf74140c1626\WindowsLive.Writer.PostEditor.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll

+ 2012-01-02 22:56 . 2012-01-02 22:56 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll

+ 2012-01-02 22:54 . 2012-01-02 22:54 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ce4585c5d5730daacd0d1e709a21efd2\Microsoft.Office.BusinessData.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\866ef200ca7a2ed4f26835709646125d\System.Web.ni.dll

+ 2012-01-02 23:02 . 2012-01-02 23:02 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\6be8e8e57a83372e41481009ef6de482\System.Design.ni.dll

+ 2012-01-02 22:57 . 2012-01-02 22:57 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\c775972c9a15169ac27abb027154c1fd\System.Web.ni.dll

+ 2012-01-02 22:59 . 2012-01-02 22:59 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll

+ 2012-01-02 23:00 . 2012-01-02 23:00 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll

+ 2012-01-02 22:55 . 2012-01-02 22:55 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-15 04:46 195360 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120105.001\IDSvia64.sys [2011-12-29 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 2329480]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-28 1817088]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-01 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 18:04]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 18:04]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488756530-924728428-4039354960-1000Core.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-17 15:14]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488756530-924728428-4039354960-1000UA.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-17 15:14]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-28 418328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-28 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-28 391704]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\os71hnp1.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\SysWOW64\DllHost.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\Sony\VAIO Care\listener.exe

c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe

.

**************************************************************************

.

Completion time: 2012-01-06 11:47:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-06 19:47

ComboFix2.txt 2012-01-02 21:12

.

Pre-Run: 572,987,011,072 bytes free

Post-Run: 572,564,713,472 bytes free

.

- - End Of File - - 9D1715015D76990CA127887BB4912F9A

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Moved the combofix file to the desktop where it was supposed to be. Log file attached from the script given.

Combofix Log:

ComboFix 12-01-06.01 - Kevin 01/06/2012 12:27:41.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2720 [GMT -8:00]

Running from: c:\users\Kevin\Desktop\ComboFix.exe

Command switches used :: c:\users\Kevin\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))

.

.

2012-01-06 20:35 . 2012-01-06 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-02 22:25 . 2012-01-02 22:25 -------- d-----w- c:\users\Kevin\AppData\Local\Mozilla

2012-01-01 20:41 . 2012-01-02 04:34 -------- d-----w- c:\windows\system32\drivers\N360x64\0404000.00C

2012-01-01 07:29 . 2012-01-01 08:42 -------- d-----w- c:\users\Kevin\AppData\Local\PMB Files

2012-01-01 04:12 . 2012-01-01 07:26 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2012-01-01 02:44 . 2012-01-01 02:44 -------- d-----w- c:\programdata\PC Tools

2012-01-01 02:44 . 2012-01-01 02:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\TestApp

2012-01-01 01:29 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-01 01:29 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll

2012-01-01 01:29 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll

2012-01-01 01:28 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\Norton 360

2012-01-01 01:28 . 2012-01-01 08:46 -------- d-----w- c:\program files (x86)\NortonInstaller

2011-12-31 22:22 . 2012-01-02 22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-12-31 22:22 . 2012-01-02 22:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-12-31 22:22 . 2012-01-01 08:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2011-12-31 22:21 . 2012-01-01 08:47 -------- d-----w- c:\programdata\Malwarebytes

2011-12-31 22:21 . 2012-01-01 09:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-31 22:21 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-31 22:18 . 2012-01-01 09:00 -------- d-----w- c:\users\Kevin\AppData\Roaming\GetRightToGo

2011-12-31 02:17 . 2012-01-01 09:16 -------- d-----w- c:\users\KKR

2011-12-30 22:15 . 2011-12-30 22:15 -------- d-----w- c:\windows\SysWow64\N360_BACKUP

2011-12-30 21:19 . 2012-01-01 01:29 -------- d-----w- c:\program files\Symantec

2011-12-28 05:09 . 2011-12-28 05:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Tific

2011-12-28 05:09 . 2011-12-28 05:09 -------- d-----w- c:\users\Kevin\AppData\Local\Symantec

2011-12-28 04:51 . 2012-01-01 08:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-12-26 20:56 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-12-26 20:55 . 2007-03-16 00:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2011-12-26 20:53 . 2009-03-16 22:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2011-12-26 20:53 . 2009-03-16 22:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll

2011-12-26 20:53 . 2009-03-16 22:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2011-12-26 20:53 . 2006-09-29 00:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

2011-12-19 22:19 . 2012-01-02 22:31 -------- d-----w- c:\users\Kevin\AppData\Local\LogMeIn Hamachi

2011-12-19 22:18 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2011-12-17 21:24 . 2011-12-17 14:07 102400 ----a-w- c:\windows\SysWow64\srrstr.dll

2011-12-16 22:20 . 2011-12-16 22:20 -------- d-----w- c:\users\Kevin\AppData\Local\Ilivid Player

2011-12-16 22:19 . 2011-12-16 22:19 -------- dc-h--w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}

2011-12-16 22:19 . 2012-01-01 09:00 -------- d-----w- c:\program files (x86)\iLivid

2011-12-16 22:18 . 2011-12-16 22:19 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar

2011-12-16 22:18 . 2011-12-16 22:18 -------- d-----w- c:\users\Kevin\AppData\Local\PackageAware

2011-12-14 02:04 . 2010-02-04 18:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2011-12-14 02:04 . 2010-02-04 18:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2011-12-14 02:04 . 2010-02-04 18:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2011-12-14 02:04 . 2010-02-04 18:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2011-12-14 02:04 . 2009-03-09 23:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-12-14 02:04 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2011-12-14 02:04 . 2007-03-13 00:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2011-12-09 03:26 . 2012-01-02 22:31 -------- d-----w- c:\program files (x86)\Steam

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 01:29 . 2011-08-27 21:03 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-11-23 02:16 . 2011-09-05 15:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 03:16 . 2011-11-17 03:04 2829 ----a-w- c:\windows\War3Unin.pif

2011-11-17 03:16 . 2011-11-17 03:04 139264 ----a-w- c:\windows\War3Unin.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-06_19.41.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-01-06 20:02 55320 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-06 20:02 35326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-27 20:34 . 2012-01-06 20:02 10368 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2488756530-924728428-4039354960-1000_UserData.bin

- 2011-07-22 21:00 . 2012-01-06 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-22 21:00 . 2012-01-06 20:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-22 21:00 . 2012-01-06 19:41 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-22 21:00 . 2012-01-06 20:06 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-06 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-06 20:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-27 20:37 . 2012-01-06 20:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:37 . 2012-01-06 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:37 . 2012-01-06 19:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-27 20:37 . 2012-01-06 20:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-27 20:37 . 2012-01-06 20:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-27 20:37 . 2012-01-06 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-27 20:30 . 2012-01-06 20:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:30 . 2012-01-06 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-27 20:30 . 2012-01-06 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-27 20:30 . 2012-01-06 20:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-01-06 19:41 . 2012-01-06 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-06 20:36 . 2012-01-06 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-06 19:41 . 2012-01-06 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-06 20:36 . 2012-01-06 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-01-06 19:07 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-06 20:08 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-06 19:07 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-06 20:08 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 05:12 . 2012-01-06 19:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-01-06 20:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-01-06 20:24 414528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-06 19:40 414528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-01-06 19:07 2736128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-06 20:08 2736128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-22 21:08 . 2012-01-06 20:24 2248728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-07-22 21:08 . 2012-01-06 19:40 2248728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-27 20:59 . 2012-01-06 20:24 2547696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1000-8192.dat

- 2011-08-27 20:59 . 2012-01-06 19:40 2547696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2488756530-924728428-4039354960-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-15 04:46 195360 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]

R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 2329480]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-28 1817088]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]

R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]

R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]

R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R4 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120105.001\IDSvia64.sys [2011-12-29 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-01 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 18:04]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 18:04]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488756530-924728428-4039354960-1000Core.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-17 15:14]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488756530-924728428-4039354960-1000UA.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-17 15:14]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\os71hnp1.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe

.

**************************************************************************

.

Completion time: 2012-01-06 12:42:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-06 20:42

ComboFix2.txt 2012-01-02 21:12

.

Pre-Run: 572,649,897,984 bytes free

Post-Run: 572,534,059,008 bytes free

.

- - End Of File - - F87DB3B2AD963B6AC22D6F9C6F752A94

Link to post
Share on other sites

Quickscan complete, no threats found. still a good sign XD

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.06.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Kevin :: KEVIN-RHODES [administrator]

Protection: Disabled

1/6/2012 12:59:55

mbam-log-2012-01-06 (12-59-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194956

Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please update your Java, older version are vulnerable to malware.

Java™ 6 Update 22<---should be 30

Go to your control panel > Java > Update tab > Update

--------------------

Please Uninstall ComboFix:

Press the Windows logo key + R

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.