Jump to content

Help please with winrscmde message and trojan removal


Recommended Posts

Good afternoon,

I'm looking for some assistance removing a bit of malware and hope you can help. In a nutshell, my wife's computer has been displaying the message "winrscmde stopped working and was closed" for some time now and she's getting the blue screen of death each time she tries to use Adobe Acrobat Pro. I've downloaded the MDAM malware removal tool (free version) and run it several times. It goes through the motions of removing the malware but the problems persist and the malware "Trojan Agent" is still present after each scan and reboot. The results of the latest scan are shown below.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.12.11

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Anne :: ANNE-PC [administrator]

7/12/2012 4:33:39 PM

mbam-log-2012-07-12 (16-33-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235316

Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4516 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

After reading several postings on related topics it's becoming clear that I need to run some of the other malware removal tools that you suggest, but under the adult supervision that you've been providing to others. If it's possible for one of your experts to chime in to lead me through the process I'd be forever grateful.

By the way, I've neglected to attach the results of teh DDS scan so here they are. Sorry for the double post.

DDS notepad

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Anne at 17:13:15 on 2012-07-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2039 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\RtkAudioService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\dllhost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SelectRebates\SelectRebates.exe

C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

-netsvcs

C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08

mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

uRun: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [selectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

StartupFolder: C:\Users\Anne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: constantcontact.com\www

Trusted Zone: convergysworkathome.com\www

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {89F9AA82-9B9F-4D1C-A637-33388558FAAC} - hxxp://webcal.weber.k12.ut.us/webcal/cab/ccuweb1_5_9.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{C96A565A-EC46-4684-B828-45285EAFE7F0} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO-X64: AOL Toolbar BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

BHO-X64: ShopAtHomeIEHelper - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO-X64: AOL Email Toolbar Loader - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun-x64: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [selectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\twlmg6ex.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Anne\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120711.001\IDSviA64.sys [2012-7-11 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS [?]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-8-12 139808]

R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-9-2 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-9-2 353568]

R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-9-2 62752]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-9-2 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-8-12 407392]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-6-20 415744]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-9-2 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9b487adae0f60;Google Update Service (gupdate1c9b487adae0f60);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-9-2 107808]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-12 20:51:54 20480 ----a-w- C:\Windows\svchost.exe

2012-07-12 19:16:00 -------- d-----w- C:\Users\Anne\AppData\Roaming\Malwarebytes

2012-07-12 19:15:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-12 19:15:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-12 19:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 07:02:45 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 00:37:23 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2012-07-04 00:34:21 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-06-22 07:22:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 07:21:53 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 07:21:53 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-22 07:21:38 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 07:21:38 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-22 07:21:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-22 07:21:38 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-13 17:56:59 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 17:56:46 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 17:56:45 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 17:56:45 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 17:56:45 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 17:56:45 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 17:56:45 132096 ----a-w- C:\Windows\System32\cryptnet.dll

.

==================== Find3M ====================

.

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 17:14:30.42 ===============

Attach notepad

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/24/2008 11:35:24 AM

System Uptime: 7/12/2012 4:50:24 PM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | N/A | 2266/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 68.759 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Canon MX860 ser Network

Device ID: ROOT\CANON_IJ_NETWORK\0002

Manufacturer: Canon

Name: Canon MX860 ser Network

PNP Device ID: ROOT\CANON_IJ_NETWORK\0002

Service: StillCam

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

3D Home Architect Design Suite Deluxe 8

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 7.0

Adobe Reader X (10.1.2)

AKVIS Sketch

AOL Email Toolbar

AOL Registration

AOL Toolbar 5.0

ArcSoft Magic-i Visual Effects

ArcSoft WebCam Companion 2

BlackBerry Desktop Software 6.1

BlackBerry USB and Modem Drivers 6.1

BlackBerry USB Drivers

BlackBerry v4.2.2 for the 8320 Series Wireless Handheld

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 2.1

Canon MX860 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Click to Disc

Click to Disc Editor

Compatibility Pack for the 2007 Office system

Constant Contact QuickImport v2 for Outlook

Coupon Printer for Windows

D3DX10

Download Updater (AOL LLC)

Free Files Unzip

GEAR driver installer for x86 and x64

Google Chrome

Google Earth Plug-in

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 26

Java SE Runtime Environment 6

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Mozilla Firefox (3.6.13)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Music Oasis

Music Transfer

Musicnotes Software Suite 1.5.5

Napster

Napster Burn Engine

Norton Internet Security

OpenMG Secure Module 5.1.00

Photo to Sketch 4.0

Pinnacle Instant DVD Recorder

Primo

QuickBooks Simple Start 2008

QuickTime

Realtek High Definition Audio Driver

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Segoe UI

Setting Utility Series

Shipping Assistant 3.6

Shoebox Cupid

ShopAtHome.com Toolbar

SmartWi Connection Utility

Snagit 9.1.3

Sony Picture Utility

Sony Video Shared Library

Spelling Dictionaries Support For Adobe Reader 9

SupportSoft Assisted Service

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VAIO Care

VAIO Content Folder Setting

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Manager Setting

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Launcher

VAIO Media plus

VAIO Movie Story

VAIO Movie Story Template Data

VAIO MusicBox

VAIO MusicBox Sample Music

VAIO My Memory Center

VAIO OOBE and Welcome Center

VAIO Original Function Setting

VAIO Power Management

VAIO Startup Assistant

VAIO Survey

VAIO Update 4

VAIO Wallpaper Contents

VAIO Wireless Wizard

Virtual Painter 5 trial (Standalone)

VZAccess Manager

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinDVD for VAIO

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/12/2012 4:52:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall

7/12/2012 4:51:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Content Metadata Intelligent Analyzing Manager service to connect.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/12/2012 4:51:33 PM, Error: Service Control Manager [7000] - The VAIO Content Metadata Intelligent Analyzing Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 4:50:48 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/12/2012 4:31:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

7/12/2012 4:31:32 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 3:44:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/12/2012 3:43:21 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

7/12/2012 3:37:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/12/2012 3:37:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC DMICall eeCtrl IDSVia64 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 3:37:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 3:37:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/12/2012 3:37:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/12/2012 3:37:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/12/2012 3:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/12/2012 3:36:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/12/2012 3:34:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Media plus Content Importer service to connect.

7/12/2012 3:34:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.

7/12/2012 3:34:03 PM, Error: Service Control Manager [7000] - The VAIO Media plus Content Importer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 3:34:03 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 3:12:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/12/2012 3:12:17 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 3:05:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/12/2012 12:52:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1c9b487adae0f60) service to connect.

7/12/2012 12:52:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c9b487adae0f60) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 12:52:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1c9b487adae0f60 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

7/12/2012 11:45:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/12/2012 11:39:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Media plus Device Searcher service to connect.

7/12/2012 11:39:58 AM, Error: Service Control Manager [7000] - The VAIO Media plus Device Searcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 11:38:45 AM, Error: EventLog [6008] - The previous system shutdown at 11:37:24 AM on 7/12/2012 was unexpected.

7/12/2012 11:34:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment UPnP Client Adapter service to connect.

7/12/2012 11:34:41 AM, Error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 11:34:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Vcsw with arguments "" in order to run the server: {AD824619-9A64-4DFF-9426-4111B582A967}

7/12/2012 11:33:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CamMonitor service to connect.

7/12/2012 11:33:03 AM, Error: Service Control Manager [7000] - The CamMonitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 11:31:37 AM, Error: EventLog [6008] - The previous system shutdown at 11:30:20 AM on 7/12/2012 was unexpected.

7/12/2012 11:16:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Event Service service to connect.

7/12/2012 11:16:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Content Folder Watcher service to connect.

7/12/2012 11:16:13 AM, Error: Service Control Manager [7000] - The VAIO Event Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 11:16:13 AM, Error: Service Control Manager [7000] - The VAIO Content Folder Watcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 11:14:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:12:00 AM on 7/12/2012 was unexpected.

7/12/2012 11:00:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment Database Service service to connect.

7/12/2012 11:00:59 AM, Error: Service Control Manager [7000] - The VAIO Entertainment Database Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/10/2012 10:08:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

7/10/2012 10:08:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

.

==== End Of File ===========================

Hope this helps. Regards

Link to post
Share on other sites

Hello Dutch16koontzman! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall ShopAtHome.com Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hello Maniac, Thanks for posting a reply so quickly. Yes I'd like to attempt this with your help so here are the results so far. Again, thanks for the service you guys provide...You're the warriors on the wall and I truly appreciate what you do to stand against the hackers.

23:49:42.0559 5124 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

23:49:43.0292 5124 ============================================================

23:49:43.0292 5124 Current date / time: 2012/07/14 23:49:43.0292

23:49:43.0292 5124 SystemInfo:

23:49:43.0292 5124

23:49:43.0292 5124 OS Version: 6.0.6002 ServicePack: 2.0

23:49:43.0292 5124 Product type: Workstation

23:49:43.0292 5124 ComputerName: ANNE-PC

23:49:43.0292 5124 UserName: Anne

23:49:43.0292 5124 Windows directory: C:\Windows

23:49:43.0292 5124 System windows directory: C:\Windows

23:49:43.0292 5124 Running under WOW64

23:49:43.0292 5124 Processor architecture: Intel x64

23:49:43.0292 5124 Number of processors: 2

23:49:43.0292 5124 Page size: 0x1000

23:49:43.0292 5124 Boot type: Normal boot

23:49:43.0292 5124 ============================================================

23:49:44.0041 5124 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:49:44.0056 5124 ============================================================

23:49:44.0056 5124 \Device\Harddisk0\DR0:

23:49:44.0056 5124 MBR partitions:

23:49:44.0056 5124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1436800, BlocksNum 0x23FF7AB0

23:49:44.0056 5124 ============================================================

23:49:44.0072 5124 C: <-> \Device\Harddisk0\DR0\Partition0

23:49:44.0072 5124 ============================================================

23:49:44.0072 5124 Initialize success

23:49:44.0072 5124 ============================================================

23:51:01.0994 5216 ============================================================

23:51:01.0994 5216 Scan started

23:51:01.0994 5216 Mode: Manual; SigCheck; TDLFS;

23:51:01.0994 5216 ============================================================

23:51:03.0569 5216 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

23:51:03.0741 5216 ACPI - ok

23:51:03.0944 5216 AdobeActiveFileMonitor7.0 (3c6588070959c94bcd1c9d2f05b614d5) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

23:51:04.0006 5216 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - warning

23:51:04.0006 5216 AdobeActiveFileMonitor7.0 - detected UnsignedFile.Multi.Generic (1)

23:51:04.0178 5216 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:51:04.0178 5216 AdobeARMservice - ok

23:51:04.0256 5216 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

23:51:04.0271 5216 adp94xx - ok

23:51:04.0318 5216 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

23:51:04.0334 5216 adpahci - ok

23:51:04.0365 5216 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

23:51:04.0381 5216 adpu160m - ok

23:51:04.0443 5216 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

23:51:04.0459 5216 adpu320 - ok

23:51:04.0552 5216 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

23:51:04.0755 5216 AeLookupSvc - ok

23:51:04.0864 5216 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

23:51:04.0942 5216 AFD - ok

23:51:04.0973 5216 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

23:51:05.0020 5216 agp440 - ok

23:51:05.0083 5216 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

23:51:05.0114 5216 aic78xx - ok

23:51:05.0441 5216 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

23:51:05.0644 5216 ALG - ok

23:51:05.0691 5216 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

23:51:05.0707 5216 aliide - ok

23:51:05.0707 5216 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

23:51:05.0722 5216 amdide - ok

23:51:05.0753 5216 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

23:51:05.0847 5216 AmdK8 - ok

23:51:05.0894 5216 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys

23:51:05.0925 5216 ApfiltrService - ok

23:51:05.0987 5216 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

23:51:06.0065 5216 Appinfo - ok

23:51:06.0112 5216 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

23:51:06.0128 5216 arc - ok

23:51:06.0159 5216 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

23:51:06.0175 5216 arcsas - ok

23:51:06.0221 5216 ArcSoftKsUFilter (59d2ba1b18f14d0b49b830dc452261b0) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

23:51:06.0237 5216 ArcSoftKsUFilter - ok

23:51:06.0377 5216 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:51:06.0393 5216 aspnet_state - ok

23:51:06.0424 5216 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

23:51:06.0487 5216 AsyncMac - ok

23:51:06.0502 5216 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

23:51:06.0518 5216 atapi - ok

23:51:06.0721 5216 atikmdag (f3631ca5f0309ee4f941ea1e37e5ca60) C:\Windows\system32\DRIVERS\atikmdag.sys

23:51:07.0111 5216 atikmdag - ok

23:51:07.0267 5216 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

23:51:07.0376 5216 AudioEndpointBuilder - ok

23:51:07.0391 5216 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

23:51:07.0438 5216 AudioSrv - ok

23:51:07.0797 5216 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

23:51:07.0844 5216 BHDrvx64 - ok

23:51:08.0047 5216 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

23:51:08.0171 5216 BITS - ok

23:51:08.0249 5216 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

23:51:08.0296 5216 blbdrive - ok

23:51:08.0327 5216 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

23:51:08.0374 5216 bowser - ok

23:51:08.0421 5216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

23:51:08.0452 5216 BrFiltLo - ok

23:51:08.0452 5216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

23:51:08.0483 5216 BrFiltUp - ok

23:51:08.0608 5216 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

23:51:08.0702 5216 Browser - ok

23:51:08.0749 5216 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

23:51:08.0983 5216 Brserid - ok

23:51:09.0045 5216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

23:51:09.0139 5216 BrSerWdm - ok

23:51:09.0170 5216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

23:51:09.0263 5216 BrUsbMdm - ok

23:51:09.0279 5216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

23:51:09.0357 5216 BrUsbSer - ok

23:51:09.0419 5216 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys

23:51:09.0482 5216 BthEnum - ok

23:51:09.0513 5216 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

23:51:09.0622 5216 BTHMODEM - ok

23:51:09.0653 5216 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

23:51:09.0716 5216 BthPan - ok

23:51:09.0841 5216 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys

23:51:09.0903 5216 BTHPORT - ok

23:51:09.0950 5216 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll

23:51:10.0028 5216 BthServ - ok

23:51:10.0075 5216 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys

23:51:10.0137 5216 BTHUSB - ok

23:51:10.0199 5216 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys

23:51:10.0215 5216 btwaudio - ok

23:51:10.0340 5216 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys

23:51:10.0355 5216 btwavdt - ok

23:51:10.0761 5216 btwdins (f1e307cd7db62855fc0304605278f61f) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

23:51:10.0808 5216 btwdins - ok

23:51:10.0839 5216 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys

23:51:10.0855 5216 btwl2cap - ok

23:51:10.0886 5216 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys

23:51:10.0901 5216 btwrchid - ok

23:51:10.0964 5216 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

23:51:11.0011 5216 CAXHWAZL - ok

23:51:11.0057 5216 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

23:51:11.0120 5216 cdfs - ok

23:51:11.0182 5216 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

23:51:11.0229 5216 cdrom - ok

23:51:11.0354 5216 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

23:51:11.0385 5216 CertPropSvc - ok

23:51:11.0447 5216 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

23:51:11.0510 5216 circlass - ok

23:51:11.0572 5216 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

23:51:11.0619 5216 CLFS - ok

23:51:11.0806 5216 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:51:11.0806 5216 clr_optimization_v2.0.50727_32 - ok

23:51:11.0915 5216 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:51:11.0931 5216 clr_optimization_v2.0.50727_64 - ok

23:51:12.0087 5216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:51:12.0103 5216 clr_optimization_v4.0.30319_32 - ok

23:51:12.0181 5216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:51:12.0196 5216 clr_optimization_v4.0.30319_64 - ok

23:51:12.0227 5216 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

23:51:12.0321 5216 CmBatt - ok

23:51:12.0337 5216 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

23:51:12.0352 5216 cmdide - ok

23:51:12.0368 5216 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

23:51:12.0383 5216 Compbatt - ok

23:51:12.0399 5216 COMSysApp - ok

23:51:12.0399 5216 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

23:51:12.0415 5216 crcdisk - ok

23:51:12.0493 5216 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

23:51:12.0555 5216 CryptSvc - ok

23:51:12.0649 5216 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

23:51:12.0727 5216 DcomLaunch - ok

23:51:12.0789 5216 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

23:51:12.0867 5216 DfsC - ok

23:51:13.0070 5216 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

23:51:13.0319 5216 DFSR - ok

23:51:13.0460 5216 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

23:51:13.0507 5216 Dhcp - ok

23:51:13.0569 5216 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

23:51:13.0585 5216 disk - ok

23:51:13.0600 5216 DMICall - ok

23:51:13.0663 5216 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

23:51:13.0709 5216 Dnscache - ok

23:51:13.0756 5216 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

23:51:13.0787 5216 dot3svc - ok

23:51:13.0865 5216 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

23:51:13.0912 5216 Dot4 - ok

23:51:13.0943 5216 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:51:13.0990 5216 Dot4Print - ok

23:51:14.0037 5216 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

23:51:14.0099 5216 dot4usb - ok

23:51:14.0146 5216 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

23:51:14.0209 5216 DPS - ok

23:51:14.0255 5216 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

23:51:14.0349 5216 drmkaud - ok

23:51:14.0505 5216 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

23:51:14.0552 5216 DXGKrnl - ok

23:51:14.0599 5216 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

23:51:14.0645 5216 E1G60 - ok

23:51:14.0723 5216 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

23:51:14.0755 5216 EapHost - ok

23:51:14.0848 5216 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

23:51:14.0864 5216 Ecache - ok

23:51:14.0973 5216 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

23:51:15.0004 5216 eeCtrl - ok

23:51:15.0067 5216 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

23:51:15.0113 5216 ehRecvr - ok

23:51:15.0129 5216 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

23:51:15.0160 5216 ehSched - ok

23:51:15.0176 5216 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

23:51:15.0238 5216 ehstart - ok

23:51:15.0269 5216 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

23:51:15.0301 5216 elxstor - ok

23:51:15.0379 5216 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

23:51:15.0503 5216 EMDMgmt - ok

23:51:15.0644 5216 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:51:15.0659 5216 EraserUtilRebootDrv - ok

23:51:15.0691 5216 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

23:51:15.0722 5216 ErrDev - ok

23:51:15.0831 5216 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

23:51:15.0925 5216 EventSystem - ok

23:51:16.0081 5216 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

23:51:16.0174 5216 EvtEng ( UnsignedFile.Multi.Generic ) - warning

23:51:16.0174 5216 EvtEng - detected UnsignedFile.Multi.Generic (1)

23:51:16.0330 5216 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

23:51:16.0408 5216 exfat - ok

23:51:16.0486 5216 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

23:51:16.0564 5216 fastfat - ok

23:51:16.0595 5216 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

23:51:16.0673 5216 fdc - ok

23:51:16.0705 5216 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

23:51:16.0767 5216 fdPHost - ok

23:51:16.0783 5216 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

23:51:16.0876 5216 FDResPub - ok

23:51:16.0907 5216 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

23:51:16.0923 5216 FileInfo - ok

23:51:16.0939 5216 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

23:51:16.0985 5216 Filetrace - ok

23:51:17.0095 5216 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:51:17.0157 5216 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

23:51:17.0157 5216 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

23:51:17.0173 5216 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

23:51:17.0235 5216 flpydisk - ok

23:51:17.0313 5216 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

23:51:17.0329 5216 FltMgr - ok

23:51:17.0438 5216 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

23:51:17.0531 5216 FontCache - ok

23:51:17.0641 5216 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:51:17.0641 5216 FontCache3.0.0.0 - ok

23:51:17.0687 5216 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

23:51:17.0703 5216 fssfltr - ok

23:51:17.0890 5216 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

23:51:18.0015 5216 fsssvc - ok

23:51:18.0187 5216 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

23:51:18.0280 5216 Fs_Rec - ok

23:51:18.0296 5216 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

23:51:18.0311 5216 gagp30kx - ok

23:51:18.0374 5216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys

23:51:18.0389 5216 GEARAspiWDM - ok

23:51:18.0467 5216 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

23:51:18.0545 5216 gpsvc - ok

23:51:18.0717 5216 gupdate1c9b487adae0f60 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:51:18.0733 5216 gupdate1c9b487adae0f60 - ok

23:51:18.0764 5216 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:51:18.0779 5216 gupdatem - ok

23:51:18.0842 5216 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:51:18.0857 5216 gusvc - ok

23:51:18.0904 5216 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

23:51:19.0013 5216 HdAudAddService - ok

23:51:19.0107 5216 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:51:19.0201 5216 HDAudBus - ok

23:51:19.0310 5216 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

23:51:19.0403 5216 HidBth - ok

23:51:19.0840 5216 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

23:51:19.0996 5216 HidIr - ok

23:51:20.0059 5216 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

23:51:20.0090 5216 hidserv - ok

23:51:20.0121 5216 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys

23:51:20.0215 5216 HidUsb - ok

23:51:20.0261 5216 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

23:51:20.0355 5216 hkmsvc - ok

23:51:20.0402 5216 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

23:51:20.0417 5216 HpCISSs - ok

23:51:20.0464 5216 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

23:51:20.0511 5216 HSFHWAZL - ok

23:51:20.0901 5216 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys

23:51:21.0229 5216 HSF_DPV - ok

23:51:21.0509 5216 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

23:51:21.0587 5216 HTTP - ok

23:51:21.0619 5216 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

23:51:21.0634 5216 i2omp - ok

23:51:21.0681 5216 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

23:51:21.0728 5216 i8042prt - ok

23:51:21.0790 5216 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys

23:51:21.0806 5216 iaStor - ok

23:51:21.0837 5216 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

23:51:21.0868 5216 iaStorV - ok

23:51:21.0931 5216 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:51:21.0946 5216 IDriverT ( UnsignedFile.Multi.Generic ) - warning

23:51:21.0946 5216 IDriverT - detected UnsignedFile.Multi.Generic (1)

23:51:22.0102 5216 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:51:22.0149 5216 idsvc - ok

23:51:22.0445 5216 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120713.001\IDSvia64.sys

23:51:22.0555 5216 IDSVia64 - ok

23:51:23.0023 5216 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys

23:51:23.0428 5216 igfx - ok

23:51:23.0553 5216 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

23:51:23.0569 5216 iirsp - ok

23:51:23.0647 5216 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

23:51:23.0709 5216 IKEEXT - ok

23:51:23.0818 5216 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys

23:51:23.0974 5216 IntcAzAudAddService - ok

23:51:24.0286 5216 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys

23:51:24.0364 5216 IntcHdmiAddService - ok

23:51:24.0411 5216 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

23:51:24.0427 5216 intelide - ok

23:51:24.0442 5216 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

23:51:24.0489 5216 intelppm - ok

23:51:24.0536 5216 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

23:51:24.0583 5216 IPBusEnum - ok

23:51:24.0629 5216 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:51:24.0645 5216 IpFilterDriver - ok

23:51:24.0661 5216 IpInIp - ok

23:51:24.0692 5216 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

23:51:24.0754 5216 IPMIDRV - ok

23:51:24.0801 5216 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

23:51:24.0848 5216 IPNAT - ok

23:51:24.0879 5216 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

23:51:24.0910 5216 IRENUM - ok

23:51:24.0941 5216 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

23:51:24.0957 5216 isapnp - ok

23:51:25.0019 5216 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

23:51:25.0035 5216 iScsiPrt - ok

23:51:25.0066 5216 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

23:51:25.0082 5216 iteatapi - ok

23:51:25.0097 5216 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

23:51:25.0113 5216 iteraid - ok

23:51:25.0191 5216 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

23:51:25.0207 5216 IviRegMgr - ok

23:51:25.0222 5216 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

23:51:25.0238 5216 kbdclass - ok

23:51:25.0269 5216 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

23:51:25.0316 5216 kbdhid - ok

23:51:25.0363 5216 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:51:25.0409 5216 KeyIso - ok

23:51:25.0487 5216 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

23:51:25.0503 5216 KSecDD - ok

23:51:25.0550 5216 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

23:51:25.0612 5216 ksthunk - ok

23:51:25.0659 5216 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

23:51:25.0753 5216 KtmRm - ok

23:51:25.0815 5216 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

23:51:25.0877 5216 LanmanServer - ok

23:51:25.0940 5216 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

23:51:25.0987 5216 LanmanWorkstation - ok

23:51:26.0018 5216 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

23:51:26.0065 5216 lltdio - ok

23:51:26.0096 5216 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

23:51:26.0158 5216 lltdsvc - ok

23:51:26.0189 5216 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

23:51:26.0252 5216 lmhosts - ok

23:51:26.0267 5216 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

23:51:26.0283 5216 LSI_FC - ok

23:51:26.0299 5216 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

23:51:26.0314 5216 LSI_SAS - ok

23:51:26.0345 5216 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

23:51:26.0361 5216 LSI_SCSI - ok

23:51:26.0392 5216 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

23:51:26.0439 5216 luafv - ok

23:51:26.0470 5216 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

23:51:26.0501 5216 Mcx2Svc - ok

23:51:26.0548 5216 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:51:26.0564 5216 mdmxsdk - ok

23:51:26.0611 5216 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

23:51:26.0611 5216 megasas - ok

23:51:26.0657 5216 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

23:51:26.0689 5216 MegaSR - ok

23:51:26.0735 5216 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

23:51:26.0782 5216 MMCSS - ok

23:51:26.0798 5216 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

23:51:26.0845 5216 Modem - ok

23:51:26.0891 5216 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

23:51:26.0923 5216 monitor - ok

23:51:26.0938 5216 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

23:51:26.0954 5216 mouclass - ok

23:51:26.0969 5216 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

23:51:27.0016 5216 mouhid - ok

23:51:27.0047 5216 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

23:51:27.0047 5216 MountMgr - ok

23:51:27.0079 5216 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

23:51:27.0094 5216 mpio - ok

23:51:27.0110 5216 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

23:51:27.0141 5216 mpsdrv - ok

23:51:27.0172 5216 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

23:51:27.0188 5216 Mraid35x - ok

23:51:27.0250 5216 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

23:51:27.0281 5216 MRxDAV - ok

23:51:27.0328 5216 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:51:27.0375 5216 mrxsmb - ok

23:51:27.0437 5216 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:51:27.0469 5216 mrxsmb10 - ok

23:51:27.0484 5216 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:51:27.0515 5216 mrxsmb20 - ok

23:51:27.0547 5216 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

23:51:27.0562 5216 msahci - ok

23:51:27.0671 5216 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

23:51:27.0687 5216 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning

23:51:27.0687 5216 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)

23:51:27.0703 5216 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

23:51:27.0718 5216 msdsm - ok

23:51:27.0781 5216 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

23:51:27.0874 5216 MSDTC - ok

23:51:27.0952 5216 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

23:51:28.0015 5216 Msfs - ok

23:51:28.0046 5216 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

23:51:28.0046 5216 msisadrv - ok

23:51:28.0108 5216 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

23:51:28.0139 5216 MSiSCSI - ok

23:51:28.0139 5216 msiserver - ok

23:51:28.0171 5216 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

23:51:28.0217 5216 MSKSSRV - ok

23:51:28.0233 5216 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

23:51:28.0280 5216 MSPCLOCK - ok

23:51:28.0295 5216 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

23:51:28.0358 5216 MSPQM - ok

23:51:28.0405 5216 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

23:51:28.0420 5216 MsRPC - ok

23:51:28.0436 5216 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

23:51:28.0451 5216 mssmbios - ok

23:51:28.0467 5216 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

23:51:28.0545 5216 MSTEE - ok

23:51:28.0561 5216 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

23:51:28.0576 5216 Mup - ok

23:51:28.0654 5216 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

23:51:28.0717 5216 napagent - ok

23:51:28.0779 5216 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

23:51:28.0826 5216 NativeWifiP - ok

23:51:29.0091 5216 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120713.035\ENG64.SYS

23:51:29.0122 5216 NAVENG - ok

23:51:29.0309 5216 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120713.035\EX64.SYS

23:51:29.0419 5216 NAVEX15 - ok

23:51:29.0590 5216 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

23:51:29.0637 5216 NDIS - ok

23:51:29.0668 5216 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

23:51:29.0699 5216 NdisTapi - ok

23:51:29.0715 5216 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

23:51:29.0777 5216 Ndisuio - ok

23:51:29.0840 5216 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

23:51:29.0871 5216 NdisWan - ok

23:51:29.0887 5216 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

23:51:29.0933 5216 NDProxy - ok

23:51:29.0996 5216 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll

23:51:30.0027 5216 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

23:51:30.0027 5216 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

23:51:30.0058 5216 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

23:51:30.0136 5216 NetBIOS - ok

23:51:30.0199 5216 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

23:51:30.0245 5216 netbt - ok

23:51:30.0277 5216 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:51:30.0292 5216 Netlogon - ok

23:51:30.0339 5216 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

23:51:30.0401 5216 Netman - ok

23:51:30.0542 5216 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:51:30.0557 5216 NetMsmqActivator - ok

23:51:30.0557 5216 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:51:30.0573 5216 NetPipeActivator - ok

23:51:30.0604 5216 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

23:51:30.0682 5216 netprofm - ok

23:51:30.0682 5216 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:51:30.0698 5216 NetTcpActivator - ok

23:51:30.0698 5216 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:51:30.0729 5216 NetTcpPortSharing - ok

23:51:30.0994 5216 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys

23:51:31.0447 5216 NETw5v64 - ok

23:51:31.0634 5216 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

23:51:31.0665 5216 nfrd960 - ok

23:51:31.0821 5216 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

23:51:31.0852 5216 NIS - ok

23:51:31.0899 5216 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

23:51:31.0961 5216 NlaSvc - ok

23:51:32.0008 5216 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

23:51:32.0055 5216 Npfs - ok

23:51:32.0133 5216 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

23:51:32.0180 5216 nsi - ok

23:51:32.0211 5216 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

23:51:32.0273 5216 nsiproxy - ok

23:51:32.0383 5216 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

23:51:32.0461 5216 Ntfs - ok

23:51:32.0585 5216 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

23:51:32.0648 5216 Null - ok

23:51:32.0663 5216 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

23:51:32.0679 5216 nvraid - ok

23:51:32.0695 5216 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

23:51:32.0726 5216 nvstor - ok

23:51:32.0741 5216 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

23:51:32.0757 5216 nv_agp - ok

23:51:32.0757 5216 NwlnkFlt - ok

23:51:32.0773 5216 NwlnkFwd - ok

23:51:33.0459 5216 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:51:33.0537 5216 odserv - ok

23:51:33.0631 5216 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

23:51:33.0709 5216 ohci1394 - ok

23:51:33.0740 5216 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:51:33.0755 5216 ose - ok

23:51:33.0849 5216 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:51:33.0927 5216 p2pimsvc - ok

23:51:33.0943 5216 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:51:33.0974 5216 p2psvc - ok

23:51:34.0036 5216 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

23:51:34.0067 5216 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning

23:51:34.0067 5216 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)

23:51:34.0099 5216 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

23:51:34.0177 5216 Parport - ok

23:51:34.0223 5216 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

23:51:34.0239 5216 partmgr - ok

23:51:34.0270 5216 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

23:51:34.0317 5216 PcaSvc - ok

23:51:34.0379 5216 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

23:51:34.0395 5216 pci - ok

23:51:34.0426 5216 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

23:51:34.0457 5216 pciide - ok

23:51:34.0473 5216 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

23:51:34.0504 5216 pcmcia - ok

23:51:34.0551 5216 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

23:51:34.0691 5216 PEAUTH - ok

23:51:34.0785 5216 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

23:51:34.0847 5216 PerfHost - ok

23:51:34.0941 5216 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

23:51:35.0035 5216 pla - ok

23:51:35.0159 5216 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

23:51:35.0191 5216 PlugPlay - ok

23:51:35.0253 5216 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll

23:51:35.0253 5216 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

23:51:35.0253 5216 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

23:51:35.0440 5216 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:51:35.0471 5216 PNRPAutoReg - ok

23:51:35.0471 5216 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

23:51:35.0518 5216 PNRPsvc - ok

23:51:35.0612 5216 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

23:51:35.0674 5216 PolicyAgent - ok

23:51:35.0955 5216 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

23:51:36.0049 5216 PptpMiniport - ok

23:51:36.0080 5216 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

23:51:36.0158 5216 Processor - ok

23:51:36.0236 5216 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

23:51:36.0298 5216 ProfSvc - ok

23:51:36.0345 5216 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:51:36.0361 5216 ProtectedStorage - ok

23:51:36.0407 5216 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

23:51:36.0439 5216 PSched - ok

23:51:36.0470 5216 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

23:51:36.0485 5216 PxHlpa64 - ok

23:51:36.0563 5216 QBCFMonitorService (0a2c21b3168f2efc3468b35ff5508cea) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

23:51:36.0579 5216 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

23:51:36.0579 5216 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

23:51:36.0626 5216 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

23:51:36.0641 5216 QBFCService ( UnsignedFile.Multi.Generic ) - warning

23:51:36.0641 5216 QBFCService - detected UnsignedFile.Multi.Generic (1)

23:51:36.0704 5216 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

23:51:36.0797 5216 ql2300 - ok

23:51:36.0844 5216 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

23:51:36.0875 5216 ql40xx - ok

23:51:36.0907 5216 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

23:51:36.0938 5216 QWAVE - ok

23:51:36.0969 5216 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

23:51:37.0000 5216 QWAVEdrv - ok

23:51:37.0031 5216 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

23:51:37.0063 5216 RasAcd - ok

23:51:37.0078 5216 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

23:51:37.0125 5216 RasAuto - ok

23:51:37.0172 5216 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:51:37.0234 5216 Rasl2tp - ok

23:51:37.0265 5216 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

23:51:37.0297 5216 RasMan - ok

23:51:37.0343 5216 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

23:51:37.0406 5216 RasPppoe - ok

23:51:37.0437 5216 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

23:51:37.0499 5216 RasSstp - ok

23:51:37.0577 5216 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

23:51:37.0593 5216 rdbss - ok

23:51:37.0640 5216 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:51:37.0687 5216 RDPCDD - ok

23:51:37.0718 5216 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

23:51:37.0780 5216 rdpdr - ok

23:51:37.0796 5216 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

23:51:37.0858 5216 RDPENCDD - ok

23:51:37.0921 5216 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

23:51:37.0967 5216 RDPWD - ok

23:51:38.0077 5216 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

23:51:38.0139 5216 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

23:51:38.0139 5216 RegSrvc - detected UnsignedFile.Multi.Generic (1)

23:51:38.0201 5216 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

23:51:38.0233 5216 RemoteAccess - ok

23:51:38.0295 5216 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

23:51:38.0342 5216 RemoteRegistry - ok

23:51:38.0420 5216 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys

23:51:38.0467 5216 RFCOMM - ok

23:51:38.0529 5216 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys

23:51:38.0560 5216 rimsptsk - ok

23:51:38.0607 5216 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

23:51:38.0654 5216 RimUsb - ok

23:51:38.0716 5216 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

23:51:38.0763 5216 RimVSerPort - ok

23:51:38.0810 5216 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys

23:51:38.0857 5216 risdptsk - ok

23:51:38.0903 5216 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys

23:51:38.0966 5216 ROOTMODEM - ok

23:51:38.0997 5216 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

23:51:39.0059 5216 RpcLocator - ok

23:51:39.0122 5216 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

23:51:39.0169 5216 RpcSs - ok

23:51:39.0200 5216 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

23:51:39.0231 5216 rspndr - ok

23:51:39.0278 5216 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys

23:51:39.0293 5216 RTHDMIAzAudService - ok

23:51:39.0340 5216 RtkAudioService (3437ad70e6d813c2a350b216de7ffcee) C:\Windows\RtkAudioService.exe

23:51:39.0356 5216 RtkAudioService - ok

23:51:39.0387 5216 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

23:51:39.0403 5216 SamSs - ok

23:51:39.0449 5216 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

23:51:39.0465 5216 sbp2port - ok

23:51:39.0512 5216 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

23:51:39.0543 5216 SCardSvr - ok

23:51:39.0637 5216 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

23:51:39.0730 5216 Schedule - ok

23:51:39.0793 5216 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

23:51:39.0824 5216 SCPolicySvc - ok

23:51:39.0871 5216 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

23:51:39.0933 5216 sdbus - ok

23:51:39.0980 5216 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

23:51:40.0042 5216 SDRSVC - ok

23:51:40.0261 5216 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

23:51:40.0307 5216 SeaPort - ok

23:51:40.0323 5216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:51:40.0417 5216 secdrv - ok

23:51:40.0432 5216 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

23:51:40.0495 5216 seclogon - ok

23:51:40.0510 5216 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

23:51:40.0573 5216 SENS - ok

23:51:40.0588 5216 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

23:51:40.0666 5216 Serenum - ok

23:51:40.0697 5216 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

23:51:40.0791 5216 Serial - ok

23:51:40.0822 5216 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

23:51:40.0900 5216 sermouse - ok

23:51:40.0947 5216 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

23:51:41.0025 5216 SessionEnv - ok

23:51:41.0056 5216 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

23:51:41.0087 5216 SFEP - ok

23:51:41.0134 5216 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

23:51:41.0181 5216 sffdisk - ok

23:51:41.0197 5216 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

23:51:41.0243 5216 sffp_mmc - ok

23:51:41.0243 5216 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

23:51:41.0290 5216 sffp_sd - ok

23:51:41.0306 5216 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys

23:51:41.0353 5216 sfloppy - ok

23:51:41.0384 5216 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

23:51:41.0477 5216 SharedAccess - ok

23:51:41.0555 5216 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

23:51:41.0587 5216 ShellHWDetection - ok

23:51:41.0618 5216 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

23:51:41.0633 5216 SiSRaid2 - ok

23:51:41.0649 5216 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

23:51:41.0665 5216 SiSRaid4 - ok

23:51:41.0821 5216 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

23:51:41.0930 5216 slsvc - ok

23:51:42.0055 5216 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

23:51:42.0101 5216 SLUINotify - ok

23:51:42.0195 5216 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

23:51:42.0257 5216 Smb - ok

23:51:42.0382 5216 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS

23:51:42.0398 5216 SMSIVZAM5X64 - ok

23:51:42.0429 5216 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

23:51:42.0460 5216 SNMPTRAP - ok

23:51:42.0523 5216 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

23:51:42.0523 5216 SOHCImp - ok

23:51:42.0554 5216 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

23:51:42.0601 5216 SOHDms - ok

23:51:42.0632 5216 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

23:51:42.0647 5216 SOHDs - ok

23:51:42.0725 5216 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

23:51:42.0741 5216 spldr - ok

23:51:42.0819 5216 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

23:51:42.0897 5216 Spooler - ok

23:51:42.0991 5216 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

23:51:42.0991 5216 SPTISRV ( UnsignedFile.Multi.Generic ) - warning

23:51:43.0006 5216 SPTISRV - detected UnsignedFile.Multi.Generic (1)

23:51:43.0131 5216 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

23:51:43.0193 5216 SRTSP - ok

23:51:43.0240 5216 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

23:51:43.0256 5216 SRTSPX - ok

23:51:43.0334 5216 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

23:51:43.0412 5216 srv - ok

23:51:43.0537 5216 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

23:51:43.0646 5216 srv2 - ok

23:51:44.0020 5216 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

23:51:44.0020 5216 srvnet - ok

23:51:44.0114 5216 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

23:51:44.0207 5216 SSDPSRV - ok

23:51:44.0254 5216 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

23:51:44.0270 5216 SstpSvc - ok

23:51:44.0301 5216 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

23:51:44.0348 5216 StillCam - ok

23:51:44.0410 5216 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

23:51:44.0473 5216 stisvc - ok

23:51:44.0551 5216 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

23:51:44.0566 5216 swenum - ok

23:51:44.0644 5216 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

23:51:44.0675 5216 swprv - ok

23:51:44.0691 5216 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

23:51:44.0707 5216 Symc8xx - ok

23:51:44.0831 5216 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

23:51:44.0863 5216 SymDS - ok

23:51:44.0941 5216 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

23:51:44.0987 5216 SymEFA - ok

23:51:45.0097 5216 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

23:51:45.0097 5216 SymEvent - ok

23:51:45.0128 5216 SYMFW - ok

23:51:45.0190 5216 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS

23:51:45.0206 5216 SymIRON - ok

23:51:45.0237 5216 SYMNDISV - ok

23:51:45.0268 5216 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMTDIV.SYS

23:51:45.0315 5216 SYMTDIv - ok

23:51:45.0377 5216 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

23:51:45.0393 5216 Sym_hi - ok

23:51:45.0440 5216 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

23:51:45.0455 5216 Sym_u3 - ok

23:51:45.0533 5216 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

23:51:45.0611 5216 SysMain - ok

23:51:45.0643 5216 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

23:51:45.0674 5216 TabletInputService - ok

23:51:45.0752 5216 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

23:51:45.0799 5216 TapiSrv - ok

23:51:45.0830 5216 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

23:51:45.0861 5216 TBS - ok

23:51:46.0001 5216 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

23:51:46.0157 5216 Tcpip - ok

23:51:46.0391 5216 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

23:51:46.0438 5216 Tcpip6 - ok

23:51:46.0610 5216 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

23:51:46.0703 5216 tcpipreg - ok

23:51:46.0735 5216 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

23:51:46.0766 5216 TDPIPE - ok

23:51:46.0781 5216 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

23:51:46.0844 5216 TDTCP - ok

23:51:46.0891 5216 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

23:51:46.0922 5216 tdx - ok

23:51:46.0969 5216 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

23:51:46.0984 5216 TermDD - ok

23:51:47.0062 5216 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

23:51:47.0140 5216 TermService - ok

23:51:47.0203 5216 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

23:51:47.0218 5216 Themes - ok

23:51:47.0249 5216 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

23:51:47.0281 5216 THREADORDER - ok

23:51:47.0312 5216 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

23:51:47.0374 5216 TrkWks - ok

23:51:47.0452 5216 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

23:51:47.0483 5216 TrustedInstaller - ok

23:51:47.0515 5216 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:51:47.0546 5216 tssecsrv - ok

23:51:47.0561 5216 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

23:51:47.0764 5216 tunmp - ok

23:51:47.0983 5216 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

23:51:48.0295 5216 tunnel - ok

23:51:48.0373 5216 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

23:51:48.0388 5216 uagp35 - ok

23:51:48.0466 5216 uCamMonitor (a1cdf0e7cb409b05ee22f9035cb33c8b) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

23:51:48.0482 5216 uCamMonitor - ok

23:51:48.0544 5216 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

23:51:48.0591 5216 udfs - ok

23:51:48.0622 5216 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

23:51:48.0685 5216 UI0Detect - ok

23:51:48.0716 5216 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

23:51:48.0731 5216 uliagpkx - ok

23:51:48.0747 5216 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

23:51:48.0778 5216 uliahci - ok

23:51:48.0809 5216 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

23:51:48.0825 5216 UlSata - ok

23:51:48.0841 5216 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

23:51:48.0872 5216 ulsata2 - ok

23:51:48.0887 5216 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

23:51:48.0934 5216 umbus - ok

23:51:48.0981 5216 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

23:51:49.0059 5216 upnphost - ok

23:51:49.0106 5216 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

23:51:49.0153 5216 usbaudio - ok

23:51:49.0199 5216 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

23:51:49.0246 5216 usbccgp - ok

23:51:49.0277 5216 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

23:51:49.0371 5216 usbcir - ok

23:51:49.0402 5216 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

23:51:49.0465 5216 usbehci - ok

23:51:49.0511 5216 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

23:51:49.0558 5216 usbhub - ok

23:51:49.0574 5216 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

23:51:49.0667 5216 usbohci - ok

23:51:49.0714 5216 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

23:51:49.0761 5216 usbprint - ok

23:51:49.0792 5216 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

23:51:49.0839 5216 usbscan - ok

23:51:49.0886 5216 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:51:49.0917 5216 USBSTOR - ok

23:51:49.0933 5216 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

23:51:49.0964 5216 usbuhci - ok

23:51:49.0995 5216 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

23:51:50.0026 5216 usbvideo - ok

23:51:50.0073 5216 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

23:51:50.0089 5216 UxSms - ok

23:51:50.0198 5216 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

23:51:50.0229 5216 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

23:51:50.0229 5216 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

23:51:50.0291 5216 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

23:51:50.0291 5216 VAIO Event Service - ok

23:51:50.0369 5216 VAIO Power Management (564558b7cf97be373a3a800b4c4c5221) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

23:51:50.0401 5216 VAIO Power Management - ok

23:51:50.0447 5216 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

23:51:50.0463 5216 VCFw ( UnsignedFile.Multi.Generic ) - warning

23:51:50.0463 5216 VCFw - detected UnsignedFile.Multi.Generic (1)

23:51:50.0541 5216 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

23:51:50.0557 5216 VcmIAlzMgr - ok

23:51:50.0650 5216 VcmXmlIfHelper (5d45ab08c70f789cecf45543c3233767) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

23:51:50.0666 5216 VcmXmlIfHelper - ok

23:51:50.0666 5216 Vcsw - ok

23:51:50.0806 5216 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

23:51:50.0869 5216 vds - ok

23:51:50.0915 5216 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

23:51:50.0962 5216 vga - ok

23:51:50.0978 5216 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

23:51:51.0040 5216 VgaSave - ok

23:51:51.0071 5216 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

23:51:51.0087 5216 viaide - ok

23:51:51.0149 5216 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

23:51:51.0165 5216 volmgr - ok

23:51:51.0243 5216 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

23:51:51.0274 5216 volmgrx - ok

23:51:51.0337 5216 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

23:51:51.0352 5216 volsnap - ok

23:51:51.0383 5216 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

23:51:51.0415 5216 vsmraid - ok

23:51:51.0508 5216 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

23:51:51.0649 5216 VSS - ok

23:51:51.0727 5216 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

23:51:51.0758 5216 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

23:51:51.0758 5216 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

23:51:51.0898 5216 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

23:51:51.0961 5216 W32Time - ok

23:51:51.0992 5216 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

23:51:52.0054 5216 WacomPen - ok

23:51:52.0117 5216 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

23:51:52.0163 5216 Wanarp - ok

23:51:52.0163 5216 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

23:51:52.0195 5216 Wanarpv6 - ok

23:51:52.0241 5216 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

23:51:52.0319 5216 wcncsvc - ok

23:51:52.0366 5216 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

23:51:52.0413 5216 WcsPlugInService - ok

23:51:52.0429 5216 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

23:51:52.0444 5216 Wd - ok

23:51:52.0522 5216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:51:52.0585 5216 Wdf01000 - ok

23:51:52.0616 5216 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

23:51:52.0709 5216 WdiServiceHost - ok

23:51:52.0709 5216 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

23:51:52.0756 5216 WdiSystemHost - ok

23:51:52.0819 5216 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

23:51:52.0834 5216 WebClient - ok

23:51:52.0897 5216 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

23:51:52.0975 5216 Wecsvc - ok

23:51:53.0006 5216 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

23:51:53.0037 5216 wercplsupport - ok

23:51:53.0053 5216 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

23:51:53.0099 5216 WerSvc - ok

23:51:53.0177 5216 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

23:51:53.0193 5216 WimFltr - ok

23:51:53.0240 5216 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

23:51:53.0302 5216 winachsf - ok

23:51:53.0318 5216 WinHttpAutoProxySvc - ok

23:51:53.0411 5216 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

23:51:53.0458 5216 Winmgmt - ok

23:51:53.0599 5216 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

23:51:53.0708 5216 WinRM - ok

23:51:53.0989 5216 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

23:51:54.0035 5216 Wlansvc - ok

23:51:54.0379 5216 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:51:54.0722 5216 wlidsvc - ok

23:51:54.0831 5216 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

23:51:54.0878 5216 WmiAcpi - ok

23:51:54.0987 5216 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

23:51:55.0018 5216 wmiApSrv - ok

23:51:55.0065 5216 WMPNetworkSvc - ok

23:51:55.0127 5216 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

23:51:55.0159 5216 WPCSvc - ok

23:51:55.0221 5216 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

23:51:55.0268 5216 WPDBusEnum - ok

23:51:55.0346 5216 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

23:51:55.0361 5216 WpdUsb - ok

23:51:55.0549 5216 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

23:51:55.0595 5216 WPFFontCache_v0400 - ok

23:51:55.0642 5216 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

23:51:55.0705 5216 ws2ifsl - ok

23:51:55.0767 5216 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

23:51:55.0814 5216 WSDPrintDevice - ok

23:51:55.0814 5216 WSearch - ok

23:51:55.0970 5216 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

23:51:56.0391 5216 wuauserv - ok

23:51:56.0531 5216 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:51:56.0594 5216 WUDFRd - ok

23:51:56.0609 5216 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

23:51:56.0672 5216 wudfsvc - ok

23:51:56.0703 5216 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys

23:51:56.0719 5216 XAudio - ok

23:51:56.0734 5216 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe

23:51:56.0797 5216 XAudioService - ok

23:51:56.0859 5216 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys

23:51:56.0937 5216 yukonx64 - ok

23:51:56.0984 5216 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:51:57.0015 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

23:51:57.0015 5216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

23:51:57.0889 5216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

23:51:57.0889 5216 \Device\Harddisk0\DR0 - detected TDSS File System (1)

23:51:57.0935 5216 Boot (0x1200) (14eed46980fb379f0d150768eb463532) \Device\Harddisk0\DR0\Partition0

23:51:57.0935 5216 \Device\Harddisk0\DR0\Partition0 - ok

23:51:57.0935 5216 ============================================================

23:51:57.0935 5216 Scan finished

23:51:57.0935 5216 ============================================================

23:51:57.0967 3332 Detected object count: 17

23:51:57.0967 3332 Actual detected object count: 17

23:53:16.0606 3332 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0606 3332 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0606 3332 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0606 3332 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0606 3332 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0606 3332 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0606 3332 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0606 3332 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0622 3332 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0622 3332 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0637 3332 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0637 3332 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0637 3332 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0637 3332 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:16.0637 3332 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:53:16.0637 3332 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:53:17.0402 3332 \Device\Harddisk0\DR0\# - copied to quarantine

23:53:17.0402 3332 \Device\Harddisk0\DR0 - copied to quarantine

23:53:17.0449 3332 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

23:53:17.0449 3332 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

23:53:17.0464 3332 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

23:53:17.0464 3332 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

23:53:17.0480 3332 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

23:53:17.0480 3332 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

23:53:17.0480 3332 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

23:53:17.0495 3332 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

23:53:17.0527 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

23:53:17.0527 3332 \Device\Harddisk0\DR0 - ok

23:53:17.0807 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

23:53:17.0807 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

23:53:17.0807 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

23:53:36.0481 1488 Deinitialize success

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Anne :: ANNE-PC [administrator]

7/15/2012 12:12:12 AM

mbam-log-2012-07-15 (00-12-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237498

Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

.

Link to post
Share on other sites

Maniac,

Here's the DDS log...all three logs exceeded the size allowed for a reply so I put it into two.

Regards,

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Anne at 22:57:45 on 2012-07-14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1735 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\RtkAudioService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\dllhost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\WerCon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08

mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

uRun: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

StartupFolder: C:\Users\Anne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: constantcontact.com\www

Trusted Zone: convergysworkathome.com\www

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {89F9AA82-9B9F-4D1C-A637-33388558FAAC} - hxxp://webcal.weber.k12.ut.us/webcal/cab/ccuweb1_5_9.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{C96A565A-EC46-4684-B828-45285EAFE7F0} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO-X64: AOL Toolbar BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO-X64: AOL Email Toolbar Loader - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun-x64: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\twlmg6ex.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Anne\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS [?]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-8-12 139808]

R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-9-2 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-9-2 353568]

R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-9-2 62752]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-9-2 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-8-12 407392]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-6-20 415744]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-9-2 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9b487adae0f60;Google Update Service (gupdate1c9b487adae0f60);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-9-2 107808]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-15 03:53:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-12 19:16:00 -------- d-----w- C:\Users\Anne\AppData\Roaming\Malwarebytes

2012-07-12 19:15:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-12 19:15:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-12 19:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 07:02:45 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 00:37:23 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2012-07-04 00:34:21 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-06-22 07:22:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 07:21:53 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 07:21:53 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-22 07:21:38 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 07:21:38 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-22 07:21:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-22 07:21:38 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

.

==================== Find3M ====================

.

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

.

============= FINISH: 22:58:10.18 ===============

Link to post
Share on other sites

Good! :)

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

23:53:17.0807 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

23:53:17.0807 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hello Maniac,

Here's the latest log results.

ComboFix 12-07-16.01 - Anne 07/16/2012 13:47:55.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2246 [GMT -6:00]

Running from: c:\users\Anne\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))

.

.

2012-07-16 19:56 . 2012-07-16 19:59 -------- d-----w- c:\users\Anne\AppData\Local\temp

2012-07-16 19:56 . 2012-07-16 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-15 03:53 . 2012-07-16 19:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-12 19:16 . 2012-07-12 19:16 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes

2012-07-12 19:15 . 2012-07-12 19:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-12 19:15 . 2012-07-12 19:15 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 19:15 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 07:02 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 00:37 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2012-07-04 00:34 . 2012-03-26 12:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-01 00:28 . 2012-07-01 00:28 -------- d-----w- c:\windows\Sun

2012-06-22 07:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 07:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 07:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 07:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 07:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 07:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-22 07:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 07:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-22 07:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 07:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-22 07:21 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 07:21 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-22 07:21 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 07:21 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-01 14:29 . 2012-06-13 17:56 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 16:25 . 2012-06-13 17:56 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-04-23 16:25 . 2012-06-13 17:56 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-23 16:25 . 2012-06-13 17:56 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-23 16:00 . 2012-06-13 17:56 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-23 16:00 . 2012-06-13 17:56 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-23 16:00 . 2012-06-13 17:56 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMpTtray.exe"="c:\program files (x86)\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-25 86016]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]

"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]

"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

.

c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2010-6-24 3656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 1048616]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-29 00:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-03 18:11]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-03 18:11]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-622961194-3611557593-2110596406-1000Core.job

- c:\users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-06 16:43]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-622961194-3611557593-2110596406-1000UA.job

- c:\users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-06 16:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]

"Skytel"="Skytel.exe" [2008-07-15 1826816]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: constantcontact.com\www

Trusted Zone: convergysworkathome.com\www

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {89F9AA82-9B9F-4D1C-A637-33388558FAAC} - hxxp://webcal.weber.k12.ut.us/webcal/cab/ccuweb1_5_9.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\twlmg6ex.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe

c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe

c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe

c:\program files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe

c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe

.

**************************************************************************

.

Completion time: 2012-07-16 14:06:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-16 20:06

.

Pre-Run: 78,908,080,128 bytes free

Post-Run: 80,218,333,184 bytes free

.

- - End Of File - - 147A65BCB645C7EE658C8908119620AD

Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hello Maniac,

I've been away for the last few days and unable to get after this job but have finally done as you said and here are the results.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=76e7fe2df8f3f24e880997007a7f2c3b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-20 12:58:13

# local_time=2012-07-19 06:58:13 (-0700, Mountain Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 56 85281251 179337382 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=355132

# found=16

# cleaned=16

# scan_time=7217

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\14.07.2012_23.49.43\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\16.07.2012_13.07.15\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anne\Desktop\toshiba\Anne T. Hamilton\Local Settings\Temporary Internet Files\Content.IE5\RM1MGO2W\xv[1].htm Win32/Adware.Antivirus2008 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Anne\Documents\Anne T. Hamilton\Local Settings\Temporary Internet Files\Content.IE5\RM1MGO2W\xv[1].htm Win32/Adware.Antivirus2008 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Regards,

Link to post
Share on other sites

It appears that all the symptoms that were problematic in the past have been eliminated; no more blue screens or messages when opening/using Adobe Pro. It would appear that all is normal now I'm relieved to say. What concerns should I have going forward? Can I have confidence that the backdoor trojans are eliminated or should I refrain from doing any commerce on this machine?

Link to post
Share on other sites

Glad your system is good now, but never forget that you should always have one in mind for this system. There is no guarantee that we have eliminated on 100% this backdoor, but is not as the beginning.

Now, please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS and TDSSKiller.

Some malware prevention tips here:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 3 weeks later...

Hello again Maniac. Thanks for responding. I'm away from my wife's computer so will try to give you a thumbnail sketch and then have her attach the pertinent scan logs. We had good luck back in July with your help however, the message "WINRSCMDE has stopped working and was closed" began reappearing 2 days ago and the MBAM scan reveals several Trojans that reoccur after being dealt with post scan. I remember that you told us that we might never be able to guarantee the security of this computer after the previous infection and I wonder if this might be what you were speaking of or if this is another unrelated infection. Some coincidence if it is. We have the latest MBAM log and will have her download and attach the pertinent DDS logs as soon as I can. Again, thanks for reopening this and I'll have more shortly.

Link to post
Share on other sites

Hello Maniac!

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.09

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Anne :: ANNE-PC [administrator]

8/4/2012 4:53:50 PM

mbam-log-2012-08-04 (16-53-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206680

Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5348 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 28

HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> No action taken.

HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> No action taken.

HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.

HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> No action taken.

HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> No action taken.

HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> No action taken.

HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> No action taken.

HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> No action taken.

HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.

HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.

HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.

HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> No action taken.

HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> No action taken.

HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.

HKCR\CrossriderApp0005058.BHO (PUP.CrossFire.Gen) -> No action taken.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> No action taken.

HKCU\Software\Cr_Installer\5058 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.

Files Detected: 11

C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> No action taken.

C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> No action taken.

C:\Users\Anne\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.

C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.

C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> No action taken.

C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> No action taken.

C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickGui.exe (PUP.CrossRider.SSK) -> No action taken.

C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> No action taken.

C:\Users\Anne\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.

C:\Users\Anne\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Anne at 15:40:54 on 2012-08-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1436 [GMT -6:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\RtkAudioService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

-netsvcs

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Anne\AppData\Roaming\Qwiklinx\Qwiklinx.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

StartupFolder: C:\Users\Anne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: constantcontact.com\www

Trusted Zone: convergysworkathome.com\www

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {89F9AA82-9B9F-4D1C-A637-33388558FAAC} - hxxp://webcal.weber.k12.ut.us/webcal/cab/ccuweb1_5_9.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{C96A565A-EC46-4684-B828-45285EAFE7F0} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Anne\AppData\Roaming\Qwiklinx\Qwiklinx.dll

BHO-X64: Qwiklinx - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

BHO-X64: AOL Toolbar BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll

BHO-X64: Privacy SafeGuard - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

BHO-X64: AOL Email Toolbar Loader - No File

TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun-x64: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\twlmg6ex.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=9e6eef7000000000000000214f4ab62f

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=KW_ss&mntrId=9e6eef7000000000000000214f4ab62f&q=

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 9e6eef7000000000000000214f4ab62f

FF - user.js: extensions.BabylonToolbar.instlDay - 15551

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.117:04:34

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=3112_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

FF - user.js: extensions.autoDisableScopes - 14

.

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-11 1161376]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120803.002\IDSviA64.sys [2012-8-3 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1307010.005\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMTDIV.SYS [?]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-7-16 138232]

R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-8-12 139808]

R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-9-2 103712]

R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-9-2 353568]

R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-9-2 62752]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-9-2 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-8-12 407392]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-6-20 415744]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-9-2 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-16 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9b487adae0f60;Google Update Service (gupdate1c9b487adae0f60);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-25 250056]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-3 133104]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-9-2 107808]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-05 02:48:56 20480 ----a-w- C:\Windows\svchost.exe

2012-08-05 02:36:12 -------- d-----w- C:\Users\Anne\AppData\Local\{D635B247-7946-418D-AC7F-5816027B2D19}

2012-08-05 02:32:54 -------- d-----w- C:\Users\Anne\AppData\Roaming\Titanium Gears

2012-07-30 23:06:05 -------- d-----w- C:\Users\Anne\AppData\Roaming\Qwiklinx

2012-07-30 23:06:05 -------- d-----w- C:\Program Files (x86)\Qwiklinx

2012-07-30 23:04:59 -------- d-----w- C:\ProgramData\Tarma Installer

2012-07-30 23:04:48 -------- d-----w- C:\Program Files\PrivacySafeGuard

2012-07-30 23:04:01 -------- d-----w- C:\Users\Anne\AppData\Roaming\Babylon

2012-07-30 23:04:01 -------- d-----w- C:\ProgramData\Babylon

2012-07-30 22:35:16 -------- d-----w- C:\Program Files (x86)\AMP Font Viewer

2012-07-25 18:50:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-25 16:52:58 -------- d-----w- C:\Ancestry

2012-07-22 16:50:50 -------- d-----w- C:\Politics

2012-07-16 20:31:11 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-07-16 20:31:11 -------- d-----w- C:\Program Files\Symantec

2012-07-16 20:29:48 737912 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys

2012-07-16 20:29:48 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymDS64.sys

2012-07-16 20:29:48 445560 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symtdiv.sys

2012-07-16 20:29:48 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys

2012-07-16 20:29:48 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys

2012-07-16 20:29:48 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\Ironx64.sys

2012-07-16 20:29:48 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\ccSetx64.sys

2012-07-16 20:29:48 1092728 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymEFA64.sys

2012-07-16 20:29:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307010.005

2012-07-16 20:29:42 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-07-16 20:29:41 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-07-16 20:29:29 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-07-16 20:06:38 -------- d-----w- C:\Users\Anne\AppData\Local\temp

2012-07-16 20:00:22 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-15 03:53:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-12 19:16:00 -------- d-----w- C:\Users\Anne\AppData\Roaming\Malwarebytes

2012-07-12 19:15:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-12 19:15:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-12 19:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 07:02:45 2769408 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2012-08-03 11:14:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 15:42:37.53 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/24/2008 9:35:24 AM

System Uptime: 8/4/2012 8:47:24 PM (19 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | N/A | 2267/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 74.612 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1044: 7/15/2012 12:31:00 AM - Scheduled Checkpoint

RP1045: 7/16/2012 1:25:00 AM - Scheduled Checkpoint

RP1046: 7/16/2012 4:01:35 PM - Device Driver Package Install: Canon Printers

RP1047: 7/18/2012 12:00:08 AM - Scheduled Checkpoint

RP1048: 7/19/2012 9:08:50 PM - Scheduled Checkpoint

RP1049: 7/21/2012 - Scheduled Checkpoint

RP1050: 7/22/2012 12:58:36 AM - Scheduled Checkpoint

RP1051: 7/23/2012 12:00:02 AM - Scheduled Checkpoint

RP1052: 7/25/2012 12:00:28 PM - Scheduled Checkpoint

RP1053: 7/26/2012 10:26:23 AM - Scheduled Checkpoint

RP1054: 7/27/2012 12:00:03 AM - Scheduled Checkpoint

RP1055: 7/28/2012 12:00:03 AM - Scheduled Checkpoint

RP1056: 7/29/2012 12:00:03 AM - Scheduled Checkpoint

RP1057: 7/30/2012 1:11:53 AM - Scheduled Checkpoint

RP1058: 7/31/2012 8:11:24 PM - Scheduled Checkpoint

RP1059: 8/4/2012 2:07:14 AM - Scheduled Checkpoint

RP1060: 8/4/2012 6:28:21 PM - Removed BabylonObjectInstaller

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

3D Home Architect Design Suite Deluxe 8

7-Zip 9.21

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 7.0

Adobe Reader X (10.1.2)

AKVIS Sketch

AMP Font Viewer

AOL Email Toolbar

AOL Registration

AOL Toolbar 5.0

ArcSoft Magic-i Visual Effects

ArcSoft WebCam Companion 2

BlackBerry Desktop Software 6.1

BlackBerry USB and Modem Drivers 6.1

BlackBerry USB Drivers

BlackBerry v4.2.2 for the 8320 Series Wireless Handheld

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 2.1

Canon MX860 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Click to Disc

Click to Disc Editor

Compatibility Pack for the 2007 Office system

Constant Contact QuickImport v2 for Outlook

Coupon Printer for Windows

D3DX10

Download Updater (AOL LLC)

Free Files Unzip

GEAR driver installer for x86 and x64

Google Chrome

Google Earth Plug-in

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 26

Java SE Runtime Environment 6

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Mozilla Firefox (3.6.13)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Music Oasis

Music Transfer

Musicnotes Software Suite 1.5.5

Napster

Napster Burn Engine

Norton Internet Security

OpenMG Secure Module 5.1.00

Photo to Sketch 4.0

Pinnacle Instant DVD Recorder

Primo

QuickBooks Simple Start 2008

QuickTime

Qwiklinx

Realtek High Definition Audio Driver

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Segoe UI

Setting Utility Series

Shipping Assistant 3.6

SmartWi Connection Utility

Snagit 9.1.3

Sony Picture Utility

Sony Video Shared Library

Spelling Dictionaries Support For Adobe Reader 9

SupportSoft Assisted Service

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VAIO Care

VAIO Content Folder Setting

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Manager Setting

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Launcher

VAIO Media plus

VAIO Movie Story

VAIO Movie Story Template Data

VAIO MusicBox

VAIO MusicBox Sample Music

VAIO My Memory Center

VAIO OOBE and Welcome Center

VAIO Original Function Setting

VAIO Power Management

VAIO Startup Assistant

VAIO Survey

VAIO Update 4

VAIO Wallpaper Contents

VAIO Wireless Wizard

Virtual Painter 5 trial (Standalone)

VZAccess Manager

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinDVD for VAIO

.

==== Event Viewer Messages From Past Week ========

.

8/5/2012 10:56:32 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

8/4/2012 8:49:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/4/2012 8:48:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep DMICall

8/4/2012 8:47:48 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/4/2012 5:11:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment UPnP Client Adapter service to connect.

8/4/2012 5:11:53 PM, Error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/4/2012 5:11:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Vcsw with arguments "" in order to run the server: {AD824619-9A64-4DFF-9426-4111B582A967}

8/4/2012 4:40:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

8/4/2012 4:39:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

8/1/2012 7:39:02 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Merged directory1, owned by Anne, failed to print on printer Canon MX860 series Printer (Copy 1). Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 8027012. Number of bytes printed: 3680260. Total number of pages in the document: 8. Number of pages printed: 0. Client computer: \\ANNE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.

8/1/2012 6:52:49 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Merged directory1, owned by Anne, failed to print on printer Canon MX860 series Printer (Copy 1). Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 4194672. Number of bytes printed: 3647764. Total number of pages in the document: 4. Number of pages printed: 0. Client computer: \\ANNE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.

.

==== End Of File ===========================

Link to post
Share on other sites

If you remember, I already warning you about this backdoor.

Delete your TDSSKiller copy and then download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Here's the TDSSKiller log you requested. I had asked LDTate whether this infection might be a result of the back door being left open as you suggested it might, and I see by your reply that that is likely the case. I'll have more questions I'm sure after we proceed with this fix.

Thanks

09:04:57.0164 8108 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:04:57.0772 8108 ============================================================

09:04:57.0772 8108 Current date / time: 2012/08/06 09:04:57.0772

09:04:57.0772 8108 SystemInfo:

09:04:57.0772 8108

09:04:57.0772 8108 OS Version: 6.0.6002 ServicePack: 2.0

09:04:57.0772 8108 Product type: Workstation

09:04:57.0772 8108 ComputerName: ANNE-PC

09:04:57.0772 8108 UserName: Anne

09:04:57.0772 8108 Windows directory: C:\Windows

09:04:57.0772 8108 System windows directory: C:\Windows

09:04:57.0772 8108 Running under WOW64

09:04:57.0772 8108 Processor architecture: Intel x64

09:04:57.0772 8108 Number of processors: 2

09:04:57.0772 8108 Page size: 0x1000

09:04:57.0772 8108 Boot type: Normal boot

09:04:57.0772 8108 ============================================================

09:04:58.0599 8108 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:04:58.0661 8108 ============================================================

09:04:58.0661 8108 \Device\Harddisk0\DR0:

09:04:58.0661 8108 MBR partitions:

09:04:58.0661 8108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1436800, BlocksNum 0x23FF7AB0

09:04:58.0661 8108 ============================================================

09:04:58.0786 8108 C: <-> \Device\Harddisk0\DR0\Partition0

09:04:58.0786 8108 ============================================================

09:04:58.0786 8108 Initialize success

09:04:58.0786 8108 ============================================================

09:05:52.0247 6288 ============================================================

09:05:52.0247 6288 Scan started

09:05:52.0247 6288 Mode: Manual; SigCheck; TDLFS;

09:05:52.0247 6288 ============================================================

09:05:54.0665 6288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

09:05:54.0806 6288 ACPI - ok

09:05:54.0962 6288 AdobeActiveFileMonitor7.0 (3c6588070959c94bcd1c9d2f05b614d5) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

09:05:55.0227 6288 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - warning

09:05:55.0227 6288 AdobeActiveFileMonitor7.0 - detected UnsignedFile.Multi.Generic (1)

09:05:55.0383 6288 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:05:55.0399 6288 AdobeARMservice - ok

09:05:55.0586 6288 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:05:55.0617 6288 AdobeFlashPlayerUpdateSvc - ok

09:05:55.0773 6288 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

09:05:55.0929 6288 adp94xx - ok

09:05:56.0038 6288 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

09:05:56.0179 6288 adpahci - ok

09:05:56.0241 6288 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

09:05:56.0272 6288 adpu160m - ok

09:05:56.0319 6288 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

09:05:56.0366 6288 adpu320 - ok

09:05:56.0459 6288 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

09:05:56.0709 6288 AeLookupSvc - ok

09:05:56.0818 6288 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

09:05:56.0896 6288 AFD - ok

09:05:56.0959 6288 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

09:05:56.0990 6288 agp440 - ok

09:05:57.0037 6288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

09:05:57.0083 6288 aic78xx - ok

09:05:57.0115 6288 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

09:05:57.0317 6288 ALG - ok

09:05:57.0395 6288 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

09:05:57.0411 6288 aliide - ok

09:05:57.0411 6288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

09:05:57.0427 6288 amdide - ok

09:05:57.0473 6288 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

09:05:57.0567 6288 AmdK8 - ok

09:05:57.0629 6288 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys

09:05:57.0661 6288 ApfiltrService - ok

09:05:57.0707 6288 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

09:05:57.0785 6288 Appinfo - ok

09:05:57.0832 6288 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

09:05:57.0863 6288 arc - ok

09:05:57.0895 6288 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

09:05:57.0910 6288 arcsas - ok

09:05:57.0973 6288 ArcSoftKsUFilter (59d2ba1b18f14d0b49b830dc452261b0) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

09:05:58.0004 6288 ArcSoftKsUFilter - ok

09:05:58.0129 6288 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:05:58.0160 6288 aspnet_state - ok

09:05:58.0191 6288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

09:05:58.0316 6288 AsyncMac - ok

09:05:58.0347 6288 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

09:05:58.0378 6288 atapi - ok

09:05:58.0597 6288 atikmdag (f3631ca5f0309ee4f941ea1e37e5ca60) C:\Windows\system32\DRIVERS\atikmdag.sys

09:05:58.0924 6288 atikmdag - ok

09:05:59.0111 6288 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:05:59.0236 6288 AudioEndpointBuilder - ok

09:05:59.0252 6288 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:05:59.0345 6288 AudioSrv - ok

09:05:59.0408 6288 Beep - ok

09:05:59.0486 6288 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

09:05:59.0611 6288 BFE - ok

09:05:59.0954 6288 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

09:06:00.0047 6288 BHDrvx64 - ok

09:06:00.0266 6288 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

09:06:00.0406 6288 BITS - ok

09:06:00.0500 6288 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

09:06:00.0562 6288 blbdrive - ok

09:06:00.0593 6288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

09:06:00.0640 6288 bowser - ok

09:06:00.0671 6288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

09:06:00.0718 6288 BrFiltLo - ok

09:06:00.0765 6288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

09:06:00.0796 6288 BrFiltUp - ok

09:06:00.0843 6288 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

09:06:00.0937 6288 Browser - ok

09:06:00.0968 6288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

09:06:01.0186 6288 Brserid - ok

09:06:01.0202 6288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

09:06:01.0358 6288 BrSerWdm - ok

09:06:01.0389 6288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

09:06:01.0498 6288 BrUsbMdm - ok

09:06:01.0514 6288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

09:06:01.0592 6288 BrUsbSer - ok

09:06:01.0654 6288 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys

09:06:01.0701 6288 BthEnum - ok

09:06:01.0748 6288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

09:06:01.0841 6288 BTHMODEM - ok

09:06:01.0873 6288 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

09:06:01.0935 6288 BthPan - ok

09:06:02.0029 6288 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys

09:06:02.0107 6288 BTHPORT - ok

09:06:02.0153 6288 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll

09:06:02.0231 6288 BthServ - ok

09:06:02.0309 6288 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys

09:06:02.0372 6288 BTHUSB - ok

09:06:02.0434 6288 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys

09:06:02.0465 6288 btwaudio - ok

09:06:02.0512 6288 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys

09:06:02.0543 6288 btwavdt - ok

09:06:02.0637 6288 btwdins (f1e307cd7db62855fc0304605278f61f) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

09:06:02.0684 6288 btwdins - ok

09:06:02.0715 6288 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys

09:06:02.0731 6288 btwl2cap - ok

09:06:02.0746 6288 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys

09:06:02.0762 6288 btwrchid - ok

09:06:02.0762 6288 catchme - ok

09:06:02.0809 6288 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

09:06:02.0902 6288 CAXHWAZL - ok

09:06:02.0996 6288 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys

09:06:03.0027 6288 ccSet_NIS - ok

09:06:03.0074 6288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

09:06:03.0152 6288 cdfs - ok

09:06:03.0230 6288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

09:06:03.0292 6288 cdrom - ok

09:06:03.0401 6288 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:06:03.0448 6288 CertPropSvc - ok

09:06:03.0479 6288 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

09:06:03.0573 6288 circlass - ok

09:06:03.0635 6288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

09:06:03.0667 6288 CLFS - ok

09:06:03.0791 6288 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:06:03.0807 6288 clr_optimization_v2.0.50727_32 - ok

09:06:03.0869 6288 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:06:03.0885 6288 clr_optimization_v2.0.50727_64 - ok

09:06:04.0025 6288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:06:04.0057 6288 clr_optimization_v4.0.30319_32 - ok

09:06:04.0119 6288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:06:04.0150 6288 clr_optimization_v4.0.30319_64 - ok

09:06:04.0197 6288 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

09:06:04.0306 6288 CmBatt - ok

09:06:04.0322 6288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

09:06:04.0353 6288 cmdide - ok

09:06:04.0369 6288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

09:06:04.0384 6288 Compbatt - ok

09:06:04.0400 6288 COMSysApp - ok

09:06:04.0400 6288 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

09:06:04.0415 6288 crcdisk - ok

09:06:04.0493 6288 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

09:06:04.0540 6288 CryptSvc - ok

09:06:04.0665 6288 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:06:04.0743 6288 DcomLaunch - ok

09:06:04.0790 6288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

09:06:04.0837 6288 DfsC - ok

09:06:05.0008 6288 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

09:06:05.0242 6288 DFSR - ok

09:06:05.0507 6288 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

09:06:05.0539 6288 Dhcp - ok

09:06:05.0632 6288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

09:06:05.0648 6288 disk - ok

09:06:05.0679 6288 DMICall - ok

09:06:05.0741 6288 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

09:06:05.0788 6288 Dnscache - ok

09:06:05.0835 6288 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

09:06:05.0882 6288 dot3svc - ok

09:06:05.0944 6288 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

09:06:06.0007 6288 Dot4 - ok

09:06:06.0038 6288 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

09:06:06.0116 6288 Dot4Print - ok

09:06:06.0163 6288 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

09:06:06.0225 6288 dot4usb - ok

09:06:06.0272 6288 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

09:06:06.0412 6288 DPS - ok

09:06:06.0475 6288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

09:06:06.0521 6288 drmkaud - ok

09:06:06.0599 6288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

09:06:06.0646 6288 DXGKrnl - ok

09:06:06.0693 6288 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

09:06:06.0740 6288 E1G60 - ok

09:06:06.0787 6288 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

09:06:06.0833 6288 EapHost - ok

09:06:06.0911 6288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

09:06:06.0927 6288 Ecache - ok

09:06:07.0067 6288 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

09:06:07.0099 6288 eeCtrl - ok

09:06:07.0161 6288 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

09:06:07.0223 6288 ehRecvr - ok

09:06:07.0255 6288 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

09:06:07.0286 6288 ehSched - ok

09:06:07.0301 6288 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

09:06:07.0426 6288 ehstart - ok

09:06:07.0473 6288 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

09:06:07.0504 6288 elxstor - ok

09:06:07.0567 6288 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

09:06:07.0645 6288 EMDMgmt - ok

09:06:07.0801 6288 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:06:07.0832 6288 EraserUtilRebootDrv - ok

09:06:07.0863 6288 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

09:06:07.0972 6288 ErrDev - ok

09:06:08.0050 6288 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

09:06:08.0159 6288 EventSystem - ok

09:06:08.0393 6288 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

09:06:08.0534 6288 EvtEng ( UnsignedFile.Multi.Generic ) - warning

09:06:08.0534 6288 EvtEng - detected UnsignedFile.Multi.Generic (1)

09:06:08.0705 6288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

09:06:08.0768 6288 exfat - ok

09:06:08.0830 6288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

09:06:08.0908 6288 fastfat - ok

09:06:08.0955 6288 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

09:06:09.0064 6288 fdc - ok

09:06:09.0095 6288 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

09:06:09.0142 6288 fdPHost - ok

09:06:09.0158 6288 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

09:06:09.0220 6288 FDResPub - ok

09:06:09.0267 6288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

09:06:09.0283 6288 FileInfo - ok

09:06:09.0298 6288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

09:06:09.0361 6288 Filetrace - ok

09:06:09.0501 6288 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

09:06:09.0579 6288 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

09:06:09.0579 6288 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

09:06:09.0610 6288 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:06:09.0657 6288 flpydisk - ok

09:06:09.0719 6288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

09:06:09.0735 6288 FltMgr - ok

09:06:09.0844 6288 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

09:06:09.0938 6288 FontCache - ok

09:06:10.0047 6288 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:06:10.0063 6288 FontCache3.0.0.0 - ok

09:06:10.0109 6288 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

09:06:10.0125 6288 fssfltr - ok

09:06:10.0343 6288 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:06:10.0421 6288 fsssvc - ok

09:06:10.0562 6288 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

09:06:10.0609 6288 Fs_Rec - ok

09:06:10.0640 6288 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

09:06:10.0655 6288 gagp30kx - ok

09:06:10.0733 6288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys

09:06:10.0749 6288 GEARAspiWDM - ok

09:06:10.0827 6288 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

09:06:10.0874 6288 gpsvc - ok

09:06:11.0045 6288 gupdate1c9b487adae0f60 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:06:11.0061 6288 gupdate1c9b487adae0f60 - ok

09:06:11.0077 6288 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:06:11.0092 6288 gupdatem - ok

09:06:11.0139 6288 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:06:11.0155 6288 gusvc - ok

09:06:11.0201 6288 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

09:06:11.0311 6288 HdAudAddService - ok

09:06:11.0420 6288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:06:11.0498 6288 HDAudBus - ok

09:06:11.0529 6288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

09:06:11.0607 6288 HidBth - ok

09:06:11.0654 6288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

09:06:11.0732 6288 HidIr - ok

09:06:11.0810 6288 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

09:06:11.0841 6288 hidserv - ok

09:06:11.0857 6288 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys

09:06:11.0950 6288 HidUsb - ok

09:06:11.0981 6288 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

09:06:12.0044 6288 hkmsvc - ok

09:06:12.0091 6288 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

09:06:12.0106 6288 HpCISSs - ok

09:06:12.0153 6288 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

09:06:12.0215 6288 HSFHWAZL - ok

09:06:12.0309 6288 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys

09:06:12.0403 6288 HSF_DPV - ok

09:06:12.0668 6288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

09:06:12.0871 6288 HTTP - ok

09:06:12.0902 6288 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

09:06:12.0949 6288 i2omp - ok

09:06:12.0980 6288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

09:06:13.0042 6288 i8042prt - ok

09:06:13.0105 6288 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys

09:06:13.0120 6288 iaStor - ok

09:06:13.0151 6288 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

09:06:13.0183 6288 iaStorV - ok

09:06:13.0261 6288 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:06:13.0276 6288 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:06:13.0276 6288 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:06:13.0417 6288 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:06:13.0463 6288 idsvc - ok

09:06:13.0807 6288 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120803.002\IDSvia64.sys

09:06:13.0853 6288 IDSVia64 - ok

09:06:14.0446 6288 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:06:14.0899 6288 igfx - ok

09:06:15.0055 6288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

09:06:15.0070 6288 iirsp - ok

09:06:15.0148 6288 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

09:06:15.0226 6288 IKEEXT - ok

09:06:15.0335 6288 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys

09:06:15.0429 6288 IntcAzAudAddService - ok

09:06:15.0757 6288 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys

09:06:15.0819 6288 IntcHdmiAddService - ok

09:06:15.0866 6288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

09:06:15.0913 6288 intelide - ok

09:06:15.0944 6288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

09:06:16.0006 6288 intelppm - ok

09:06:16.0069 6288 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

09:06:16.0131 6288 IPBusEnum - ok

09:06:16.0193 6288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:06:16.0240 6288 IpFilterDriver - ok

09:06:16.0318 6288 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

09:06:16.0396 6288 iphlpsvc - ok

09:06:16.0396 6288 IpInIp - ok

09:06:16.0443 6288 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

09:06:16.0583 6288 IPMIDRV - ok

09:06:16.0615 6288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

09:06:16.0693 6288 IPNAT - ok

09:06:16.0708 6288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

09:06:16.0771 6288 IRENUM - ok

09:06:16.0817 6288 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

09:06:16.0833 6288 isapnp - ok

09:06:16.0880 6288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

09:06:16.0911 6288 iScsiPrt - ok

09:06:16.0942 6288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

09:06:16.0958 6288 iteatapi - ok

09:06:17.0005 6288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

09:06:17.0020 6288 iteraid - ok

09:06:17.0114 6288 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

09:06:17.0129 6288 IviRegMgr - ok

09:06:17.0161 6288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

09:06:17.0176 6288 kbdclass - ok

09:06:17.0192 6288 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

09:06:17.0270 6288 kbdhid - ok

09:06:17.0301 6288 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:06:17.0348 6288 KeyIso - ok

09:06:17.0410 6288 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

09:06:17.0441 6288 KSecDD - ok

09:06:17.0488 6288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

09:06:17.0629 6288 ksthunk - ok

09:06:17.0675 6288 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

09:06:17.0785 6288 KtmRm - ok

09:06:17.0847 6288 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

09:06:17.0894 6288 LanmanServer - ok

09:06:17.0956 6288 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

09:06:18.0003 6288 LanmanWorkstation - ok

09:06:18.0034 6288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

09:06:18.0097 6288 lltdio - ok

09:06:18.0143 6288 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

09:06:18.0221 6288 lltdsvc - ok

09:06:18.0253 6288 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

09:06:18.0315 6288 lmhosts - ok

09:06:18.0362 6288 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

09:06:18.0377 6288 LSI_FC - ok

09:06:18.0393 6288 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

09:06:18.0424 6288 LSI_SAS - ok

09:06:18.0440 6288 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

09:06:18.0455 6288 LSI_SCSI - ok

09:06:18.0533 6288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

09:06:18.0596 6288 luafv - ok

09:06:18.0627 6288 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

09:06:18.0658 6288 Mcx2Svc - ok

09:06:18.0689 6288 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

09:06:18.0721 6288 mdmxsdk - ok

09:06:18.0752 6288 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

09:06:18.0767 6288 megasas - ok

09:06:18.0814 6288 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

09:06:18.0845 6288 MegaSR - ok

09:06:18.0861 6288 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:06:18.0923 6288 MMCSS - ok

09:06:18.0939 6288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

09:06:19.0001 6288 Modem - ok

09:06:19.0033 6288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

09:06:19.0064 6288 monitor - ok

09:06:19.0095 6288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

09:06:19.0111 6288 mouclass - ok

09:06:19.0126 6288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

09:06:19.0189 6288 mouhid - ok

09:06:19.0220 6288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

09:06:19.0235 6288 MountMgr - ok

09:06:19.0251 6288 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

09:06:19.0267 6288 mpio - ok

09:06:19.0298 6288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

09:06:19.0345 6288 mpsdrv - ok

09:06:19.0438 6288 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

09:06:19.0501 6288 MpsSvc - ok

09:06:19.0579 6288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

09:06:19.0594 6288 Mraid35x - ok

09:06:19.0641 6288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

09:06:19.0672 6288 MRxDAV - ok

09:06:19.0735 6288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:06:19.0766 6288 mrxsmb - ok

09:06:19.0828 6288 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:06:19.0859 6288 mrxsmb10 - ok

09:06:19.0875 6288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:06:19.0906 6288 mrxsmb20 - ok

09:06:19.0953 6288 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

09:06:19.0969 6288 msahci - ok

09:06:20.0093 6288 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

09:06:20.0109 6288 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning

09:06:20.0109 6288 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)

09:06:20.0140 6288 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

09:06:20.0171 6288 msdsm - ok

09:06:20.0218 6288 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

09:06:20.0327 6288 MSDTC - ok

09:06:20.0359 6288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

09:06:20.0421 6288 Msfs - ok

09:06:20.0452 6288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

09:06:20.0468 6288 msisadrv - ok

09:06:20.0515 6288 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

09:06:20.0624 6288 MSiSCSI - ok

09:06:20.0624 6288 msiserver - ok

09:06:20.0671 6288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

09:06:20.0733 6288 MSKSSRV - ok

09:06:20.0749 6288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

09:06:20.0827 6288 MSPCLOCK - ok

09:06:20.0858 6288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

09:06:20.0920 6288 MSPQM - ok

09:06:20.0967 6288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

09:06:20.0998 6288 MsRPC - ok

09:06:21.0014 6288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

09:06:21.0029 6288 mssmbios - ok

09:06:21.0061 6288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

09:06:21.0139 6288 MSTEE - ok

09:06:21.0170 6288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

09:06:21.0185 6288 Mup - ok

09:06:21.0248 6288 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

09:06:21.0310 6288 napagent - ok

09:06:21.0373 6288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

09:06:21.0419 6288 NativeWifiP - ok

09:06:21.0669 6288 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120805.009\ENG64.SYS

09:06:21.0700 6288 NAVENG - ok

09:06:21.0825 6288 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120805.009\EX64.SYS

09:06:21.0934 6288 NAVEX15 - ok

09:06:22.0121 6288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

09:06:22.0168 6288 NDIS - ok

09:06:22.0199 6288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

09:06:22.0231 6288 NdisTapi - ok

09:06:22.0246 6288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

09:06:22.0324 6288 Ndisuio - ok

09:06:22.0355 6288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

09:06:22.0402 6288 NdisWan - ok

09:06:22.0418 6288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

09:06:22.0480 6288 NDProxy - ok

09:06:22.0527 6288 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll

09:06:22.0605 6288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:06:22.0605 6288 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:06:22.0652 6288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

09:06:22.0714 6288 NetBIOS - ok

09:06:22.0761 6288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

09:06:22.0808 6288 netbt - ok

09:06:22.0855 6288 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:06:22.0870 6288 Netlogon - ok

09:06:22.0917 6288 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

09:06:22.0964 6288 Netman - ok

09:06:23.0104 6288 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:06:23.0135 6288 NetMsmqActivator - ok

09:06:23.0151 6288 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:06:23.0182 6288 NetPipeActivator - ok

09:06:23.0213 6288 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

09:06:23.0291 6288 netprofm - ok

09:06:23.0291 6288 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:06:23.0307 6288 NetTcpActivator - ok

09:06:23.0323 6288 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:06:23.0338 6288 NetTcpPortSharing - ok

09:06:23.0588 6288 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys

09:06:23.0884 6288 NETw5v64 - ok

09:06:24.0009 6288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

09:06:24.0025 6288 nfrd960 - ok

09:06:24.0134 6288 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

09:06:24.0165 6288 NIS - ok

09:06:24.0212 6288 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

09:06:24.0290 6288 NlaSvc - ok

09:06:24.0352 6288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

09:06:24.0399 6288 Npfs - ok

09:06:24.0477 6288 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

09:06:24.0539 6288 nsi - ok

09:06:24.0633 6288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

09:06:24.0680 6288 nsiproxy - ok

09:06:24.0805 6288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

09:06:24.0898 6288 Ntfs - ok

09:06:25.0054 6288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

09:06:25.0195 6288 Null - ok

09:06:25.0226 6288 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

09:06:25.0257 6288 nvraid - ok

09:06:25.0273 6288 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

09:06:25.0288 6288 nvstor - ok

09:06:25.0319 6288 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

09:06:25.0335 6288 nv_agp - ok

09:06:25.0351 6288 NwlnkFlt - ok

09:06:25.0351 6288 NwlnkFwd - ok

09:06:25.0475 6288 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:06:25.0507 6288 odserv - ok

09:06:25.0569 6288 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

09:06:25.0678 6288 ohci1394 - ok

09:06:25.0709 6288 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:06:25.0741 6288 ose - ok

09:06:25.0834 6288 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:06:25.0912 6288 p2pimsvc - ok

09:06:25.0912 6288 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:06:25.0959 6288 p2psvc - ok

09:06:26.0021 6288 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

09:06:26.0037 6288 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning

09:06:26.0037 6288 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)

09:06:26.0068 6288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

09:06:26.0162 6288 Parport - ok

09:06:26.0209 6288 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

09:06:26.0224 6288 partmgr - ok

09:06:26.0255 6288 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

09:06:26.0318 6288 PcaSvc - ok

09:06:26.0380 6288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

09:06:26.0396 6288 pci - ok

09:06:26.0427 6288 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

09:06:26.0443 6288 pciide - ok

09:06:26.0474 6288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

09:06:26.0489 6288 pcmcia - ok

09:06:26.0536 6288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

09:06:26.0614 6288 PEAUTH - ok

09:06:26.0708 6288 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

09:06:26.0755 6288 PerfHost - ok

09:06:26.0833 6288 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

09:06:26.0926 6288 pla - ok

09:06:27.0004 6288 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

09:06:27.0051 6288 PlugPlay - ok

09:06:27.0113 6288 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll

09:06:27.0113 6288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:06:27.0113 6288 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:06:27.0191 6288 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:06:27.0238 6288 PNRPAutoReg - ok

09:06:27.0238 6288 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:06:27.0285 6288 PNRPsvc - ok

09:06:27.0332 6288 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

09:06:27.0410 6288 PolicyAgent - ok

09:06:27.0488 6288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

09:06:27.0550 6288 PptpMiniport - ok

09:06:27.0581 6288 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

09:06:27.0706 6288 Processor - ok

09:06:27.0753 6288 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

09:06:27.0800 6288 ProfSvc - ok

09:06:27.0847 6288 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:06:27.0862 6288 ProtectedStorage - ok

09:06:27.0909 6288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

09:06:27.0940 6288 PSched - ok

09:06:27.0971 6288 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

09:06:27.0971 6288 PxHlpa64 - ok

09:06:28.0065 6288 QBCFMonitorService (0a2c21b3168f2efc3468b35ff5508cea) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

09:06:28.0081 6288 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

09:06:28.0081 6288 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

09:06:28.0112 6288 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

09:06:28.0127 6288 QBFCService ( UnsignedFile.Multi.Generic ) - warning

09:06:28.0127 6288 QBFCService - detected UnsignedFile.Multi.Generic (1)

09:06:28.0205 6288 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

09:06:28.0252 6288 ql2300 - ok

09:06:28.0315 6288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

09:06:28.0330 6288 ql40xx - ok

09:06:28.0377 6288 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

09:06:28.0408 6288 QWAVE - ok

09:06:28.0424 6288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

09:06:28.0455 6288 QWAVEdrv - ok

09:06:28.0486 6288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

09:06:28.0549 6288 RasAcd - ok

09:06:28.0580 6288 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

09:06:28.0642 6288 RasAuto - ok

09:06:28.0705 6288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:06:28.0767 6288 Rasl2tp - ok

09:06:28.0814 6288 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

09:06:28.0845 6288 RasMan - ok

09:06:28.0907 6288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

09:06:28.0970 6288 RasPppoe - ok

09:06:29.0017 6288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

09:06:29.0048 6288 RasSstp - ok

09:06:29.0110 6288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

09:06:29.0157 6288 rdbss - ok

09:06:29.0173 6288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:06:29.0219 6288 RDPCDD - ok

09:06:29.0251 6288 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

09:06:29.0329 6288 rdpdr - ok

09:06:29.0329 6288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

09:06:29.0391 6288 RDPENCDD - ok

09:06:29.0453 6288 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

09:06:29.0500 6288 RDPWD - ok

09:06:29.0641 6288 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

09:06:29.0734 6288 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

09:06:29.0734 6288 RegSrvc - detected UnsignedFile.Multi.Generic (1)

09:06:29.0797 6288 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

09:06:29.0890 6288 RemoteAccess - ok

09:06:29.0953 6288 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

09:06:29.0999 6288 RemoteRegistry - ok

09:06:30.0093 6288 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys

09:06:30.0140 6288 RFCOMM - ok

09:06:30.0155 6288 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys

09:06:30.0187 6288 rimsptsk - ok

09:06:30.0233 6288 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

09:06:30.0265 6288 RimUsb - ok

09:06:30.0343 6288 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

09:06:30.0389 6288 RimVSerPort - ok

09:06:30.0421 6288 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys

09:06:30.0467 6288 risdptsk - ok

09:06:30.0499 6288 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys

09:06:30.0561 6288 ROOTMODEM - ok

09:06:30.0592 6288 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

09:06:30.0639 6288 RpcLocator - ok

09:06:30.0717 6288 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:06:30.0764 6288 RpcSs - ok

09:06:30.0779 6288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

09:06:30.0826 6288 rspndr - ok

09:06:30.0873 6288 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys

09:06:30.0889 6288 RTHDMIAzAudService - ok

09:06:30.0920 6288 RtkAudioService (3437ad70e6d813c2a350b216de7ffcee) C:\Windows\RtkAudioService.exe

09:06:30.0935 6288 RtkAudioService - ok

09:06:30.0982 6288 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:06:30.0998 6288 SamSs - ok

09:06:31.0013 6288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

09:06:31.0029 6288 sbp2port - ok

09:06:31.0076 6288 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

09:06:31.0107 6288 SCardSvr - ok

09:06:31.0185 6288 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

09:06:31.0279 6288 Schedule - ok

09:06:31.0341 6288 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:06:31.0372 6288 SCPolicySvc - ok

09:06:31.0419 6288 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

09:06:31.0481 6288 sdbus - ok

09:06:31.0513 6288 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

09:06:31.0575 6288 SDRSVC - ok

09:06:31.0715 6288 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

09:06:31.0747 6288 SeaPort - ok

09:06:31.0762 6288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:06:31.0840 6288 secdrv - ok

09:06:31.0871 6288 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

09:06:31.0934 6288 seclogon - ok

09:06:31.0949 6288 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

09:06:31.0996 6288 SENS - ok

09:06:32.0027 6288 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

09:06:32.0121 6288 Serenum - ok

09:06:32.0137 6288 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

09:06:32.0230 6288 Serial - ok

09:06:32.0246 6288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

09:06:32.0324 6288 sermouse - ok

09:06:32.0371 6288 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

09:06:32.0433 6288 SessionEnv - ok

09:06:32.0480 6288 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

09:06:32.0511 6288 SFEP - ok

09:06:32.0542 6288 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

09:06:32.0589 6288 sffdisk - ok

09:06:32.0620 6288 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

09:06:32.0683 6288 sffp_mmc - ok

09:06:32.0698 6288 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

09:06:32.0745 6288 sffp_sd - ok

09:06:32.0776 6288 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys

09:06:32.0823 6288 sfloppy - ok

09:06:32.0917 6288 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

09:06:32.0963 6288 SharedAccess - ok

09:06:33.0026 6288 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

09:06:33.0073 6288 ShellHWDetection - ok

09:06:33.0119 6288 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

09:06:33.0135 6288 SiSRaid2 - ok

09:06:33.0151 6288 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

09:06:33.0182 6288 SiSRaid4 - ok

09:06:33.0338 6288 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

09:06:33.0447 6288 slsvc - ok

09:06:33.0603 6288 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

09:06:33.0665 6288 SLUINotify - ok

09:06:33.0759 6288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

09:06:33.0821 6288 Smb - ok

09:06:33.0962 6288 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS

09:06:33.0977 6288 SMSIVZAM5X64 - ok

09:06:34.0009 6288 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

09:06:34.0040 6288 SNMPTRAP - ok

09:06:34.0102 6288 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

09:06:34.0118 6288 SOHCImp - ok

09:06:34.0149 6288 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

09:06:34.0180 6288 SOHDms - ok

09:06:34.0196 6288 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

09:06:34.0211 6288 SOHDs - ok

09:06:34.0258 6288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

09:06:34.0274 6288 spldr - ok

09:06:34.0336 6288 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

09:06:34.0399 6288 Spooler - ok

09:06:34.0492 6288 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

09:06:34.0508 6288 SPTISRV ( UnsignedFile.Multi.Generic ) - warning

09:06:34.0508 6288 SPTISRV - detected UnsignedFile.Multi.Generic (1)

09:06:34.0648 6288 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSP64.SYS

09:06:34.0679 6288 SRTSP - ok

09:06:34.0711 6288 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS

09:06:34.0726 6288 SRTSPX - ok

09:06:34.0789 6288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

09:06:34.0867 6288 srv - ok

09:06:34.0929 6288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

09:06:35.0007 6288 srv2 - ok

09:06:35.0038 6288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

09:06:35.0069 6288 srvnet - ok

09:06:35.0101 6288 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

09:06:35.0163 6288 SSDPSRV - ok

09:06:35.0194 6288 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

09:06:35.0210 6288 SstpSvc - ok

09:06:35.0241 6288 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

09:06:35.0272 6288 StillCam - ok

09:06:35.0350 6288 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

09:06:35.0366 6288 stisvc - ok

09:06:35.0413 6288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

09:06:35.0428 6288 swenum - ok

09:06:35.0491 6288 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

09:06:35.0522 6288 swprv - ok

09:06:35.0569 6288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

09:06:35.0584 6288 Symc8xx - ok

09:06:35.0709 6288 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS

09:06:35.0725 6288 SymDS - ok

09:06:35.0787 6288 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS

09:06:35.0834 6288 SymEFA - ok

09:06:35.0896 6288 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

09:06:35.0912 6288 SymEvent - ok

09:06:35.0974 6288 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS

09:06:36.0005 6288 SymIRON - ok

09:06:36.0037 6288 SYMTDIv (a25fee245c78804601d83431386a0bee) C:\Windows\system32\drivers\NISx64\1307010.005\SYMTDIV.SYS

09:06:36.0068 6288 SYMTDIv - ok

09:06:36.0115 6288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

09:06:36.0146 6288 Sym_hi - ok

09:06:36.0161 6288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

09:06:36.0177 6288 Sym_u3 - ok

09:06:36.0271 6288 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

09:06:36.0364 6288 SysMain - ok

09:06:36.0411 6288 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

09:06:36.0442 6288 TabletInputService - ok

09:06:36.0505 6288 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

09:06:36.0567 6288 TapiSrv - ok

09:06:36.0598 6288 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

09:06:36.0645 6288 TBS - ok

09:06:36.0785 6288 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

09:06:36.0848 6288 Tcpip - ok

09:06:37.0082 6288 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

09:06:37.0144 6288 Tcpip6 - ok

09:06:37.0285 6288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

09:06:37.0347 6288 tcpipreg - ok

09:06:37.0394 6288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

09:06:37.0441 6288 TDPIPE - ok

09:06:37.0472 6288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

09:06:37.0534 6288 TDTCP - ok

09:06:37.0581 6288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

09:06:37.0628 6288 tdx - ok

09:06:37.0690 6288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

09:06:37.0706 6288 TermDD - ok

09:06:37.0768 6288 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

09:06:37.0846 6288 TermService - ok

09:06:37.0909 6288 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

09:06:37.0924 6288 Themes - ok

09:06:37.0971 6288 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:06:38.0002 6288 THREADORDER - ok

09:06:38.0049 6288 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

09:06:38.0080 6288 TrkWks - ok

09:06:38.0158 6288 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

09:06:38.0205 6288 TrustedInstaller - ok

09:06:38.0236 6288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:06:38.0267 6288 tssecsrv - ok

09:06:38.0299 6288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

09:06:38.0314 6288 tunmp - ok

09:06:38.0377 6288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

09:06:38.0408 6288 tunnel - ok

09:06:38.0423 6288 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

09:06:38.0439 6288 uagp35 - ok

09:06:38.0486 6288 uCamMonitor (a1cdf0e7cb409b05ee22f9035cb33c8b) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

09:06:38.0501 6288 uCamMonitor - ok

09:06:38.0564 6288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

09:06:38.0611 6288 udfs - ok

09:06:38.0642 6288 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

09:06:38.0704 6288 UI0Detect - ok

09:06:38.0735 6288 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

09:06:38.0751 6288 uliagpkx - ok

09:06:38.0782 6288 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

09:06:38.0813 6288 uliahci - ok

09:06:38.0845 6288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

09:06:38.0860 6288 UlSata - ok

09:06:38.0891 6288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

09:06:38.0907 6288 ulsata2 - ok

09:06:38.0923 6288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

09:06:38.0969 6288 umbus - ok

09:06:39.0016 6288 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

09:06:39.0125 6288 upnphost - ok

09:06:39.0188 6288 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

09:06:39.0235 6288 usbaudio - ok

09:06:39.0250 6288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

09:06:39.0297 6288 usbccgp - ok

09:06:39.0344 6288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

09:06:39.0453 6288 usbcir - ok

09:06:39.0469 6288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

09:06:39.0531 6288 usbehci - ok

09:06:39.0593 6288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

09:06:39.0640 6288 usbhub - ok

09:06:39.0687 6288 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

09:06:39.0765 6288 usbohci - ok

09:06:39.0812 6288 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

09:06:39.0859 6288 usbprint - ok

09:06:39.0874 6288 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

09:06:39.0921 6288 usbscan - ok

09:06:39.0983 6288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:06:40.0015 6288 USBSTOR - ok

09:06:40.0030 6288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

09:06:40.0061 6288 usbuhci - ok

09:06:40.0093 6288 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

09:06:40.0139 6288 usbvideo - ok

09:06:40.0186 6288 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

09:06:40.0217 6288 UxSms - ok

09:06:40.0311 6288 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

09:06:40.0327 6288 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

09:06:40.0327 6288 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

09:06:40.0389 6288 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

09:06:40.0405 6288 VAIO Event Service - ok

09:06:40.0483 6288 VAIO Power Management (564558b7cf97be373a3a800b4c4c5221) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

09:06:40.0498 6288 VAIO Power Management - ok

09:06:40.0545 6288 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

09:06:40.0576 6288 VCFw ( UnsignedFile.Multi.Generic ) - warning

09:06:40.0576 6288 VCFw - detected UnsignedFile.Multi.Generic (1)

09:06:40.0623 6288 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

09:06:40.0639 6288 VcmIAlzMgr - ok

09:06:40.0732 6288 VcmXmlIfHelper (5d45ab08c70f789cecf45543c3233767) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

09:06:40.0748 6288 VcmXmlIfHelper - ok

09:06:40.0748 6288 Vcsw - ok

09:06:40.0888 6288 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

09:06:40.0966 6288 vds - ok

09:06:41.0029 6288 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

09:06:41.0075 6288 vga - ok

09:06:41.0107 6288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

09:06:41.0185 6288 VgaSave - ok

09:06:41.0216 6288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

09:06:41.0231 6288 viaide - ok

09:06:41.0278 6288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

09:06:41.0294 6288 volmgr - ok

09:06:41.0372 6288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

09:06:41.0434 6288 volmgrx - ok

09:06:41.0481 6288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

09:06:41.0512 6288 volsnap - ok

09:06:41.0559 6288 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

09:06:41.0575 6288 vsmraid - ok

09:06:41.0684 6288 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

09:06:41.0824 6288 VSS - ok

09:06:41.0949 6288 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

09:06:41.0980 6288 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

09:06:41.0980 6288 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

09:06:42.0152 6288 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

09:06:42.0230 6288 W32Time - ok

09:06:42.0277 6288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

09:06:42.0339 6288 WacomPen - ok

09:06:42.0386 6288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:06:42.0433 6288 Wanarp - ok

09:06:42.0448 6288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:06:42.0479 6288 Wanarpv6 - ok

09:06:42.0526 6288 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

09:06:42.0604 6288 wcncsvc - ok

09:06:42.0651 6288 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

09:06:42.0729 6288 WcsPlugInService - ok

09:06:42.0760 6288 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

09:06:42.0776 6288 Wd - ok

09:06:42.0901 6288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:06:42.0932 6288 Wdf01000 - ok

09:06:42.0963 6288 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:06:43.0010 6288 WdiServiceHost - ok

09:06:43.0025 6288 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:06:43.0072 6288 WdiSystemHost - ok

09:06:43.0119 6288 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

09:06:43.0150 6288 WebClient - ok

09:06:43.0197 6288 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

09:06:43.0275 6288 Wecsvc - ok

09:06:43.0306 6288 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

09:06:43.0353 6288 wercplsupport - ok

09:06:43.0384 6288 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

09:06:43.0431 6288 WerSvc - ok

09:06:43.0493 6288 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

09:06:43.0525 6288 WimFltr - ok

09:06:43.0571 6288 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

09:06:43.0618 6288 winachsf - ok

09:06:43.0665 6288 WinDefend - ok

09:06:43.0665 6288 WinHttpAutoProxySvc - ok

09:06:43.0790 6288 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

09:06:43.0883 6288 Winmgmt - ok

09:06:44.0008 6288 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

09:06:44.0133 6288 WinRM - ok

09:06:44.0305 6288 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

09:06:44.0367 6288 Wlansvc - ok

09:06:44.0554 6288 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:06:44.0944 6288 wlidsvc - ok

09:06:45.0100 6288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

09:06:45.0194 6288 WmiAcpi - ok

09:06:45.0287 6288 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

09:06:45.0319 6288 wmiApSrv - ok

09:06:45.0350 6288 WMPNetworkSvc - ok

09:06:45.0381 6288 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

09:06:45.0428 6288 WPCSvc - ok

09:06:45.0475 6288 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

09:06:45.0537 6288 WPDBusEnum - ok

09:06:45.0584 6288 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

09:06:45.0615 6288 WpdUsb - ok

09:06:45.0787 6288 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:06:45.0818 6288 WPFFontCache_v0400 - ok

09:06:45.0880 6288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

09:06:45.0927 6288 ws2ifsl - ok

09:06:46.0021 6288 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

09:06:46.0036 6288 wscsvc - ok

09:06:46.0067 6288 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

09:06:46.0130 6288 WSDPrintDevice - ok

09:06:46.0130 6288 WSearch - ok

09:06:46.0301 6288 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

09:06:46.0426 6288 wuauserv - ok

09:06:46.0645 6288 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:06:46.0723 6288 WUDFRd - ok

09:06:46.0769 6288 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

09:06:46.0816 6288 wudfsvc - ok

09:06:46.0847 6288 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys

09:06:46.0863 6288 XAudio - ok

09:06:46.0957 6288 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe

09:06:46.0988 6288 XAudioService - ok

09:06:47.0035 6288 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys

09:06:47.0097 6288 yukonx64 - ok

09:06:47.0128 6288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

09:06:47.0191 6288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

09:06:47.0191 6288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

09:06:47.0939 6288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:06:47.0939 6288 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:06:47.0971 6288 Boot (0x1200) (14eed46980fb379f0d150768eb463532) \Device\Harddisk0\DR0\Partition0

09:06:47.0971 6288 \Device\Harddisk0\DR0\Partition0 - ok

09:06:47.0986 6288 ============================================================

09:06:47.0986 6288 Scan finished

09:06:47.0986 6288 ============================================================

09:06:48.0002 3504 Detected object count: 17

09:06:48.0002 3504 Actual detected object count: 17

09:08:58.0324 3504 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0324 3504 AdobeActiveFileMonitor7.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0324 3504 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0324 3504 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0324 3504 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0324 3504 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0324 3504 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0324 3504 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0324 3504 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0324 3504 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0340 3504 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0340 3504 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0340 3504 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0340 3504 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0340 3504 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0340 3504 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0340 3504 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0340 3504 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0355 3504 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0355 3504 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0355 3504 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0355 3504 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0355 3504 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0355 3504 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0355 3504 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0355 3504 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0355 3504 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0355 3504 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:58.0371 3504 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

09:08:58.0371 3504 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:08:59.0135 3504 \Device\Harddisk0\DR0\# - copied to quarantine

09:08:59.0135 3504 \Device\Harddisk0\DR0 - copied to quarantine

09:08:59.0182 3504 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

09:08:59.0182 3504 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

09:08:59.0198 3504 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

09:08:59.0198 3504 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

09:08:59.0213 3504 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

09:08:59.0213 3504 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

09:08:59.0229 3504 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

09:08:59.0245 3504 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

09:08:59.0260 3504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

09:08:59.0260 3504 \Device\Harddisk0\DR0 - ok

09:09:00.0212 3504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

09:09:00.0212 3504 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:09:00.0212 3504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:09:19.0064 0624 Deinitialize success

Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for these:

09:09:00.0212 3504 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:09:00.0212 3504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.