sexysarah Posted November 11, 2012 ID:612049 Share Posted November 11, 2012 Hi, I got a brand new laptop 3 weeks or so ago. Today Its running really slow. So I tried running MBAB, the result was bad, like real bad. Malwarebytes Anti-Malware (Trial) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.11.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Hala :: HALA-VAIO [administrator]Protection: Enabled11/11/2012 11:29:30 AMmbam-log-2012-11-11 (11-29-30).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 360257Time elapsed: 57 minute(s), 7 second(s)Memory Processes Detected: 4C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.CP) -> 4420 -> Delete on reboot.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> 4964 -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> 4980 -> Delete on reboot.C:\Windows\svchost.exe (Trojan.Agent) -> 5316 -> Delete on reboot.Memory Modules Detected: 3C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar) -> Delete on reboot.Registry Keys Detected: 168HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{8e74a826-02ac-4edf-8827-7cfde086fb48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{a66eec44-aa6d-4af2-bf75-490e2ca17ae9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{0243D748-2F31-42C0-AC9D-17A44DC93907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{74cef9d2-506a-4bc6-b577-4f6505317fba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{1265ae6e-5141-468b-ab11-67ece832f5e8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{4C7D4EF1-B4DE-4D32-AEDE-4D16E24431A5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{716f0a7a-66f8-4c51-9ef2-be22e0ea2f00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{39ae4193-9636-4786-a7e8-d0bed697cdf3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{bdfcf196-0622-41cf-bda6-d1cdb44ab5e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{55E0C5EA-CEB2-4B31-BF39-37194037C570} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{5489857c-d16b-4f23-a322-9f3d3423dc6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{6a751d61-7a6b-4999-bfd0-adf01a40f6f2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{3F7C4052-B2B0-452C-99CA-BABD1FCB297B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{779a6469-e20c-4517-9d59-394ee65e216c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{b8cbcb5a-9192-4122-b3de-bd139320ec09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{f6c482a5-17ae-43d3-a6ac-52a70674283c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{3436BC13-C898-4775-B1EA-BA224587010D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8CBCB5A-9192-4122-B3DE-BD139320EC09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{a1912af6-dfe3-48b1-bdfe-9a65259ac702} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{5dc6445c-89ce-4895-9eee-79449a453700} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{1856a7bd-de8c-488b-aa7a-5682d13166fc} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{92364364-56b2-4c54-aae3-a7d03a30c023} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{A0E4F729-E247-43D3-ADBA-A7BBCEE7B99F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1856A7BD-DE8C-488B-AA7A-5682D13166FC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{f0c8ccc2-baaa-4236-ad0a-22b5a401b9ef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{a50c4254-a6a2-48cb-a2d0-c5e0a53fd965} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{29092667-E116-4C0D-B53F-8C8511571185} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{d424710b-af83-49a6-9f26-033e0cf794b1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{bc61ca7a-6b81-47ec-b62d-ae1a236cadb9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TypeLib\{71e326b6-2dc3-40b7-93d8-3ceda9c83f53} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\Interface\{4691B0B0-2AB8-404C-BD83-DAB9E26BC177} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\BringMeSports_1c.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\Software\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.Registry Values Detected: 10HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vidshakeSA (Adware.HotBar.CP) -> Data: "C:\Users\Hala\AppData\Local\vidshakeSA\bin\1.0.7.0\vidshakeSA.exe" -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 11C:\Program Files (x86)\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0 (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0 (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\data (Adware.HotBar.VS) -> Delete on reboot.Files Detected: 106C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.CP) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar) -> Delete on reboot.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Delete on reboot.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1creghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1ctpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cuabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows\DRM\8164.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows\DRM\8194.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VH1LL9U\509312841ac13[1].exe (PUP.FakePlug) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23QS016W\uninstaller[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVJ32JOR\aol_checker[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEXGIB4A\509312398eab3[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Temp\0.5130699428170687 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\Temp\8222.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\VidShakeSACB.exe (Adware.HotBar.Gen) -> Quarantined and deleted successfully.C:\Users\Hala\Desktop\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.C:\Users\Hala\Desktop\Downloads\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\VidShakeUninstaller.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\VidShakeUninstaller.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.C:\Users\Hala\AppData\Local\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Delete on reboot.C:\Users\Hala\AppData\Local\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Delete on reboot.(end)Now after rebooting my laptop , A MBAB pop up keeps telling me that im infected with svchost.exe (Trojan.Agent)I scanned my laptopn again and here is the resultMalwarebytes Anti-Malware (Trial) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.11.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Hala :: HALA-VAIO [administrator]Protection: Enabled11/11/2012 12:41:25 PMmbam-log-2012-11-11 (12-41-25).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 353638Time elapsed: 57 minute(s), 11 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end)I rebooted my laptop and still got the same pop up. That im infected with svchost.exeCan someone help me ?Thank You Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612060 Share Posted November 11, 2012 Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete anything unless instructed to.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.Vista and Windows 7 users:These tools MUST be run from the executable (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.--------- Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612062 Share Posted November 11, 2012 Please download DDS from either of these linksLINK 1LINK 2and save it to your desktop.Disable any script blocking protectionRight-click and Run as Administrator dds to run the tool.When done, two DDS.txt's will open.Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt----------Please download aswMBR to your desktop. Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.Click the image to enlarge it----------Please download TDSSKillerDouble click TDSSKiller.exePress Start ScanDo Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correctitems.Attach the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\)---------- Link to post Share on other sites More sharing options...
sexysarah Posted November 11, 2012 Author ID:612091 Share Posted November 11, 2012 Hi , Thank You Very Much Jeff , I really apperciate it.DDS.txtDDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16450Run by Hala at 15:13:44 on 2012-11-11Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.1908 [GMT -8:00].AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\ProgramData\Premium\WxDFast\WxDFast.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Gate\VAIO Gate.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\AthBtTray.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Windows\System32\StikyNot.exec:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exeC:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exeC:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Sony\VAIO Smart Network\VSNService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Sony\VAIO Smart Network\VSNClient.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft\BingBar\BingBar.exeC:\Program Files (x86)\Microsoft\BingBar\BingApp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exeC:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exeC:\Program Files\Sony\VAIO Care\VCPerfService.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\sppsvc.exeC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Sony\VAIO Care\VCService.exeC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\System32\vds.exeC:\Program Files\Sony\VAIO Update Common\VUAgent.exeC:\Program Files\Sony\VAIO Care\VCAdmin.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://sony.msn.comuURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dlluURLSearchHooks: <No Name>: {06b5b051-1d05-443d-822f-39ab0d05f018} -mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dllmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dllBHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dllBHO: wxDownload Class: {47CA08BB-3387-E2F5-E7E6-5E0BA2B85343} - C:\ProgramData\wxDownload\509312840bb5f.ocxBHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: wxDownload Class: {8356F990-30E7-9A55-7BD9-7EEC0EC318F2} - C:\ProgramData\wxDownload\50775104de468.ocxBHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dllTB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dllTB: BringMeSports: {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dllTB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} -TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [Facebook Update] "C:\Users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeuRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dllIE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabTCP: NameServer = 192.168.2.1TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377}\0516E64616D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377}\649455355434552554 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10TCP: Interfaces\{7AB9BADE-DBD3-4696-BA38-DC654F894241} : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dllx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPOx64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dllx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: klogon - C:\Windows\System32\klogon.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\FF - prefs.js: browser.search.selectedEngine -FF - prefs.js: browser.search.defaulturl -FF - prefs.js: keyword.URL -FF - prefs.js: browser.startup.homepage -FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dllFF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dllFF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dllFF - plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Hala\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dllFF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; C:\Program Files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpiFF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; C:\Program Files (x86)\WordWeb\WCaptureMozFF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; C:\Program Files (x86)\BringMeSports_1c\bar\1.binFF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; C:\Program Files (x86)\TelevisionFanatic\bar\1.binFF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; C:\Program Files (x86)\WordWeb\WCaptureMoz.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-12-22 202296]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-26 13592]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-26 2429544]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-26 128280]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-26 161560]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-11 399432]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-11 676936]R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-3 1269208]R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-5 51200]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-6-26 105024]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-26 363800]R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-6-26 978056]R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-6-26 19968]R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 787736]R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-11 25928]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-26 339048]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-6-26 112256]S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-26 535688]S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-15 195320]S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-13 249648]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-11-11 21:45:56 20480 ----a-w- C:\Windows\svchost.exe2012-11-11 19:28:29 -------- d-----w- C:\Users\Hala\AppData\Roaming\Malwarebytes2012-11-11 19:28:18 -------- d-----w- C:\ProgramData\Malwarebytes2012-11-11 19:28:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-11-11 19:28:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-11 19:24:42 -------- d-----w- C:\Users\Hala\AppData\Local\{986EFAC7-A861-40C7-96AD-FECAABAD8C9C}2012-11-11 07:13:49 -------- d-----w- C:\Users\Hala\AppData\Local\{98F9ABB8-DA51-4F44-B2C7-D1E1277AA09B}2012-11-09 21:46:15 -------- d-----w- C:\Users\Hala\AppData\Local\Macromedia2012-11-09 21:45:07 -------- d-----w- C:\Users\Hala\AppData\Local\Mozilla2012-11-09 19:04:32 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll2012-11-08 17:59:48 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco2012-11-07 12:33:30 -------- d-----w- C:\Users\Hala\AppData\Local\{78F80C72-A690-4A6A-BCBB-55E19844553D}2012-11-06 06:53:01 -------- d-----w- C:\ProgramData\McAfee Security Scan2012-11-06 06:52:55 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan2012-11-05 19:27:47 -------- d-----w- C:\Users\Hala\AppData\Local\{CA79EC81-4197-4070-AF16-8AC16E32E92E}2012-11-02 03:13:56 -------- d-----w- C:\Users\Hala\AppData\Local\Price Check by AOL2012-11-02 03:13:53 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility2012-11-02 03:13:49 -------- d-----w- C:\Users\Hala\AppData\Local\AOL Toolbar2012-11-02 03:13:46 -------- d-----w- C:\ProgramData\Price Check by AOL2012-11-02 03:13:46 -------- d-----w- C:\Program Files (x86)\Price Check by AOL2012-11-02 03:13:38 -------- d-----w- C:\ProgramData\AOL Toolbar2012-11-02 03:13:38 -------- d-----w- C:\Program Files (x86)\AOL Toolbar2012-11-02 03:13:03 -------- d-----w- C:\Program Files (x86)\WxDownload2012-10-31 19:50:07 -------- d-----w- C:\Users\Hala\AppData\Local\{FFA52C86-EC6D-41EF-B9AA-6D087B42C349}2012-10-31 19:46:36 -------- d-----w- C:\Users\Hala\AppData\Local\{577959CF-8793-4492-9411-914FB3AD9AC0}2012-10-29 14:22:58 -------- d-----w- C:\Users\Hala\AppData\Local\{4EA06E10-29DF-4945-A1D9-07E3A6A8D6EB}2012-10-27 22:59:02 -------- d-----w- C:\Users\Hala\AppData\Local\{7DA1A486-9F50-4558-9F7C-FF71BE2B7FA9}2012-10-27 00:13:04 -------- d-----w- C:\Users\Hala\AppData\Local\{8B61E7C5-A732-4BB5-B304-704A53B86634}2012-10-24 14:11:45 -------- d-----w- C:\Users\Hala\AppData\Local\{A09F7368-65F2-4465-8189-EF9A61C90C1F}2012-10-22 04:52:10 -------- d-----w- C:\Program Files (x86)\TelevisionFanatic2012-10-22 04:04:11 -------- d-----w- C:\Program Files (x86)\BringMeSports_1c2012-10-19 04:56:27 -------- d-----w- C:\Program Files (x86)\SwikiIE2012-10-19 04:56:26 -------- d-----w- C:\Program Files (x86)\Swiki2012-10-19 04:53:13 -------- d-----w- C:\Users\Hala\AppData\Local\CRE2012-10-15 02:07:05 -------- d-----w- C:\Users\Hala\AppData\Local\{23F25AE5-DD5F-4FDD-9299-903F5B79D755}.==================== Find3M ====================.2012-11-11 21:46:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-11-11 21:46:27 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-08-21 20:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 15:16:02.60 ===============Attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 9/16/2012 5:49:44 PMSystem Uptime: 11/11/2012 3:09:16 PM (0 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i3-2370M CPU @ 2.40GHz | N/A | 792/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 279 GiB total, 214.622 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP16: 10/11/2012 6:58:54 PM - Installed WeatherBugRP17: 10/16/2012 5:16:55 PM - Windows UpdateRP18: 10/21/2012 3:00:21 AM - Windows UpdateRP19: 10/26/2012 7:19:57 AM - Windows UpdateRP20: 10/30/2012 6:50:50 AM - Windows UpdateRP21: 11/2/2012 7:43:10 AM - Windows UpdateRP22: 11/6/2012 4:23:46 PM - Installed Cisco NAC Agent .RP23: 11/6/2012 4:34:02 PM - Windows UpdateRP24: 11/8/2012 9:58:27 AM - Installed Cisco NAC Agent ..==== Installed Programs ======================.ACID Music Studio 8.0Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XIAdobe Shockwave Player 11.6AOL ToolbarApple Application SupportApple Mobile Device SupportApple Software UpdateApplication Manager for VAIOArcSoft Magic-i Visual Effects 2ArcSoft WebCam Companion 4Atheros Bluetooth Suite (64)Babylon toolbarBing BarBonjourCisco NAC AgentCyberLink PowerDVDD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDownload Updater (AOL Inc.)DVD Architect Studio 5.0Evernote v. 4.5.2Facebook Video Calling 1.2.0.287FDUx86Google ChromeGoogle Update HelperIntel® Control CenterIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientiTunesJava Auto UpdaterJava 7 Update 1Java 7 Update 1 (64-bit)Junk Mail filter updateKaspersky Internet Security 2012Keyboard_ShortcutsKUx86Malwarebytes Anti-Malware version 1.65.1.1000McAfee Security Scan PlusMedia GalleryMedia GoMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft VC9 runtime librariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 16.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT RedistsMSVCRT_amd64MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)Oasis2ServicePlayMemories HomePlayReady PC Runtime amd64PlayStation®Network DownloaderPlayStation®StorePrice Check by AOLQualcomm Atheros Direct ConnectQualcomm Atheros WiFi Driver InstallationReader for PCRealtek High Definition Audio DriverRealtek PCIE Card ReaderRemote KeyboardRemote Play with PlayStation®3Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Skype™ 5.10Sound Forge Audio Studio 10.0SSLx64SSLx86Swiki version 1.0swMSMSynaptics Pointing Device DriverTrackID with BRAVIATriDef 3D (Sony) 2.0.5Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553092)V3DPx86VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325VAIO - PlayMemories Home Plug-inVAIO - Remote KeyboardVAIO - Remote Keyboard with PlayStation®3VAIO - Remote Play with PlayStation®3VAIO - TrackID™ with BRAVIAVAIO 3D PortalVAIO CareVAIO Control CenterVAIO CPU Fan DiagnosticVAIO Data Restore ToolVAIO Easy ConnectVAIO GateVAIO Gate DefaultVAIO Gesture ControlVAIO Help and SupportVAIO ImprovementVAIO ManualVAIO MessengerVAIO OOBEVAIO Sample ContentsVAIO Satisfaction Survey.VAIO Smart NetworkVAIO Transfer SupportVAIO UpdateVAIO Update Merge Module x64VCCx64VCCx86Vegas Movie Studio HD Platinum 11.0VHDVIx64VIx86VMLx86VPMx64VSNx64VSNx86VSSTx64VSSTx86VU5x64VU5x86VWSTx86WeatherBugWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWordWebWxDFastWxDownload ExpansionwxDownload Fast 0.6.0.==== Event Viewer Messages From Past Week ========.11/8/2012 9:59:55 AM, Error: Service Control Manager [7030] - The Cisco NAC Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.11/7/2012 9:50:43 AM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Hala-VAIO\Hala (96) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.11/7/2012 1:19:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:19:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IPsec Policy Agent service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:18:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:17:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:17:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.11/7/2012 1:17:34 PM, Error: Service Control Manager [7034] - The VSNService service terminated unexpectedly. It has done this 1 time(s).11/7/2012 1:17:28 PM, Error: Service Control Manager [7034] - The VAIO Care Performance Service service terminated unexpectedly. It has done this 1 time(s).11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:17:15 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.11/7/2012 1:17:11 PM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:17:05 PM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:59 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).11/7/2012 1:16:58 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.11/6/2012 11:15:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.11/5/2012 9:27:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.11/5/2012 6:37:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.11/11/2012 12:42:33 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The Cisco NAC Agent service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:16 PM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:16 PM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).11/11/2012 1:45:16 PM, Error: Service Control Manager [7031] - The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.11/11/2012 1:45:10 PM, Error: Service Control Manager [7023] - The Intel® ME Service service terminated with the following error: %%-214746724311/11/2012 1:07:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb766b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-46815-01.11/10/2012 6:51:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.11/10/2012 6:41:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.11/10/2012 3:55:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.11/10/2012 11:13:20 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Hala-VAIO\Hala (111) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits..==== End Of File =========================== Link to post Share on other sites More sharing options...
sexysarah Posted November 11, 2012 Author ID:612092 Share Posted November 11, 2012 aswMBR.txt On my first scan I got the Blue Screen of Death. So I powered back my laptop and tried again and it workedaswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2012-11-11 15:22:04-----------------------------15:22:04.245 OS Version: Windows x64 6.1.7601 Service Pack 115:22:04.245 Number of processors: 4 586 0x2A0715:22:04.261 ComputerName: HALA-VAIO UserName: Hala15:22:07.349 Initialize success15:24:05.481 AVAST engine defs: 1211110015:24:32.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-115:24:32.657 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 315:24:32.657 Device \Driver\iaStor -> MajorFunction fffffa80079d35e815:24:32.657 Disk 0 MBR read successfully15:24:32.672 Disk 0 MBR scan15:24:32.672 Disk 0 Windows 7 default MBR code15:24:32.704 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18940 MB offset 204815:24:32.735 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 3879116815:24:32.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285953 MB offset 3950796815:24:32.782 Disk 0 scanning C:\Windows\system32\drivers15:24:44.825 Service scanning15:25:23.187 Modules scanning15:25:23.203 Disk 0 trace - called modules:15:25:23.718 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80079d35e8]<<15:25:23.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072dd060]15:25:23.733 3 CLASSPNP.SYS[fffff88001dbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004df2050]15:25:23.749 \Driver\iaStor[0xfffffa80071e69d0] -> IRP_MJ_CREATE -> 0xfffffa80079d35e815:25:25.590 AVAST engine scan C:\Windows15:25:28.803 AVAST engine scan C:\Windows\system3215:30:35.536 AVAST engine scan C:\Windows\system32\drivers15:30:50.169 AVAST engine scan C:\Users\Hala15:43:27.595 AVAST engine scan C:\ProgramData15:47:21.536 Scan finished successfully15:47:36.184 Disk 0 MBR has been saved successfully to "C:\Users\Hala\Desktop\MBR.dat"15:47:36.200 The log file has been saved successfully to "C:\Users\Hala\Desktop\aswMBR.txt"TDSSKiller.txt15:49:30.0004 3940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3515:49:30.0441 3940 ============================================================15:49:30.0441 3940 Current date / time: 2012/11/11 15:49:30.044115:49:30.0441 3940 SystemInfo:15:49:30.0441 394015:49:30.0441 3940 OS Version: 6.1.7601 ServicePack: 1.015:49:30.0441 3940 Product type: Workstation15:49:30.0441 3940 ComputerName: HALA-VAIO15:49:30.0441 3940 UserName: Hala15:49:30.0441 3940 Windows directory: C:\Windows15:49:30.0441 3940 System windows directory: C:\Windows15:49:30.0441 3940 Running under WOW6415:49:30.0441 3940 Processor architecture: Intel x6415:49:30.0441 3940 Number of processors: 415:49:30.0441 3940 Page size: 0x100015:49:30.0441 3940 Boot type: Normal boot15:49:30.0441 3940 ============================================================15:49:31.0283 3940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004015:49:31.0299 3940 ============================================================15:49:31.0299 3940 \Device\Harddisk0\DR0:15:49:31.0299 3940 MBR partitions:15:49:31.0299 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24FE800, BlocksNum 0xAF00015:49:31.0299 3940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25AD800, BlocksNum 0x22E80AB015:49:31.0299 3940 ============================================================15:49:31.0377 3940 C: <-> \Device\Harddisk0\DR0\Partition215:49:31.0377 3940 ============================================================15:49:31.0377 3940 Initialize success15:49:31.0377 3940 ============================================================15:49:33.0296 6964 ============================================================15:49:33.0296 6964 Scan started15:49:33.0296 6964 Mode: Manual;15:49:33.0296 6964 ============================================================15:49:35.0683 6964 ================ Scan system memory ========================15:49:35.0683 6964 System memory - ok15:49:35.0683 6964 ================ Scan services =============================15:49:36.0353 6964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys15:49:36.0369 6964 1394ohci - ok15:49:36.0556 6964 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe15:49:36.0556 6964 ACDaemon - ok15:49:36.0603 6964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys15:49:36.0619 6964 ACPI - ok15:49:36.0665 6964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys15:49:36.0665 6964 AcpiPmi - ok15:49:36.0728 6964 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe15:49:36.0728 6964 AdobeARMservice - ok15:49:36.0993 6964 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe15:49:36.0993 6964 AdobeFlashPlayerUpdateSvc - ok15:49:37.0102 6964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys15:49:37.0118 6964 adp94xx - ok15:49:37.0165 6964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys15:49:37.0180 6964 adpahci - ok15:49:37.0180 6964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys15:49:37.0196 6964 adpu320 - ok15:49:37.0258 6964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll15:49:37.0258 6964 AeLookupSvc - ok15:49:37.0305 6964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys15:49:37.0321 6964 AFD - ok15:49:37.0367 6964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys15:49:37.0367 6964 agp440 - ok15:49:37.0414 6964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe15:49:37.0430 6964 ALG - ok15:49:37.0445 6964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys15:49:37.0445 6964 aliide - ok15:49:37.0461 6964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys15:49:37.0461 6964 amdide - ok15:49:37.0477 6964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys15:49:37.0477 6964 AmdK8 - ok15:49:37.0492 6964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys15:49:37.0492 6964 AmdPPM - ok15:49:37.0539 6964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys15:49:37.0539 6964 amdsata - ok15:49:37.0555 6964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys15:49:37.0570 6964 amdsbs - ok15:49:37.0570 6964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys15:49:37.0570 6964 amdxata - ok15:49:37.0601 6964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys15:49:37.0601 6964 AppID - ok15:49:37.0648 6964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll15:49:37.0648 6964 AppIDSvc - ok15:49:37.0711 6964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll15:49:37.0711 6964 Appinfo - ok15:49:37.0820 6964 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe15:49:37.0820 6964 Apple Mobile Device - ok15:49:37.0851 6964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys15:49:37.0851 6964 arc - ok15:49:37.0867 6964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys15:49:37.0882 6964 arcsas - ok15:49:37.0929 6964 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys15:49:37.0929 6964 ArcSoftKsUFilter - ok15:49:38.0147 6964 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe15:49:38.0179 6964 aspnet_state - ok15:49:38.0210 6964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys15:49:38.0210 6964 AsyncMac - ok15:49:38.0241 6964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys15:49:38.0241 6964 atapi - ok15:49:38.0288 6964 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys15:49:38.0288 6964 AthBTPort - ok15:49:38.0382 6964 [ 1FDE0AAAEA06519AAE98CCF24715B765 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe15:49:38.0382 6964 AtherosSvc - ok15:49:38.0491 6964 [ 237EE0B7A65D55E08EB7530F77423480 ] athr C:\Windows\system32\DRIVERS\athrx.sys15:49:38.0631 6964 athr - ok15:49:38.0709 6964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll15:49:38.0740 6964 AudioEndpointBuilder - ok15:49:38.0772 6964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll15:49:38.0787 6964 AudioSrv - ok15:49:38.0865 6964 [ 77D4E46F41422F16142141500E5B9FFB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe15:49:38.0865 6964 AVP - ok15:49:38.0896 6964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll15:49:38.0912 6964 AxInstSV - ok15:49:38.0959 6964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys15:49:38.0974 6964 b06bdrv - ok15:49:39.0052 6964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys15:49:39.0052 6964 b57nd60a - ok15:49:39.0130 6964 [ 216EC30BEAA9AE6818B21C969500D308 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE15:49:39.0130 6964 BBSvc - ok15:49:39.0162 6964 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE15:49:39.0177 6964 BBUpdate - ok15:49:39.0208 6964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll15:49:39.0224 6964 BDESVC - ok15:49:39.0255 6964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys15:49:39.0255 6964 Beep - ok15:49:39.0333 6964 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll15:49:39.0364 6964 BFE - ok15:49:39.0520 6964 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll15:49:39.0567 6964 BITS - ok15:49:39.0614 6964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys15:49:39.0614 6964 blbdrive - ok15:49:39.0692 6964 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe15:49:39.0708 6964 Bonjour Service - ok15:49:39.0723 6964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys15:49:39.0723 6964 bowser - ok15:49:39.0723 6964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys15:49:39.0723 6964 BrFiltLo - ok15:49:39.0770 6964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys15:49:39.0770 6964 BrFiltUp - ok15:49:39.0817 6964 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll15:49:39.0832 6964 Browser - ok15:49:39.0848 6964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys15:49:39.0864 6964 Brserid - ok15:49:39.0864 6964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys15:49:39.0864 6964 BrSerWdm - ok15:49:39.0879 6964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys15:49:39.0895 6964 BrUsbMdm - ok15:49:39.0895 6964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys15:49:39.0895 6964 BrUsbSer - ok15:49:39.0973 6964 [ 9455A8F85BE24514E50AFE90D4C976DB ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys15:49:39.0973 6964 BTATH_A2DP - ok15:49:39.0988 6964 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys15:49:39.0988 6964 btath_avdt - ok15:49:40.0051 6964 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys15:49:40.0051 6964 BTATH_BUS - ok15:49:40.0066 6964 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys15:49:40.0082 6964 BTATH_HCRP - ok15:49:40.0082 6964 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys15:49:40.0082 6964 BTATH_LWFLT - ok15:49:40.0144 6964 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys15:49:40.0160 6964 BTATH_RCP - ok15:49:40.0176 6964 [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP C:\Windows\system32\drivers\btath_vdp.sys15:49:40.0191 6964 BTATH_VDP - ok15:49:40.0254 6964 [ EA92CE309DD24F489FDB149847AE6835 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys15:49:40.0269 6964 BtFilter - ok15:49:40.0300 6964 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys15:49:40.0316 6964 BthEnum - ok15:49:40.0332 6964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys15:49:40.0332 6964 BTHMODEM - ok15:49:40.0363 6964 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys15:49:40.0363 6964 BthPan - ok15:49:40.0441 6964 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys15:49:40.0456 6964 BTHPORT - ok15:49:40.0534 6964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll15:49:40.0534 6964 bthserv - ok15:49:40.0550 6964 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys15:49:40.0566 6964 BTHUSB - ok15:49:40.0612 6964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys15:49:40.0612 6964 cdfs - ok15:49:40.0644 6964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys15:49:40.0644 6964 cdrom - ok15:49:40.0659 6964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll15:49:40.0675 6964 CertPropSvc - ok15:49:40.0675 6964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys15:49:40.0675 6964 circlass - ok15:49:40.0722 6964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys15:49:40.0753 6964 CLFS - ok15:49:40.0893 6964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe15:49:40.0909 6964 clr_optimization_v2.0.50727_32 - ok15:49:40.0987 6964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe15:49:40.0987 6964 clr_optimization_v2.0.50727_64 - ok15:49:41.0112 6964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe15:49:41.0143 6964 clr_optimization_v4.0.30319_32 - ok15:49:41.0190 6964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe15:49:41.0190 6964 clr_optimization_v4.0.30319_64 - ok15:49:41.0221 6964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys15:49:41.0221 6964 CmBatt - ok15:49:41.0236 6964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys15:49:41.0236 6964 cmdide - ok15:49:41.0268 6964 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys15:49:41.0283 6964 CNG - ok15:49:41.0330 6964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys15:49:41.0330 6964 Compbatt - ok15:49:41.0361 6964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys15:49:41.0361 6964 CompositeBus - ok15:49:41.0408 6964 COMSysApp - ok15:49:41.0611 6964 [ 453A8D09DB02EB0DF64709B1603EAA2C ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe15:49:41.0626 6964 cphs - ok15:49:41.0689 6964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys15:49:41.0689 6964 crcdisk - ok15:49:41.0782 6964 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll15:49:41.0798 6964 CryptSvc - ok15:49:41.0907 6964 [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe15:49:41.0907 6964 DCDhcpService - ok15:49:41.0954 6964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll15:49:41.0985 6964 DcomLaunch - ok15:49:42.0126 6964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll15:49:42.0126 6964 defragsvc - ok15:49:42.0157 6964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys15:49:42.0172 6964 DfsC - ok15:49:42.0188 6964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll15:49:42.0204 6964 Dhcp - ok15:49:42.0266 6964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys15:49:42.0282 6964 discache - ok15:49:42.0297 6964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys15:49:42.0297 6964 Disk - ok15:49:42.0328 6964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll15:49:42.0328 6964 Dnscache - ok15:49:42.0360 6964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll15:49:42.0375 6964 dot3svc - ok15:49:42.0375 6964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll15:49:42.0391 6964 DPS - ok15:49:42.0406 6964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys15:49:42.0406 6964 drmkaud - ok15:49:42.0453 6964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys15:49:42.0484 6964 DXGKrnl - ok15:49:42.0500 6964 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys15:49:42.0500 6964 e1yexpress - ok15:49:42.0531 6964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll15:49:42.0531 6964 EapHost - ok15:49:42.0640 6964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys15:49:42.0750 6964 ebdrv - ok15:49:42.0812 6964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe15:49:42.0812 6964 EFS - ok15:49:42.0874 6964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe15:49:42.0906 6964 ehRecvr - ok15:49:42.0921 6964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe15:49:42.0921 6964 ehSched - ok15:49:42.0968 6964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys15:49:42.0984 6964 elxstor - ok15:49:42.0999 6964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys15:49:42.0999 6964 ErrDev - ok15:49:43.0077 6964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll15:49:43.0093 6964 EventSystem - ok15:49:43.0124 6964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys15:49:43.0140 6964 exfat - ok15:49:43.0171 6964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys15:49:43.0171 6964 fastfat - ok15:49:43.0218 6964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe15:49:43.0264 6964 Fax - ok15:49:43.0280 6964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys15:49:43.0280 6964 fdc - ok15:49:43.0311 6964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll15:49:43.0311 6964 fdPHost - ok15:49:43.0327 6964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll15:49:43.0327 6964 FDResPub - ok15:49:43.0358 6964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys15:49:43.0358 6964 FileInfo - ok15:49:43.0374 6964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys15:49:43.0374 6964 Filetrace - ok15:49:43.0374 6964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys15:49:43.0389 6964 flpydisk - ok15:49:43.0405 6964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys15:49:43.0420 6964 FltMgr - ok15:49:43.0498 6964 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll15:49:43.0561 6964 FontCache - ok15:49:43.0608 6964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe15:49:43.0608 6964 FontCache3.0.0.0 - ok15:49:43.0623 6964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys15:49:43.0623 6964 FsDepends - ok15:49:43.0639 6964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys15:49:43.0654 6964 Fs_Rec - ok15:49:43.0686 6964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys15:49:43.0686 6964 fvevol - ok15:49:43.0717 6964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys15:49:43.0717 6964 gagp30kx - ok15:49:43.0748 6964 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys15:49:43.0748 6964 GEARAspiWDM - ok15:49:43.0795 6964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll15:49:43.0842 6964 gpsvc - ok15:49:43.0888 6964 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe15:49:43.0888 6964 gupdate - ok15:49:43.0904 6964 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe15:49:43.0920 6964 gupdatem - ok15:49:43.0920 6964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys15:49:43.0920 6964 hcw85cir - ok15:49:43.0951 6964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys15:49:43.0966 6964 HdAudAddService - ok15:49:43.0998 6964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys15:49:43.0998 6964 HDAudBus - ok15:49:44.0013 6964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys15:49:44.0013 6964 HidBatt - ok15:49:44.0013 6964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys15:49:44.0029 6964 HidBth - ok15:49:44.0029 6964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys15:49:44.0044 6964 HidIr - ok15:49:44.0076 6964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll15:49:44.0076 6964 hidserv - ok15:49:44.0091 6964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys15:49:44.0091 6964 HidUsb - ok15:49:44.0138 6964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll15:49:44.0138 6964 hkmsvc - ok15:49:44.0154 6964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll15:49:44.0154 6964 HomeGroupListener - ok15:49:44.0232 6964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll15:49:44.0247 6964 HomeGroupProvider - ok15:49:44.0247 6964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys15:49:44.0247 6964 HpSAMD - ok15:49:44.0278 6964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys15:49:44.0310 6964 HTTP - ok15:49:44.0325 6964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys15:49:44.0325 6964 hwpolicy - ok15:49:44.0341 6964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys15:49:44.0341 6964 i8042prt - ok15:49:44.0403 6964 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys15:49:44.0403 6964 iaStor - ok15:49:44.0512 6964 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe15:49:44.0512 6964 IAStorDataMgrSvc - ok15:49:44.0559 6964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys15:49:44.0575 6964 iaStorV - ok15:49:44.0701 6964 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe15:49:44.0732 6964 IconMan_R - ok15:49:44.0810 6964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe15:49:44.0825 6964 idsvc - ok15:49:45.0434 6964 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys15:49:45.0842 6964 igfx - ok15:49:45.0998 6964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys15:49:45.0998 6964 iirsp - ok15:49:46.0201 6964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll15:49:46.0217 6964 IKEEXT - ok15:49:46.0560 6964 [ 602788BF364D43E5878AA1B4F85C232B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys15:49:46.0700 6964 IntcAzAudAddService - ok15:49:46.0795 6964 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys15:49:46.0810 6964 IntcDAud - ok15:49:46.0920 6964 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe15:49:46.0935 6964 Intel® Capability Licensing Service Interface - ok15:49:46.0966 6964 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe15:49:46.0966 6964 Intel® ME Service - ok15:49:46.0982 6964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys15:49:46.0998 6964 intelide - ok15:49:47.0013 6964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys15:49:47.0029 6964 intelppm - ok15:49:47.0060 6964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll15:49:47.0076 6964 IPBusEnum - ok15:49:47.0076 6964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys15:49:47.0076 6964 IpFilterDriver - ok15:49:47.0107 6964 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll15:49:47.0122 6964 iphlpsvc - ok15:49:47.0138 6964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys15:49:47.0138 6964 IPMIDRV - ok15:49:47.0154 6964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys15:49:47.0154 6964 IPNAT - ok15:49:47.0247 6964 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe15:49:47.0263 6964 iPod Service - ok15:49:47.0278 6964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys15:49:47.0278 6964 IRENUM - ok15:49:47.0278 6964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys15:49:47.0278 6964 isapnp - ok15:49:47.0310 6964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys15:49:47.0325 6964 iScsiPrt - ok15:49:47.0356 6964 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys15:49:47.0356 6964 iusb3hcs - ok15:49:47.0388 6964 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys15:49:47.0403 6964 iusb3hub - ok15:49:47.0434 6964 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys15:49:47.0466 6964 iusb3xhc - ok15:49:47.0497 6964 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe15:49:47.0497 6964 jhi_service - ok15:49:47.0528 6964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys15:49:47.0528 6964 kbdclass - ok15:49:47.0544 6964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys15:49:47.0544 6964 kbdhid - ok15:49:47.0559 6964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe15:49:47.0559 6964 KeyIso - ok15:49:47.0622 6964 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys15:49:47.0637 6964 KL1 - ok15:49:47.0637 6964 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys15:49:47.0637 6964 kl2 - ok15:49:47.0684 6964 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys15:49:47.0700 6964 KLIF - ok15:49:47.0731 6964 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys15:49:47.0731 6964 KLIM6 - ok15:49:47.0746 6964 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys15:49:47.0746 6964 klmouflt - ok15:49:47.0778 6964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys15:49:47.0778 6964 KSecDD - ok15:49:47.0809 6964 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys15:49:47.0809 6964 KSecPkg - ok15:49:47.0856 6964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys15:49:47.0856 6964 ksthunk - ok15:49:47.0887 6964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll15:49:47.0902 6964 KtmRm - ok15:49:47.0949 6964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll15:49:47.0965 6964 LanmanServer - ok15:49:47.0980 6964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll15:49:47.0996 6964 LanmanWorkstation - ok15:49:48.0012 6964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys15:49:48.0012 6964 lltdio - ok15:49:48.0058 6964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll15:49:48.0074 6964 lltdsvc - ok15:49:48.0105 6964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll15:49:48.0105 6964 lmhosts - ok15:49:48.0152 6964 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe15:49:48.0152 6964 LMS - ok15:49:48.0199 6964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys15:49:48.0214 6964 LSI_FC - ok15:49:48.0214 6964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys15:49:48.0230 6964 LSI_SAS - ok15:49:48.0230 6964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys15:49:48.0230 6964 LSI_SAS2 - ok15:49:48.0246 6964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys15:49:48.0246 6964 LSI_SCSI - ok15:49:48.0261 6964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys15:49:48.0261 6964 luafv - ok15:49:48.0339 6964 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys15:49:48.0355 6964 MBAMProtector - ok15:49:48.0480 6964 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe15:49:48.0495 6964 MBAMScheduler - ok15:49:48.0542 6964 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe15:49:48.0573 6964 MBAMService - ok15:49:48.0760 6964 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe15:49:48.0760 6964 McComponentHostService - ok15:49:48.0807 6964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll15:49:48.0807 6964 Mcx2Svc - ok15:49:48.0838 6964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys15:49:48.0838 6964 megasas - ok15:49:48.0870 6964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys15:49:48.0870 6964 MegaSR - ok15:49:48.0916 6964 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys15:49:48.0916 6964 MEIx64 - ok15:49:48.0979 6964 Microsoft SharePoint Workspace Audit Service - ok15:49:49.0041 6964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll15:49:49.0041 6964 MMCSS - ok15:49:49.0057 6964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys15:49:49.0057 6964 Modem - ok15:49:49.0088 6964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys15:49:49.0088 6964 monitor - ok15:49:49.0104 6964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys15:49:49.0104 6964 mouclass - ok15:49:49.0119 6964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys15:49:49.0119 6964 mouhid - ok15:49:49.0166 6964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys15:49:49.0182 6964 mountmgr - ok15:49:49.0275 6964 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe15:49:49.0291 6964 MozillaMaintenance - ok15:49:49.0306 6964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys15:49:49.0322 6964 mpio - ok15:49:49.0322 6964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys15:49:49.0322 6964 mpsdrv - ok15:49:49.0369 6964 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll15:49:49.0400 6964 MpsSvc - ok15:49:49.0400 6964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys15:49:49.0416 6964 MRxDAV - ok15:49:49.0416 6964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys15:49:49.0431 6964 mrxsmb - ok15:49:49.0431 6964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys15:49:49.0447 6964 mrxsmb10 - ok15:49:49.0462 6964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys15:49:49.0462 6964 mrxsmb20 - ok15:49:49.0478 6964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys15:49:49.0478 6964 msahci - ok15:49:49.0494 6964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys15:49:49.0494 6964 msdsm - ok15:49:49.0509 6964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe15:49:49.0525 6964 MSDTC - ok15:49:49.0540 6964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys15:49:49.0540 6964 Msfs - ok15:49:49.0556 6964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys15:49:49.0556 6964 mshidkmdf - ok15:49:49.0572 6964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys15:49:49.0587 6964 msisadrv - ok15:49:49.0634 6964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll15:49:49.0634 6964 MSiSCSI - ok15:49:49.0650 6964 msiserver - ok15:49:49.0681 6964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys15:49:49.0681 6964 MSKSSRV - ok15:49:49.0696 6964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys15:49:49.0696 6964 MSPCLOCK - ok15:49:49.0712 6964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys15:49:49.0712 6964 MSPQM - ok15:49:49.0743 6964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys15:49:49.0743 6964 MsRPC - ok15:49:49.0774 6964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys15:49:49.0774 6964 mssmbios - ok15:49:49.0790 6964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys15:49:49.0790 6964 MSTEE - ok15:49:49.0790 6964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys15:49:49.0806 6964 MTConfig - ok15:49:49.0806 6964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys15:49:49.0806 6964 Mup - ok15:49:49.0899 6964 [ D49740F2A4D81812AE9E63A77B9DD580 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe15:49:49.0930 6964 NACAgent - ok15:49:49.0977 6964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll15:49:49.0993 6964 napagent - ok15:49:50.0055 6964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys15:49:50.0055 6964 NativeWifiP - ok15:49:50.0118 6964 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys15:49:50.0149 6964 NDIS - ok15:49:50.0149 6964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys15:49:50.0164 6964 NdisCap - ok15:49:50.0180 6964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys15:49:50.0180 6964 NdisTapi - ok15:49:50.0180 6964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys15:49:50.0196 6964 Ndisuio - ok15:49:50.0196 6964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys15:49:50.0211 6964 NdisWan - ok15:49:50.0211 6964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys15:49:50.0227 6964 NDProxy - ok15:49:50.0227 6964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys15:49:50.0227 6964 NetBIOS - ok15:49:50.0242 6964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys15:49:50.0258 6964 NetBT - ok15:49:50.0274 6964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe15:49:50.0274 6964 Netlogon - ok15:49:50.0336 6964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll15:49:50.0336 6964 Netman - ok15:49:50.0430 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe15:49:50.0430 6964 NetMsmqActivator - ok15:49:50.0445 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe15:49:50.0445 6964 NetPipeActivator - ok15:49:50.0461 6964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll15:49:50.0476 6964 netprofm - ok15:49:50.0492 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe15:49:50.0492 6964 NetTcpActivator - ok15:49:50.0508 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe15:49:50.0508 6964 NetTcpPortSharing - ok15:49:50.0570 6964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys15:49:50.0570 6964 nfrd960 - ok15:49:50.0601 6964 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll15:49:50.0617 6964 NlaSvc - ok15:49:50.0632 6964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys15:49:50.0632 6964 Npfs - ok15:49:50.0664 6964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll15:49:50.0664 6964 nsi - ok15:49:50.0679 6964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys15:49:50.0679 6964 nsiproxy - ok15:49:50.0804 6964 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys15:49:50.0866 6964 Ntfs - ok15:49:50.0882 6964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys15:49:50.0898 6964 Null - ok15:49:51.0288 6964 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys15:49:51.0615 6964 nvlddmkm - ok15:49:51.0662 6964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys15:49:51.0662 6964 nvraid - ok15:49:51.0693 6964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys15:49:51.0693 6964 nvstor - ok15:49:51.0724 6964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys15:49:51.0724 6964 nv_agp - ok15:49:51.0787 6964 [ 7C3BE2E60DF8FA35525591884E6DEDD7 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe15:49:51.0787 6964 Oasis2Service - ok15:49:51.0802 6964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys15:49:51.0818 6964 ohci1394 - ok15:49:51.0896 6964 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE15:49:51.0896 6964 ose - ok15:49:52.0146 6964 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE15:49:52.0270 6964 osppsvc - ok15:49:52.0333 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll15:49:52.0333 6964 p2pimsvc - ok15:49:52.0442 6964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll15:49:52.0458 6964 p2psvc - ok15:49:52.0489 6964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys15:49:52.0489 6964 Parport - ok15:49:52.0520 6964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys15:49:52.0520 6964 partmgr - ok15:49:52.0551 6964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll15:49:52.0551 6964 PcaSvc - ok15:49:52.0567 6964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys15:49:52.0567 6964 pci - ok15:49:52.0582 6964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys15:49:52.0582 6964 pciide - ok15:49:52.0598 6964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys15:49:52.0614 6964 pcmcia - ok15:49:52.0614 6964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys15:49:52.0629 6964 pcw - ok15:49:52.0660 6964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys15:49:52.0676 6964 PEAUTH - ok15:49:52.0801 6964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe15:49:52.0801 6964 PerfHost - ok15:49:52.0894 6964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll15:49:52.0957 6964 pla - ok15:49:53.0004 6964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll15:49:53.0019 6964 PlugPlay - ok15:49:53.0113 6964 [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe15:49:53.0128 6964 PMBDeviceInfoProvider - ok15:49:53.0175 6964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll15:49:53.0175 6964 PNRPAutoReg - ok15:49:53.0191 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll15:49:53.0206 6964 PNRPsvc - ok15:49:53.0316 6964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll15:49:53.0316 6964 PolicyAgent - ok15:49:53.0347 6964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll15:49:53.0347 6964 Power - ok15:49:53.0394 6964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys15:49:53.0409 6964 PptpMiniport - ok15:49:53.0425 6964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys15:49:53.0425 6964 Processor - ok15:49:53.0456 6964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll15:49:53.0472 6964 ProfSvc - ok15:49:53.0487 6964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe15:49:53.0487 6964 ProtectedStorage - ok15:49:53.0518 6964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys15:49:53.0518 6964 Psched - ok15:49:53.0581 6964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys15:49:53.0628 6964 ql2300 - ok15:49:53.0628 6964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys15:49:53.0643 6964 ql40xx - ok15:49:53.0674 6964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll15:49:53.0690 6964 QWAVE - ok15:49:53.0690 6964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys15:49:53.0706 6964 QWAVEdrv - ok15:49:53.0706 6964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys15:49:53.0706 6964 RasAcd - ok15:49:53.0752 6964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys15:49:53.0752 6964 RasAgileVpn - ok15:49:53.0768 6964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll15:49:53.0784 6964 RasAuto - ok15:49:53.0799 6964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys15:49:53.0799 6964 Rasl2tp - ok15:49:53.0830 6964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll15:49:53.0846 6964 RasMan - ok15:49:53.0846 6964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys15:49:53.0862 6964 RasPppoe - ok15:49:53.0862 6964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys15:49:53.0877 6964 RasSstp - ok15:49:53.0893 6964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys15:49:53.0893 6964 rdbss - ok15:49:53.0908 6964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys15:49:53.0908 6964 rdpbus - ok15:49:53.0940 6964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys15:49:53.0940 6964 RDPCDD - ok15:49:53.0955 6964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys15:49:53.0955 6964 RDPENCDD - ok15:49:53.0971 6964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys15:49:53.0971 6964 RDPREFMP - ok15:49:54.0018 6964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys15:49:54.0018 6964 RDPWD - ok15:49:54.0049 6964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys15:49:54.0049 6964 rdyboost - ok15:49:54.0080 6964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll15:49:54.0080 6964 RemoteAccess - ok15:49:54.0111 6964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll15:49:54.0127 6964 RemoteRegistry - ok15:49:54.0158 6964 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys15:49:54.0174 6964 RFCOMM - ok15:49:54.0205 6964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll15:49:54.0205 6964 RpcEptMapper - ok15:49:54.0236 6964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe15:49:54.0236 6964 RpcLocator - ok15:49:54.0267 6964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll15:49:54.0267 6964 RpcSs - ok15:49:54.0330 6964 [ 9BD6DEBC9862FBE0C0467F0633B34962 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys15:49:54.0330 6964 RSPCIESTOR - ok15:49:54.0408 6964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys15:49:54.0408 6964 rspndr - ok15:49:54.0454 6964 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys15:49:54.0470 6964 RTL8167 - ok15:49:54.0501 6964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe15:49:54.0501 6964 SamSs - ok15:49:54.0517 6964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys15:49:54.0517 6964 sbp2port - ok15:49:54.0564 6964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll15:49:54.0564 6964 SCardSvr - ok15:49:54.0595 6964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys15:49:54.0595 6964 scfilter - ok15:49:54.0642 6964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll15:49:54.0688 6964 Schedule - ok15:49:54.0751 6964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll15:49:54.0751 6964 SCPolicySvc - ok15:49:54.0813 6964 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys15:49:54.0830 6964 sdbus - ok15:49:54.0830 6964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll15:49:54.0845 6964 SDRSVC - ok15:49:54.0892 6964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys15:49:54.0892 6964 secdrv - ok15:49:54.0908 6964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll15:49:54.0908 6964 seclogon - ok15:49:54.0923 6964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll15:49:54.0939 6964 SENS - ok15:49:54.0955 6964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll15:49:54.0955 6964 SensrSvc - ok15:49:54.0970 6964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys15:49:54.0970 6964 Serenum - ok15:49:55.0001 6964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys15:49:55.0001 6964 Serial - ok15:49:55.0001 6964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys15:49:55.0017 6964 sermouse - ok15:49:55.0048 6964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll15:49:55.0064 6964 SessionEnv - ok15:49:55.0095 6964 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys15:49:55.0095 6964 SFEP - ok15:49:55.0126 6964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys15:49:55.0126 6964 sffdisk - ok15:49:55.0126 6964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys15:49:55.0142 6964 sffp_mmc - ok15:49:55.0142 6964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys15:49:55.0142 6964 sffp_sd - ok15:49:55.0157 6964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys15:49:55.0157 6964 sfloppy - ok15:49:55.0204 6964 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll15:49:55.0204 6964 SharedAccess - ok15:49:55.0235 6964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll15:49:55.0251 6964 ShellHWDetection - ok15:49:55.0267 6964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys15:49:55.0282 6964 SiSRaid2 - ok15:49:55.0282 6964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys15:49:55.0313 6964 SiSRaid4 - ok15:49:55.0360 6964 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe15:49:55.0360 6964 SkypeUpdate - ok15:49:55.0376 6964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys15:49:55.0376 6964 Smb - ok15:49:55.0423 6964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe15:49:55.0423 6964 SNMPTRAP - ok15:49:55.0516 6964 [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe15:49:55.0532 6964 SOHCImp - ok15:49:55.0532 6964 [ 16FD95781117E13107D477AE36219E6F ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe15:49:55.0563 6964 SOHDs - ok15:49:55.0594 6964 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe15:49:55.0594 6964 Sony SCSI Helper Service - ok15:49:55.0657 6964 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe15:49:55.0657 6964 SpfService - ok15:49:55.0688 6964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys15:49:55.0688 6964 spldr - ok15:49:55.0735 6964 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe15:49:55.0750 6964 Spooler - ok15:49:55.0875 6964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe15:49:56.0000 6964 sppsvc - ok15:49:56.0000 6964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll15:49:56.0015 6964 sppuinotify - ok15:49:56.0031 6964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys15:49:56.0031 6964 srv - ok15:49:56.0078 6964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys15:49:56.0078 6964 srv2 - ok15:49:56.0093 6964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys15:49:56.0093 6964 srvnet - ok15:49:56.0125 6964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll15:49:56.0140 6964 SSDPSRV - ok15:49:56.0140 6964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll15:49:56.0156 6964 SstpSvc - ok15:49:56.0156 6964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys15:49:56.0171 6964 stexstor - ok15:49:56.0187 6964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll15:49:56.0234 6964 stisvc - ok15:49:56.0234 6964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys15:49:56.0234 6964 swenum - ok15:49:56.0265 6964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll15:49:56.0296 6964 swprv - ok15:49:56.0327 6964 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys15:49:56.0343 6964 SynTP - ok15:49:56.0483 6964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll15:49:56.0530 6964 SysMain - ok15:49:56.0546 6964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll15:49:56.0561 6964 TabletInputService - ok15:49:56.0577 6964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll15:49:56.0577 6964 TapiSrv - ok15:49:56.0593 6964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll15:49:56.0608 6964 TBS - ok15:49:56.0780 6964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys15:49:56.0873 6964 Tcpip - ok15:49:56.0951 6964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys15:49:56.0967 6964 TCPIP6 - ok15:49:57.0107 6964 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys15:49:57.0107 6964 tcpipreg - ok15:49:57.0123 6964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys15:49:57.0123 6964 TDPIPE - ok15:49:57.0154 6964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys15:49:57.0154 6964 TDTCP - ok15:49:57.0185 6964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys15:49:57.0201 6964 tdx - ok15:49:57.0201 6964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys15:49:57.0201 6964 TermDD - ok15:49:57.0248 6964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll15:49:57.0279 6964 TermService - ok15:49:57.0310 6964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll15:49:57.0310 6964 Themes - ok15:49:57.0341 6964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll15:49:57.0357 6964 THREADORDER - ok15:49:57.0373 6964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll15:49:57.0373 6964 TrkWks - ok15:49:57.0466 6964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe15:49:57.0466 6964 TrustedInstaller - ok15:49:57.0497 6964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys15:49:57.0497 6964 tssecsrv - ok15:49:57.0529 6964 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys15:49:57.0529 6964 TsUsbFlt - ok15:49:57.0544 6964 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys15:49:57.0544 6964 TsUsbGD - ok15:49:57.0560 6964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys15:49:57.0560 6964 tunnel - ok15:49:57.0575 6964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys15:49:57.0575 6964 uagp35 - ok15:49:57.0638 6964 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe15:49:57.0653 6964 uCamMonitor - ok15:49:57.0669 6964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys15:49:57.0669 6964 udfs - ok15:49:57.0716 6964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe15:49:57.0716 6964 UI0Detect - ok15:49:57.0731 6964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys15:49:57.0731 6964 uliagpkx - ok15:49:57.0747 6964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys15:49:57.0763 6964 umbus - ok15:49:57.0778 6964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys15:49:57.0778 6964 UmPass - ok15:49:57.0856 6964 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe15:49:57.0856 6964 UNS - ok15:49:57.0887 6964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll15:49:57.0887 6964 upnphost - ok15:49:57.0934 6964 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys15:49:57.0950 6964 USBAAPL64 - ok15:49:57.0950 6964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys15:49:57.0965 6964 usbccgp - ok15:49:57.0965 6964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys15:49:57.0981 6964 usbcir - ok15:49:57.0981 6964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys15:49:57.0981 6964 usbehci - ok15:49:58.0028 6964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys15:49:58.0043 6964 usbhub - ok15:49:58.0043 6964 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys15:49:58.0043 6964 usbohci - ok15:49:58.0059 6964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys15:49:58.0059 6964 usbprint - ok15:49:58.0106 6964 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys15:49:58.0106 6964 usbscan - ok15:49:58.0137 6964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS15:49:58.0137 6964 USBSTOR - ok15:49:58.0153 6964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys15:49:58.0153 6964 usbuhci - ok15:49:58.0184 6964 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys15:49:58.0199 6964 usbvideo - ok15:49:58.0215 6964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll15:49:58.0231 6964 UxSms - ok15:49:58.0293 6964 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe15:49:58.0293 6964 VAIO Event Service - ok15:49:58.0402 6964 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe15:49:58.0418 6964 VAIO Power Management - ok15:49:58.0449 6964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe15:49:58.0449 6964 VaultSvc - ok15:49:58.0543 6964 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe15:49:58.0574 6964 VCFw - ok15:49:58.0605 6964 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe15:49:58.0621 6964 VcmIAlzMgr - ok15:49:58.0714 6964 [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe15:49:58.0714 6964 VcmINSMgr - ok15:49:58.0745 6964 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe15:49:58.0761 6964 VcmXmlIfHelper - ok15:49:58.0808 6964 [ D076011ECD0D1310E879F32EBF3B4886 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe15:49:58.0808 6964 VCService - ok15:49:58.0855 6964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys15:49:58.0855 6964 vdrvroot - ok15:49:58.0901 6964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe15:49:58.0933 6964 vds - ok15:49:58.0933 6964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys15:49:58.0948 6964 vga - ok15:49:58.0948 6964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys15:49:58.0948 6964 VgaSave - ok15:49:58.0964 6964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys15:49:58.0964 6964 vhdmp - ok15:49:59.0011 6964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys15:49:59.0011 6964 viaide - ok15:49:59.0026 6964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys15:49:59.0026 6964 volmgr - ok15:49:59.0042 6964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys15:49:59.0057 6964 volmgrx - ok15:49:59.0073 6964 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys15:49:59.0089 6964 volsnap - ok15:49:59.0104 6964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys15:49:59.0104 6964 vsmraid - ok15:49:59.0167 6964 [ 596E65BDEE804CC6658A39756CC61849 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe15:49:59.0182 6964 VSNService - ok15:49:59.0260 6964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe15:49:59.0323 6964 VSS - ok15:49:59.0385 6964 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe15:49:59.0401 6964 VUAgent - ok15:49:59.0432 6964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys15:49:59.0432 6964 vwifibus - ok15:49:59.0463 6964 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys15:49:59.0463 6964 vwififlt - ok15:49:59.0479 6964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll15:49:59.0494 6964 W32Time - ok15:49:59.0510 6964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys15:49:59.0510 6964 WacomPen - ok15:49:59.0525 6964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys15:49:59.0525 6964 WANARP - ok15:49:59.0541 6964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys15:49:59.0541 6964 Wanarpv6 - ok15:49:59.0666 6964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe15:49:59.0697 6964 WatAdminSvc - ok15:49:59.0775 6964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe15:49:59.0837 6964 wbengine - ok15:49:59.0837 6964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll15:49:59.0853 6964 WbioSrvc - ok15:49:59.0869 6964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll15:49:59.0884 6964 wcncsvc - ok15:49:59.0900 6964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll15:49:59.0900 6964 WcsPlugInService - ok15:49:59.0962 6964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys15:49:59.0962 6964 Wd - ok15:49:59.0993 6964 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys15:50:00.0009 6964 Wdf01000 - ok15:50:00.0025 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll15:50:00.0025 6964 WdiServiceHost - ok15:50:00.0040 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll15:50:00.0040 6964 WdiSystemHost - ok15:50:00.0071 6964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll15:50:00.0071 6964 WebClient - ok15:50:00.0118 6964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll15:50:00.0118 6964 Wecsvc - ok15:50:00.0149 6964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll15:50:00.0165 6964 wercplsupport - ok15:50:00.0181 6964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll15:50:00.0196 6964 WerSvc - ok15:50:00.0227 6964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys15:50:00.0227 6964 WfpLwf - ok15:50:00.0259 6964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys15:50:00.0259 6964 WIMMount - ok15:50:00.0274 6964 WinDefend - ok15:50:00.0290 6964 WinHttpAutoProxySvc - ok15:50:00.0352 6964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll15:50:00.0368 6964 Winmgmt - ok15:50:00.0446 6964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll15:50:00.0508 6964 WinRM - ok15:50:00.0571 6964 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys15:50:00.0571 6964 WinUsb - ok15:50:00.0617 6964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll15:50:00.0649 6964 Wlansvc - ok15:50:00.0727 6964 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe15:50:00.0727 6964 wlcrasvc - ok15:50:00.0820 6964 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE15:50:00.0915 6964 wlidsvc - ok15:50:00.0930 6964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys15:50:00.0930 6964 WmiAcpi - ok15:50:00.0993 6964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe15:50:01.0008 6964 wmiApSrv - ok15:50:01.0024 6964 WMPNetworkSvc - ok15:50:01.0055 6964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll15:50:01.0055 6964 WPCSvc - ok15:50:01.0071 6964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll15:50:01.0086 6964 WPDBusEnum - ok15:50:01.0118 6964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys15:50:01.0118 6964 ws2ifsl - ok15:50:01.0133 6964 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll15:50:01.0133 6964 wscsvc - ok15:50:01.0149 6964 WSearch - ok15:50:01.0258 6964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll15:50:01.0367 6964 wuauserv - ok15:50:01.0367 6964 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys15:50:01.0367 6964 WudfPf - ok15:50:01.0430 6964 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys15:50:01.0430 6964 WUDFRd - ok15:50:01.0461 6964 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll15:50:01.0461 6964 wudfsvc - ok15:50:01.0492 6964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll15:50:01.0492 6964 WwanSvc - ok15:50:01.0570 6964 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe15:50:01.0570 6964 ZAtheros Bt&Wlan Coex Agent - ok15:50:01.0601 6964 ================ Scan global ===============================15:50:01.0632 6964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll15:50:01.0726 6964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll15:50:01.0742 6964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll15:50:01.0773 6964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll15:50:01.0820 6964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe15:50:01.0820 6964 [Global] - ok15:50:01.0820 6964 ================ Scan MBR ==================================15:50:01.0851 6964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR015:50:01.0851 6964 Suspicious mbr (Forged): \Device\Harddisk0\DR015:50:01.0929 6964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected15:50:01.0929 6964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)15:50:01.0929 6964 ================ Scan VBR ==================================15:50:01.0944 6964 [ 7FA58C318AF30B74C90B460DFE98E0A4 ] \Device\Harddisk0\DR0\Partition115:50:01.0944 6964 \Device\Harddisk0\DR0\Partition1 - ok15:50:01.0960 6964 [ 1C65518377E3876FB1F6C0788798515C ] \Device\Harddisk0\DR0\Partition215:50:01.0976 6964 \Device\Harddisk0\DR0\Partition2 - ok15:50:01.0976 6964 ============================================================15:50:01.0976 6964 Scan finished15:50:01.0976 6964 ============================================================15:50:01.0991 6336 Detected object count: 115:50:01.0991 6336 Actual detected object count: 115:50:32.0131 6336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user15:50:32.0131 6336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip15:50:46.0595 4904 Deinitialize successagain Thank You Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612106 Share Posted November 11, 2012 Hi,Go ahead and run TDSSKiller again. When you see this >> \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) select Cure. Post the new TDSSKiller log. Link to post Share on other sites More sharing options...
sexysarah Posted November 11, 2012 Author ID:612123 Share Posted November 11, 2012 hi sorry for the late replyhere is the new log16:38:21.0430 5580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3516:38:23.0420 5580 ============================================================16:38:23.0420 5580 Current date / time: 2012/11/11 16:38:23.042016:38:23.0420 5580 SystemInfo:16:38:23.0420 5580 16:38:23.0420 5580 OS Version: 6.1.7601 ServicePack: 1.016:38:23.0420 5580 Product type: Workstation16:38:23.0420 5580 ComputerName: HALA-VAIO16:38:23.0420 5580 UserName: Hala16:38:23.0420 5580 Windows directory: C:\Windows16:38:23.0420 5580 System windows directory: C:\Windows16:38:23.0420 5580 Running under WOW6416:38:23.0420 5580 Processor architecture: Intel x6416:38:23.0420 5580 Number of processors: 416:38:23.0420 5580 Page size: 0x100016:38:23.0420 5580 Boot type: Normal boot16:38:23.0420 5580 ============================================================16:38:24.0051 5580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004016:38:24.0061 5580 ============================================================16:38:24.0061 5580 \Device\Harddisk0\DR0:16:38:24.0061 5580 MBR partitions:16:38:24.0061 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24FE800, BlocksNum 0xAF00016:38:24.0061 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25AD800, BlocksNum 0x22E80AB016:38:24.0061 5580 ============================================================16:38:24.0131 5580 C: <-> \Device\Harddisk0\DR0\Partition216:38:24.0131 5580 ============================================================16:38:24.0131 5580 Initialize success16:38:24.0131 5580 ============================================================16:38:30.0272 3048 ============================================================16:38:30.0272 3048 Scan started16:38:30.0272 3048 Mode: Manual;16:38:30.0272 3048 ============================================================16:38:30.0832 3048 ================ Scan system memory ========================16:38:30.0832 3048 System memory - ok16:38:30.0832 3048 ================ Scan services =============================16:38:31.0112 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys16:38:31.0112 3048 1394ohci - ok16:38:31.0622 3048 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe16:38:31.0632 3048 ACDaemon - ok16:38:31.0792 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys16:38:31.0802 3048 ACPI - ok16:38:31.0902 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys16:38:31.0902 3048 AcpiPmi - ok16:38:32.0202 3048 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe16:38:32.0212 3048 AdobeARMservice - ok16:38:32.0532 3048 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe16:38:32.0532 3048 AdobeFlashPlayerUpdateSvc - ok16:38:32.0602 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys16:38:32.0622 3048 adp94xx - ok16:38:32.0652 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys16:38:32.0662 3048 adpahci - ok16:38:32.0672 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys16:38:32.0672 3048 adpu320 - ok16:38:32.0712 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll16:38:32.0712 3048 AeLookupSvc - ok16:38:32.0762 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys16:38:32.0772 3048 AFD - ok16:38:32.0802 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys16:38:32.0812 3048 agp440 - ok16:38:32.0822 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe16:38:32.0822 3048 ALG - ok16:38:32.0832 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys16:38:32.0832 3048 aliide - ok16:38:32.0842 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys16:38:32.0852 3048 amdide - ok16:38:32.0862 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys16:38:32.0862 3048 AmdK8 - ok16:38:32.0872 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys16:38:32.0872 3048 AmdPPM - ok16:38:32.0902 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys16:38:32.0912 3048 amdsata - ok16:38:32.0932 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys16:38:32.0942 3048 amdsbs - ok16:38:32.0942 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys16:38:32.0952 3048 amdxata - ok16:38:32.0982 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys16:38:32.0982 3048 AppID - ok16:38:33.0052 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll16:38:33.0052 3048 AppIDSvc - ok16:38:33.0062 3048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll16:38:33.0072 3048 Appinfo - ok16:38:33.0143 3048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe16:38:33.0153 3048 Apple Mobile Device - ok16:38:33.0173 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys16:38:33.0183 3048 arc - ok16:38:33.0203 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys16:38:33.0203 3048 arcsas - ok16:38:33.0243 3048 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys16:38:33.0243 3048 ArcSoftKsUFilter - ok16:38:33.0393 3048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe16:38:33.0393 3048 aspnet_state - ok16:38:33.0433 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys16:38:33.0433 3048 AsyncMac - ok16:38:33.0463 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys16:38:33.0473 3048 atapi - ok16:38:33.0513 3048 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys16:38:33.0513 3048 AthBTPort - ok16:38:33.0583 3048 [ 1FDE0AAAEA06519AAE98CCF24715B765 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe16:38:33.0593 3048 AtherosSvc - ok16:38:33.0703 3048 [ 237EE0B7A65D55E08EB7530F77423480 ] athr C:\Windows\system32\DRIVERS\athrx.sys16:38:33.0813 3048 athr - ok16:38:33.0893 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll16:38:33.0933 3048 AudioEndpointBuilder - ok16:38:33.0953 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll16:38:33.0963 3048 AudioSrv - ok16:38:34.0043 3048 [ 77D4E46F41422F16142141500E5B9FFB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe16:38:34.0053 3048 AVP - ok16:38:34.0073 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll16:38:34.0083 3048 AxInstSV - ok16:38:34.0143 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys16:38:34.0153 3048 b06bdrv - ok16:38:34.0223 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys16:38:34.0223 3048 b57nd60a - ok16:38:34.0353 3048 [ 216EC30BEAA9AE6818B21C969500D308 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE16:38:34.0353 3048 BBSvc - ok16:38:34.0393 3048 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE16:38:34.0403 3048 BBUpdate - ok16:38:34.0443 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll16:38:34.0443 3048 BDESVC - ok16:38:34.0483 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys16:38:34.0493 3048 Beep - ok16:38:34.0533 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll16:38:34.0563 3048 BFE - ok16:38:34.0623 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll16:38:34.0653 3048 BITS - ok16:38:34.0693 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys16:38:34.0693 3048 blbdrive - ok16:38:34.0773 3048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe16:38:34.0783 3048 Bonjour Service - ok16:38:34.0803 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys16:38:34.0813 3048 bowser - ok16:38:34.0813 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys16:38:34.0823 3048 BrFiltLo - ok16:38:34.0873 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys16:38:34.0873 3048 BrFiltUp - ok16:38:34.0913 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll16:38:34.0923 3048 Browser - ok16:38:34.0943 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys16:38:34.0953 3048 Brserid - ok16:38:34.0963 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys16:38:34.0963 3048 BrSerWdm - ok16:38:34.0973 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys16:38:34.0973 3048 BrUsbMdm - ok16:38:34.0983 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys16:38:34.0983 3048 BrUsbSer - ok16:38:35.0063 3048 [ 9455A8F85BE24514E50AFE90D4C976DB ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys16:38:35.0073 3048 BTATH_A2DP - ok16:38:35.0083 3048 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys16:38:35.0083 3048 btath_avdt - ok16:38:35.0163 3048 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys16:38:35.0163 3048 BTATH_BUS - ok16:38:35.0173 3048 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys16:38:35.0183 3048 BTATH_HCRP - ok16:38:35.0193 3048 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys16:38:35.0193 3048 BTATH_LWFLT - ok16:38:35.0243 3048 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys16:38:35.0253 3048 BTATH_RCP - ok16:38:35.0293 3048 [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP C:\Windows\system32\drivers\btath_vdp.sys16:38:35.0303 3048 BTATH_VDP - ok16:38:35.0353 3048 [ EA92CE309DD24F489FDB149847AE6835 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys16:38:35.0363 3048 BtFilter - ok16:38:35.0413 3048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys16:38:35.0413 3048 BthEnum - ok16:38:35.0443 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys16:38:35.0443 3048 BTHMODEM - ok16:38:35.0483 3048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys16:38:35.0483 3048 BthPan - ok16:38:35.0523 3048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys16:38:35.0543 3048 BTHPORT - ok16:38:35.0613 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll16:38:35.0623 3048 bthserv - ok16:38:35.0643 3048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys16:38:35.0643 3048 BTHUSB - ok16:38:35.0683 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys16:38:35.0683 3048 cdfs - ok16:38:35.0713 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys16:38:35.0713 3048 cdrom - ok16:38:35.0753 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll16:38:35.0753 3048 CertPropSvc - ok16:38:35.0773 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys16:38:35.0773 3048 circlass - ok16:38:35.0813 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys16:38:35.0823 3048 CLFS - ok16:38:35.0943 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe16:38:35.0943 3048 clr_optimization_v2.0.50727_32 - ok16:38:36.0003 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe16:38:36.0003 3048 clr_optimization_v2.0.50727_64 - ok16:38:36.0073 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe16:38:36.0073 3048 clr_optimization_v4.0.30319_32 - ok16:38:36.0093 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe16:38:36.0093 3048 clr_optimization_v4.0.30319_64 - ok16:38:36.0133 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys16:38:36.0133 3048 CmBatt - ok16:38:36.0143 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys16:38:36.0143 3048 cmdide - ok16:38:36.0213 3048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys16:38:36.0223 3048 CNG - ok16:38:36.0273 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys16:38:36.0273 3048 Compbatt - ok16:38:36.0293 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys16:38:36.0293 3048 CompositeBus - ok16:38:36.0333 3048 COMSysApp - ok16:38:36.0473 3048 [ 453A8D09DB02EB0DF64709B1603EAA2C ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe16:38:36.0473 3048 cphs - ok16:38:36.0493 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys16:38:36.0493 3048 crcdisk - ok16:38:36.0563 3048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll16:38:36.0563 3048 CryptSvc - ok16:38:36.0683 3048 [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe16:38:36.0683 3048 DCDhcpService - ok16:38:36.0733 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll16:38:36.0753 3048 DcomLaunch - ok16:38:36.0793 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll16:38:36.0803 3048 defragsvc - ok16:38:36.0833 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys16:38:36.0843 3048 DfsC - ok16:38:36.0863 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll16:38:36.0873 3048 Dhcp - ok16:38:36.0883 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys16:38:36.0883 3048 discache - ok16:38:36.0913 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys16:38:36.0913 3048 Disk - ok16:38:36.0933 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll16:38:36.0943 3048 Dnscache - ok16:38:36.0963 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll16:38:36.0973 3048 dot3svc - ok16:38:36.0983 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll16:38:36.0993 3048 DPS - ok16:38:37.0013 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys16:38:37.0023 3048 drmkaud - ok16:38:37.0063 3048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys16:38:37.0103 3048 DXGKrnl - ok16:38:37.0123 3048 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys16:38:37.0133 3048 e1yexpress - ok16:38:37.0143 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll16:38:37.0153 3048 EapHost - ok16:38:37.0253 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys16:38:37.0353 3048 ebdrv - ok16:38:37.0373 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe16:38:37.0373 3048 EFS - ok16:38:37.0473 3048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe16:38:37.0493 3048 ehRecvr - ok16:38:37.0523 3048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe16:38:37.0533 3048 ehSched - ok16:38:37.0573 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys16:38:37.0583 3048 elxstor - ok16:38:37.0613 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys16:38:37.0613 3048 ErrDev - ok16:38:37.0683 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll16:38:37.0693 3048 EventSystem - ok16:38:37.0733 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys16:38:37.0743 3048 exfat - ok16:38:37.0773 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys16:38:37.0773 3048 fastfat - ok16:38:37.0833 3048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe16:38:37.0863 3048 Fax - ok16:38:37.0893 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys16:38:37.0893 3048 fdc - ok16:38:37.0913 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll16:38:37.0913 3048 fdPHost - ok16:38:37.0923 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll16:38:37.0933 3048 FDResPub - ok16:38:37.0953 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys16:38:37.0953 3048 FileInfo - ok16:38:37.0963 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys16:38:37.0963 3048 Filetrace - ok16:38:37.0983 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys16:38:37.0983 3048 flpydisk - ok16:38:38.0033 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys16:38:38.0043 3048 FltMgr - ok16:38:38.0123 3048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll16:38:38.0173 3048 FontCache - ok16:38:38.0223 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe16:38:38.0223 3048 FontCache3.0.0.0 - ok16:38:38.0233 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys16:38:38.0243 3048 FsDepends - ok16:38:38.0273 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys16:38:38.0273 3048 Fs_Rec - ok16:38:38.0313 3048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys16:38:38.0313 3048 fvevol - ok16:38:38.0333 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys16:38:38.0343 3048 gagp30kx - ok16:38:38.0383 3048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:38:38.0383 3048 GEARAspiWDM - ok16:38:38.0443 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll16:38:38.0473 3048 gpsvc - ok16:38:38.0533 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe16:38:38.0543 3048 gupdate - ok16:38:38.0563 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe16:38:38.0573 3048 gupdatem - ok16:38:38.0583 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys16:38:38.0583 3048 hcw85cir - ok16:38:38.0623 3048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys16:38:38.0623 3048 HdAudAddService - ok16:38:38.0653 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys16:38:38.0663 3048 HDAudBus - ok16:38:38.0673 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys16:38:38.0673 3048 HidBatt - ok16:38:38.0683 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys16:38:38.0683 3048 HidBth - ok16:38:38.0703 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys16:38:38.0703 3048 HidIr - ok16:38:38.0733 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll16:38:38.0733 3048 hidserv - ok16:38:38.0743 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys16:38:38.0753 3048 HidUsb - ok16:38:38.0783 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll16:38:38.0793 3048 hkmsvc - ok16:38:38.0813 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll16:38:38.0823 3048 HomeGroupListener - ok16:38:38.0863 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll16:38:38.0873 3048 HomeGroupProvider - ok16:38:38.0893 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys16:38:38.0893 3048 HpSAMD - ok16:38:38.0933 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys16:38:38.0953 3048 HTTP - ok16:38:38.0973 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys16:38:38.0973 3048 hwpolicy - ok16:38:39.0003 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys16:38:39.0003 3048 i8042prt - ok16:38:39.0063 3048 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys16:38:39.0073 3048 iaStor - ok16:38:39.0204 3048 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe16:38:39.0204 3048 IAStorDataMgrSvc - ok16:38:39.0254 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys16:38:39.0274 3048 iaStorV - ok16:38:39.0474 3048 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe16:38:39.0534 3048 IconMan_R - ok16:38:39.0624 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe16:38:39.0664 3048 idsvc - ok16:38:40.0174 3048 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys16:38:40.0614 3048 igfx - ok16:38:40.0664 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys16:38:40.0664 3048 iirsp - ok16:38:40.0714 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll16:38:40.0754 3048 IKEEXT - ok16:38:40.0944 3048 [ 602788BF364D43E5878AA1B4F85C232B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys16:38:41.0074 3048 IntcAzAudAddService - ok16:38:41.0134 3048 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys16:38:41.0144 3048 IntcDAud - ok16:38:41.0204 3048 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe16:38:41.0224 3048 Intel® Capability Licensing Service Interface - ok16:38:41.0284 3048 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe16:38:41.0284 3048 Intel® ME Service - ok16:38:41.0324 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys16:38:41.0334 3048 intelide - ok16:38:41.0374 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys16:38:41.0374 3048 intelppm - ok16:38:41.0404 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll16:38:41.0404 3048 IPBusEnum - ok16:38:41.0414 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys16:38:41.0424 3048 IpFilterDriver - ok16:38:41.0464 3048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll16:38:41.0484 3048 iphlpsvc - ok16:38:41.0494 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys16:38:41.0494 3048 IPMIDRV - ok16:38:41.0504 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys16:38:41.0504 3048 IPNAT - ok16:38:41.0564 3048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe16:38:41.0594 3048 iPod Service - ok16:38:41.0624 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys16:38:41.0624 3048 IRENUM - ok16:38:41.0634 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys16:38:41.0634 3048 isapnp - ok16:38:41.0664 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys16:38:41.0674 3048 iScsiPrt - ok16:38:41.0704 3048 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys16:38:41.0704 3048 iusb3hcs - ok16:38:41.0744 3048 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys16:38:41.0754 3048 iusb3hub - ok16:38:41.0794 3048 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys16:38:41.0804 3048 iusb3xhc - ok16:38:41.0844 3048 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe16:38:41.0854 3048 jhi_service - ok16:38:41.0894 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys16:38:41.0894 3048 kbdclass - ok16:38:41.0904 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys16:38:41.0914 3048 kbdhid - ok16:38:41.0934 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe16:38:41.0934 3048 KeyIso - ok16:38:41.0994 3048 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys16:38:42.0004 3048 KL1 - ok16:38:42.0034 3048 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys16:38:42.0034 3048 kl2 - ok16:38:42.0074 3048 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys16:38:42.0094 3048 KLIF - ok16:38:42.0134 3048 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys16:38:42.0134 3048 KLIM6 - ok16:38:42.0154 3048 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys16:38:42.0154 3048 klmouflt - ok16:38:42.0184 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys16:38:42.0184 3048 KSecDD - ok16:38:42.0214 3048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys16:38:42.0214 3048 KSecPkg - ok16:38:42.0264 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys16:38:42.0264 3048 ksthunk - ok16:38:42.0294 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll16:38:42.0314 3048 KtmRm - ok16:38:42.0364 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll16:38:42.0374 3048 LanmanServer - ok16:38:42.0414 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll16:38:42.0424 3048 LanmanWorkstation - ok16:38:42.0454 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys16:38:42.0454 3048 lltdio - ok16:38:42.0504 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll16:38:42.0514 3048 lltdsvc - ok16:38:42.0534 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll16:38:42.0544 3048 lmhosts - ok16:38:42.0644 3048 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe16:38:42.0644 3048 LMS - ok16:38:42.0714 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys16:38:42.0734 3048 LSI_FC - ok16:38:42.0774 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys16:38:42.0774 3048 LSI_SAS - ok16:38:42.0794 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys16:38:42.0794 3048 LSI_SAS2 - ok16:38:42.0814 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys16:38:42.0824 3048 LSI_SCSI - ok16:38:42.0874 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys16:38:42.0884 3048 luafv - ok16:38:43.0115 3048 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys16:38:43.0125 3048 MBAMProtector - ok16:38:43.0525 3048 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe16:38:43.0535 3048 MBAMScheduler - ok16:38:43.0595 3048 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe16:38:43.0615 3048 MBAMService - ok16:38:43.0745 3048 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe16:38:43.0745 3048 McComponentHostService - ok16:38:43.0795 3048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll16:38:43.0805 3048 Mcx2Svc - ok16:38:43.0835 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys16:38:43.0845 3048 megasas - ok16:38:43.0885 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys16:38:43.0885 3048 MegaSR - ok16:38:43.0915 3048 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys16:38:43.0915 3048 MEIx64 - ok16:38:44.0265 3048 Microsoft SharePoint Workspace Audit Service - ok16:38:44.0375 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll16:38:44.0375 3048 MMCSS - ok16:38:44.0455 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys16:38:44.0455 3048 Modem - ok16:38:44.0565 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys16:38:44.0575 3048 monitor - ok16:38:44.0635 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys16:38:44.0645 3048 mouclass - ok16:38:44.0685 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys16:38:44.0685 3048 mouhid - ok16:38:44.0745 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys16:38:44.0745 3048 mountmgr - ok16:38:44.0865 3048 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe16:38:44.0865 3048 MozillaMaintenance - ok16:38:44.0905 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys16:38:44.0905 3048 mpio - ok16:38:44.0915 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys16:38:44.0925 3048 mpsdrv - ok16:38:45.0085 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll16:38:45.0155 3048 MpsSvc - ok16:38:45.0185 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys16:38:45.0185 3048 MRxDAV - ok16:38:45.0195 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys16:38:45.0205 3048 mrxsmb - ok16:38:45.0215 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys16:38:45.0225 3048 mrxsmb10 - ok16:38:45.0235 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys16:38:45.0235 3048 mrxsmb20 - ok16:38:45.0245 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys16:38:45.0255 3048 msahci - ok16:38:45.0265 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys16:38:45.0265 3048 msdsm - ok16:38:45.0305 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe16:38:45.0315 3048 MSDTC - ok16:38:45.0325 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys16:38:45.0335 3048 Msfs - ok16:38:45.0375 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys16:38:45.0375 3048 mshidkmdf - ok16:38:45.0395 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys16:38:45.0395 3048 msisadrv - ok16:38:45.0435 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll16:38:45.0445 3048 MSiSCSI - ok16:38:45.0445 3048 msiserver - ok16:38:45.0475 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys16:38:45.0475 3048 MSKSSRV - ok16:38:45.0495 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys16:38:45.0495 3048 MSPCLOCK - ok16:38:45.0525 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys16:38:45.0525 3048 MSPQM - ok16:38:45.0555 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys16:38:45.0565 3048 MsRPC - ok16:38:45.0575 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys16:38:45.0575 3048 mssmbios - ok16:38:45.0625 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys16:38:45.0625 3048 MSTEE - ok16:38:45.0645 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys16:38:45.0645 3048 MTConfig - ok16:38:45.0675 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys16:38:45.0675 3048 Mup - ok16:38:45.0775 3048 [ D49740F2A4D81812AE9E63A77B9DD580 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe16:38:45.0815 3048 NACAgent - ok16:38:45.0865 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll16:38:45.0875 3048 napagent - ok16:38:45.0915 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys16:38:45.0925 3048 NativeWifiP - ok16:38:45.0985 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys16:38:46.0005 3048 NDIS - ok16:38:46.0065 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys16:38:46.0065 3048 NdisCap - ok16:38:46.0085 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys16:38:46.0085 3048 NdisTapi - ok16:38:46.0095 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys16:38:46.0095 3048 Ndisuio - ok16:38:46.0115 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys16:38:46.0115 3048 NdisWan - ok16:38:46.0125 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys16:38:46.0135 3048 NDProxy - ok16:38:46.0145 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys16:38:46.0145 3048 NetBIOS - ok16:38:46.0215 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys16:38:46.0215 3048 NetBT - ok16:38:46.0235 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe16:38:46.0235 3048 Netlogon - ok16:38:46.0285 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll16:38:46.0305 3048 Netman - ok16:38:46.0385 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe16:38:46.0385 3048 NetMsmqActivator - ok16:38:46.0395 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe16:38:46.0405 3048 NetPipeActivator - ok16:38:46.0425 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll16:38:46.0435 3048 netprofm - ok16:38:46.0445 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe16:38:46.0455 3048 NetTcpActivator - ok16:38:46.0465 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe16:38:46.0465 3048 NetTcpPortSharing - ok16:38:46.0485 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys16:38:46.0485 3048 nfrd960 - ok16:38:46.0515 3048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll16:38:46.0525 3048 NlaSvc - ok16:38:46.0535 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys16:38:46.0535 3048 Npfs - ok16:38:46.0555 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll16:38:46.0555 3048 nsi - ok16:38:46.0575 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys16:38:46.0575 3048 nsiproxy - ok16:38:46.0675 3048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys16:38:46.0755 3048 Ntfs - ok16:38:46.0785 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys16:38:46.0785 3048 Null - ok16:38:47.0167 3048 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys16:38:47.0507 3048 nvlddmkm - ok16:38:47.0567 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys16:38:47.0577 3048 nvraid - ok16:38:47.0617 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys16:38:47.0617 3048 nvstor - ok16:38:47.0647 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys16:38:47.0647 3048 nv_agp - ok16:38:47.0727 3048 [ 7C3BE2E60DF8FA35525591884E6DEDD7 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe16:38:47.0727 3048 Oasis2Service - ok16:38:47.0747 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys16:38:47.0757 3048 ohci1394 - ok16:38:47.0817 3048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE16:38:47.0827 3048 ose - ok16:38:48.0027 3048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE16:38:48.0207 3048 osppsvc - ok16:38:48.0327 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll16:38:48.0327 3048 p2pimsvc - ok16:38:48.0547 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll16:38:48.0567 3048 p2psvc - ok16:38:48.0677 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys16:38:48.0677 3048 Parport - ok16:38:48.0807 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys16:38:48.0807 3048 partmgr - ok16:38:48.0837 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll16:38:48.0847 3048 PcaSvc - ok16:38:48.0917 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys16:38:48.0917 3048 pci - ok16:38:48.0927 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys16:38:48.0927 3048 pciide - ok16:38:48.0977 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys16:38:48.0977 3048 pcmcia - ok16:38:48.0987 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys16:38:48.0997 3048 pcw - ok16:38:49.0057 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys16:38:49.0067 3048 PEAUTH - ok16:38:49.0207 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe16:38:49.0207 3048 PerfHost - ok16:38:49.0347 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll16:38:49.0397 3048 pla - ok16:38:49.0457 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll16:38:49.0467 3048 PlugPlay - ok16:38:49.0627 3048 [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe16:38:49.0637 3048 PMBDeviceInfoProvider - ok16:38:49.0667 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll16:38:49.0667 3048 PNRPAutoReg - ok16:38:49.0687 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll16:38:49.0697 3048 PNRPsvc - ok16:38:49.0747 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll16:38:49.0757 3048 PolicyAgent - ok16:38:49.0817 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll16:38:49.0817 3048 Power - ok16:38:49.0857 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys16:38:49.0867 3048 PptpMiniport - ok16:38:49.0877 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys16:38:49.0887 3048 Processor - ok16:38:49.0907 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll16:38:49.0917 3048 ProfSvc - ok16:38:49.0937 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe16:38:49.0937 3048 ProtectedStorage - ok16:38:49.0977 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys16:38:49.0977 3048 Psched - ok16:38:50.0087 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys16:38:50.0137 3048 ql2300 - ok16:38:50.0167 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys16:38:50.0177 3048 ql40xx - ok16:38:50.0277 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll16:38:50.0287 3048 QWAVE - ok16:38:50.0297 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys16:38:50.0307 3048 QWAVEdrv - ok16:38:50.0327 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys16:38:50.0337 3048 RasAcd - ok16:38:50.0387 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys16:38:50.0387 3048 RasAgileVpn - ok16:38:50.0417 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll16:38:50.0417 3048 RasAuto - ok16:38:50.0427 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys16:38:50.0427 3048 Rasl2tp - ok16:38:50.0457 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll16:38:50.0467 3048 RasMan - ok16:38:50.0477 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys16:38:50.0477 3048 RasPppoe - ok16:38:50.0507 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys16:38:50.0507 3048 RasSstp - ok16:38:50.0527 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys16:38:50.0527 3048 rdbss - ok16:38:50.0547 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys16:38:50.0547 3048 rdpbus - ok16:38:50.0557 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys16:38:50.0567 3048 RDPCDD - ok16:38:50.0587 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys16:38:50.0597 3048 RDPENCDD - ok16:38:50.0637 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys16:38:50.0637 3048 RDPREFMP - ok16:38:50.0687 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys16:38:50.0687 3048 RDPWD - ok16:38:50.0707 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys16:38:50.0707 3048 rdyboost - ok16:38:50.0747 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll16:38:50.0757 3048 RemoteAccess - ok16:38:50.0777 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll16:38:50.0777 3048 RemoteRegistry - ok16:38:50.0827 3048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys16:38:50.0827 3048 RFCOMM - ok16:38:50.0837 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll16:38:50.0847 3048 RpcEptMapper - ok16:38:50.0877 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe16:38:50.0877 3048 RpcLocator - ok16:38:50.0907 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll16:38:50.0917 3048 RpcSs - ok16:38:50.0987 3048 [ 9BD6DEBC9862FBE0C0467F0633B34962 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys16:38:50.0997 3048 RSPCIESTOR - ok16:38:51.0057 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys16:38:51.0057 3048 rspndr - ok16:38:51.0117 3048 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys16:38:51.0127 3048 RTL8167 - ok16:38:51.0177 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe16:38:51.0187 3048 SamSs - ok16:38:51.0207 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys16:38:51.0217 3048 sbp2port - ok16:38:51.0247 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll16:38:51.0247 3048 SCardSvr - ok16:38:51.0267 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys16:38:51.0267 3048 scfilter - ok16:38:51.0337 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll16:38:51.0367 3048 Schedule - ok16:38:51.0407 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll16:38:51.0407 3048 SCPolicySvc - ok16:38:51.0417 3048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys16:38:51.0427 3048 sdbus - ok16:38:51.0437 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll16:38:51.0437 3048 SDRSVC - ok16:38:51.0457 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys16:38:51.0457 3048 secdrv - ok16:38:51.0457 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll16:38:51.0467 3048 seclogon - ok16:38:51.0467 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll16:38:51.0477 3048 SENS - ok16:38:51.0497 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll16:38:51.0507 3048 SensrSvc - ok16:38:51.0517 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys16:38:51.0517 3048 Serenum - ok16:38:51.0547 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys16:38:51.0547 3048 Serial - ok16:38:51.0577 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys16:38:51.0587 3048 sermouse - ok16:38:51.0637 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll16:38:51.0647 3048 SessionEnv - ok16:38:51.0697 3048 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys16:38:51.0697 3048 SFEP - ok16:38:51.0717 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys16:38:51.0717 3048 sffdisk - ok16:38:51.0727 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys16:38:51.0737 3048 sffp_mmc - ok16:38:51.0737 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys16:38:51.0747 3048 sffp_sd - ok16:38:51.0757 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys16:38:51.0757 3048 sfloppy - ok16:38:51.0797 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll16:38:51.0797 3048 SharedAccess - ok16:38:51.0827 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll16:38:51.0837 3048 ShellHWDetection - ok16:38:51.0847 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys16:38:51.0857 3048 SiSRaid2 - ok16:38:51.0867 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys16:38:51.0867 3048 SiSRaid4 - ok16:38:51.0897 3048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe16:38:51.0897 3048 SkypeUpdate - ok16:38:51.0917 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys16:38:51.0917 3048 Smb - ok16:38:51.0947 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe16:38:51.0957 3048 SNMPTRAP - ok16:38:52.0097 3048 [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe16:38:52.0097 3048 SOHCImp - ok16:38:52.0127 3048 [ 16FD95781117E13107D477AE36219E6F ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe16:38:52.0137 3048 SOHDs - ok16:38:52.0167 3048 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe16:38:52.0167 3048 Sony SCSI Helper Service - ok16:38:52.0267 3048 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe16:38:52.0267 3048 SpfService - ok16:38:52.0317 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys16:38:52.0317 3048 spldr - ok16:38:52.0357 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe16:38:52.0367 3048 Spooler - ok16:38:52.0497 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe16:38:52.0607 3048 sppsvc - ok16:38:52.0617 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll16:38:52.0627 3048 sppuinotify - ok16:38:52.0647 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys16:38:52.0657 3048 srv - ok16:38:52.0687 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys16:38:52.0697 3048 srv2 - ok16:38:52.0717 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys16:38:52.0717 3048 srvnet - ok16:38:52.0767 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll16:38:52.0777 3048 SSDPSRV - ok16:38:52.0797 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll16:38:52.0797 3048 SstpSvc - ok16:38:52.0807 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys16:38:52.0817 3048 stexstor - ok16:38:52.0857 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll16:38:52.0887 3048 stisvc - ok16:38:52.0897 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys16:38:52.0897 3048 swenum - ok16:38:52.0937 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll16:38:52.0957 3048 swprv - ok16:38:52.0987 3048 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys16:38:52.0997 3048 SynTP - ok16:38:53.0067 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll16:38:53.0147 3048 SysMain - ok16:38:53.0168 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll16:38:53.0178 3048 TabletInputService - ok16:38:53.0188 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll16:38:53.0198 3048 TapiSrv - ok16:38:53.0218 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll16:38:53.0218 3048 TBS - ok16:38:53.0308 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys16:38:53.0368 3048 Tcpip - ok16:38:53.0428 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys16:38:53.0458 3048 TCPIP6 - ok16:38:53.0488 3048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys16:38:53.0488 3048 tcpipreg - ok16:38:53.0508 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys16:38:53.0508 3048 TDPIPE - ok16:38:53.0538 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys16:38:53.0538 3048 TDTCP - ok16:38:53.0558 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys16:38:53.0568 3048 tdx - ok16:38:53.0578 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys16:38:53.0578 3048 TermDD - ok16:38:53.0658 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll16:38:53.0678 3048 TermService - ok16:38:53.0698 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll16:38:53.0708 3048 Themes - ok16:38:53.0788 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll16:38:53.0788 3048 THREADORDER - ok16:38:53.0838 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll16:38:53.0848 3048 TrkWks - ok16:38:54.0078 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe16:38:54.0088 3048 TrustedInstaller - ok16:38:54.0148 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys16:38:54.0148 3048 tssecsrv - ok16:38:54.0248 3048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys16:38:54.0258 3048 TsUsbFlt - ok16:38:54.0318 3048 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys16:38:54.0318 3048 TsUsbGD - ok16:38:54.0358 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys16:38:54.0358 3048 tunnel - ok16:38:54.0368 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys16:38:54.0368 3048 uagp35 - ok16:38:54.0438 3048 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe16:38:54.0438 3048 uCamMonitor - ok16:38:54.0458 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys16:38:54.0468 3048 udfs - ok16:38:54.0578 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe16:38:54.0578 3048 UI0Detect - ok16:38:54.0618 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys16:38:54.0618 3048 uliagpkx - ok16:38:54.0638 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys16:38:54.0638 3048 umbus - ok16:38:54.0698 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys16:38:54.0698 3048 UmPass - ok16:38:54.0778 3048 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe16:38:54.0778 3048 UNS - ok16:38:54.0878 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll16:38:54.0888 3048 upnphost - ok16:38:54.0948 3048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys16:38:54.0948 3048 USBAAPL64 - ok16:38:54.0958 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys16:38:54.0958 3048 usbccgp - ok16:38:55.0018 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys16:38:55.0018 3048 usbcir - ok16:38:55.0058 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys16:38:55.0058 3048 usbehci - ok16:38:55.0088 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys16:38:55.0108 3048 usbhub - ok16:38:55.0118 3048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys16:38:55.0118 3048 usbohci - ok16:38:55.0158 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys16:38:55.0158 3048 usbprint - ok16:38:55.0218 3048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys16:38:55.0218 3048 usbscan - ok16:38:55.0248 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS16:38:55.0258 3048 USBSTOR - ok16:38:55.0268 3048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys16:38:55.0268 3048 usbuhci - ok16:38:55.0338 3048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys16:38:55.0348 3048 usbvideo - ok16:38:55.0368 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll16:38:55.0378 3048 UxSms - ok16:38:55.0438 3048 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe16:38:55.0438 3048 VAIO Event Service - ok16:38:55.0598 3048 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe16:38:55.0618 3048 VAIO Power Management - ok16:38:55.0688 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe16:38:55.0688 3048 VaultSvc - ok16:38:56.0018 3048 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe16:38:56.0058 3048 VCFw - ok16:38:56.0108 3048 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe16:38:56.0128 3048 VcmIAlzMgr - ok16:38:56.0208 3048 [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe16:38:56.0218 3048 VcmINSMgr - ok16:38:56.0328 3048 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe16:38:56.0328 3048 VcmXmlIfHelper - ok16:38:56.0438 3048 [ D076011ECD0D1310E879F32EBF3B4886 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe16:38:56.0438 3048 VCService - ok16:38:56.0488 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys16:38:56.0488 3048 vdrvroot - ok16:38:56.0538 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe16:38:56.0548 3048 vds - ok16:38:56.0558 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys16:38:56.0558 3048 vga - ok16:38:56.0568 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys16:38:56.0578 3048 VgaSave - ok16:38:56.0608 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys16:38:56.0618 3048 vhdmp - ok16:38:56.0658 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys16:38:56.0668 3048 viaide - ok16:38:56.0708 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys16:38:56.0708 3048 volmgr - ok16:38:56.0728 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys16:38:56.0738 3048 volmgrx - ok16:38:56.0778 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys16:38:56.0778 3048 volsnap - ok16:38:56.0788 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys16:38:56.0798 3048 vsmraid - ok16:38:56.0888 3048 [ 596E65BDEE804CC6658A39756CC61849 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe16:38:56.0918 3048 VSNService - ok16:38:57.0379 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe16:38:57.0409 3048 VSS - ok16:38:57.0699 3048 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe16:38:57.0719 3048 VUAgent - ok16:38:57.0769 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys16:38:57.0769 3048 vwifibus - ok16:38:57.0809 3048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys16:38:57.0809 3048 vwififlt - ok16:38:57.0859 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll16:38:57.0869 3048 W32Time - ok16:38:57.0889 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys16:38:57.0899 3048 WacomPen - ok16:38:57.0949 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys16:38:57.0949 3048 WANARP - ok16:38:57.0969 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys16:38:57.0969 3048 Wanarpv6 - ok16:38:58.0069 3048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe16:38:58.0109 3048 WatAdminSvc - ok16:38:58.0179 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe16:38:58.0259 3048 wbengine - ok16:38:58.0269 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll16:38:58.0279 3048 WbioSrvc - ok16:38:58.0299 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll16:38:58.0309 3048 wcncsvc - ok16:38:58.0349 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll16:38:58.0349 3048 WcsPlugInService - ok16:38:58.0369 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys16:38:58.0379 3048 Wd - ok16:38:58.0399 3048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys16:38:58.0419 3048 Wdf01000 - ok16:38:58.0449 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll16:38:58.0459 3048 WdiServiceHost - ok16:38:58.0469 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll16:38:58.0479 3048 WdiSystemHost - ok16:38:58.0499 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll16:38:58.0509 3048 WebClient - ok16:38:58.0589 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll16:38:58.0609 3048 Wecsvc - ok16:38:58.0629 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll16:38:58.0629 3048 wercplsupport - ok16:38:58.0659 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll16:38:58.0659 3048 WerSvc - ok16:38:58.0689 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys16:38:58.0689 3048 WfpLwf - ok16:38:58.0709 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys16:38:58.0709 3048 WIMMount - ok16:38:58.0729 3048 WinDefend - ok16:38:58.0749 3048 WinHttpAutoProxySvc - ok16:38:58.0829 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll16:38:58.0839 3048 Winmgmt - ok16:38:58.0929 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll16:38:58.0999 3048 WinRM - ok16:38:59.0069 3048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys16:38:59.0079 3048 WinUsb - ok16:38:59.0139 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll16:38:59.0169 3048 Wlansvc - ok16:38:59.0239 3048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe16:38:59.0239 3048 wlcrasvc - ok16:38:59.0359 3048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE16:38:59.0389 3048 wlidsvc - ok16:38:59.0529 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys16:38:59.0569 3048 WmiAcpi - ok16:38:59.0639 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe16:38:59.0639 3048 wmiApSrv - ok16:38:59.0679 3048 WMPNetworkSvc - ok16:38:59.0739 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll16:38:59.0739 3048 WPCSvc - ok16:38:59.0789 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll16:38:59.0799 3048 WPDBusEnum - ok16:38:59.0819 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys16:38:59.0819 3048 ws2ifsl - ok16:38:59.0849 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll16:38:59.0849 3048 wscsvc - ok16:38:59.0859 3048 WSearch - ok16:38:59.0969 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll16:39:00.0069 3048 wuauserv - ok16:39:00.0119 3048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys16:39:00.0119 3048 WudfPf - ok16:39:00.0149 3048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys16:39:00.0149 3048 WUDFRd - ok16:39:00.0209 3048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll16:39:00.0219 3048 wudfsvc - ok16:39:00.0239 3048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll16:39:00.0249 3048 WwanSvc - ok16:39:00.0309 3048 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe16:39:00.0309 3048 ZAtheros Bt&Wlan Coex Agent - ok16:39:00.0329 3048 ================ Scan global ===============================16:39:00.0369 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll16:39:00.0419 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll16:39:00.0439 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll16:39:00.0499 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll16:39:00.0529 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe16:39:00.0539 3048 [Global] - ok16:39:00.0539 3048 ================ Scan MBR ==================================16:39:00.0559 3048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR016:39:00.0559 3048 Suspicious mbr (Forged): \Device\Harddisk0\DR016:39:00.0619 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected16:39:00.0619 3048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)16:39:00.0619 3048 ================ Scan VBR ==================================16:39:00.0629 3048 [ 7FA58C318AF30B74C90B460DFE98E0A4 ] \Device\Harddisk0\DR0\Partition116:39:00.0629 3048 \Device\Harddisk0\DR0\Partition1 - ok16:39:00.0659 3048 [ 1C65518377E3876FB1F6C0788798515C ] \Device\Harddisk0\DR0\Partition216:39:00.0659 3048 \Device\Harddisk0\DR0\Partition2 - ok16:39:00.0659 3048 ============================================================16:39:00.0659 3048 Scan finished16:39:00.0659 3048 ============================================================16:39:00.0689 6524 Detected object count: 116:39:00.0689 6524 Actual detected object count: 116:39:05.0111 6524 \Device\Harddisk0\DR0\# - copied to quarantine16:39:05.0111 6524 \Device\Harddisk0\DR0 - copied to quarantine16:39:05.0191 6524 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine16:39:05.0191 6524 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine16:39:05.0201 6524 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine16:39:05.0271 6524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot16:39:05.0271 6524 \Device\Harddisk0\DR0 - ok16:39:05.0401 6524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure16:39:09.0713 4328 Deinitialize successI scanned it one more time after reboot and there is nothing found Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612131 Share Posted November 11, 2012 Good job!Download Combofix from the link below, and save it to your desktop. Link**Note: It is important that it is saved directly to your desktop**If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here --------------------------------------------------------------------Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review.---------- Link to post Share on other sites More sharing options...
sexysarah Posted November 11, 2012 Author ID:612171 Share Posted November 11, 2012 Hi Jeff,After running combofix for almost an hour , I think it get stuck on Preparing Log Report.I closed it after almost an hour of running it . and run it again.It is still stuck on "Preparing Log Report" its almost a 30-45 mins now , should I wait more or what should I do exactly ?Thank You Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612176 Share Posted November 11, 2012 Wait about another 30 minutes. If it is still stuck reboot your system and see if there is a log located at C:\ComboFix.txt Post it if it is there....if not rerun ComboFix. Link to post Share on other sites More sharing options...
sexysarah Posted November 11, 2012 Author ID:612177 Share Posted November 11, 2012 Got it , Thank YouComboFix 12-11-10.02 - Hala 11/11/2012 17:49:27.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2245 [GMT -8:00]Running from: c:\users\Hala\Desktop\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\program files (x86)\TelevisionFanaticc:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8Sc:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8Sc:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8Sc:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.datc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E3BD1D2-2D93-4A45-B323-272F91988592}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{398183AA-5262-4015-8408-9C79E0F60B18}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FE09C4E-2791-4C46-9F4B-A235C9F0A866}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{632850D6-3C9E-4402-9B36-9118A323636C}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8674DF60-DBAD-4B61-932E-C8440FF2B246}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97DA38AB-01EF-44B5-8FF5-27CFCC26C401}.xpsc:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D66C565-7965-4F7E-873D-53FFE51BAD30}.xpsc:\windows\svchost.exe..((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))..2012-11-12 01:59 . 2012-11-12 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-11 21:46 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-11-11 21:46 . 2012-06-26 16:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 34057632*NewlyCreated* - 58960813*Deregistered* - 34057632*Deregistered* - 58960813.Contents of the 'Scheduled Tasks' folder.2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 21:46].2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\FF - prefs.js: browser.search.selectedEngine -FF - prefs.js: browser.search.defaulturl -FF - prefs.js: keyword.URL -FF - prefs.js: browser.startup.homepage -FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpiFF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMozFF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.binFF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.binFF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{06b5b051-1d05-443d-822f-39ab0d05f018} - c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dllWow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-11 18:22:50ComboFix-quarantined-files.txt 2012-11-12 02:22.Pre-Run: 230,428,127,232 bytes freePost-Run: 231,123,398,656 bytes free.- - End Of File - - 88D765933663A33D87A573189C93F7C0 Link to post Share on other sites More sharing options...
jeffce Posted November 11, 2012 ID:612189 Share Posted November 11, 2012 Hi, Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:ClearJavaCache::DDS::uURLSearchHooks: <No Name>: {06b5b051-1d05-443d-822f-39ab0d05f018} -BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dllBHO: wxDownload Class: {47CA08BB-3387-E2F5-E7E6-5E0BA2B85343} - C:\ProgramData\wxDownload\509312840bb5f.ocxBHO: wxDownload Class: {8356F990-30E7-9A55-7BD9-7EEC0EC318F2} - C:\ProgramData\wxDownload\50775104de468.ocxTB: BringMeSports: {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dllTB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} -Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Post the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.----------Please post the new ComboFix log and let me know how your system is running now. Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612261 Share Posted November 12, 2012 hi sorry for the late reply again here is the resultComboFix 12-11-10.03 - Hala 11/11/2012 20:23:35.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2524 [GMT -8:00]Running from: c:\users\Hala\Desktop\ComboFix.exeCommand switches used :: c:\users\Hala\Desktop\CFScript.txtAV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Hala\AppData\Local\{ADDAD481-506F-45D0-9D4F-E7050188877F}..((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))..2012-11-12 04:35 . 2012-11-12 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-11 21:46 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-11-11 21:46 . 2012-06-26 16:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 34057632*NewlyCreated* - 58960813*Deregistered* - 34057632*Deregistered* - 58960813.Contents of the 'Scheduled Tasks' folder.2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 21:46].2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\FF - prefs.js: browser.search.selectedEngine -FF - prefs.js: browser.search.defaulturl -FF - prefs.js: keyword.URL -FF - prefs.js: browser.startup.homepage -FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpiFF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMozFF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.binFF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.binFF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-11 20:39:51ComboFix-quarantined-files.txt 2012-11-12 04:39ComboFix2.txt 2012-11-12 02:23.Pre-Run: 231,177,515,008 bytes freePost-Run: 231,114,182,656 bytes free.- - End Of File - - DA5977C5394BBEB7A1DE06CC0E83CD94 Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612264 Share Posted November 12, 2012 and let me know how your system is running now Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612277 Share Posted November 12, 2012 its still very slow. Should I format it ? Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612280 Share Posted November 12, 2012 its still very slow. Should I format it ?I had not even considered that yet, but if that is what you would like to do let me know. I don't see any reason to at the time being......there are many reasons a computer can be slow that is not malware....I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.Now download and install the newest version from here >> http://java.com/en/download/index.jsp-------------Clear Java CacheSee this page for instructions on how to clear java's cache.Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)Under Temporary Internet Files, click the Delete Files button.There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded AppletsDownloaded ApplicationsOther Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.----------MalwarebytesPlease open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.----------ESET Online ScannerGo here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now.---------- Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612281 Share Posted November 12, 2012 MBAB is still Popping Up with the same error. Infection = svchost.exe (Trojan.Agent) Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612282 Share Posted November 12, 2012 Ok thanks. Be sure to see post 16 Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612317 Share Posted November 12, 2012 Hi It took a very long time for ESET to scan but here is the resultI have followed all your steps and cleared the java cache.MBAB new logMalwarebytes Anti-Malware (Trial) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.11.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Hala :: HALA-VAIO [administrator]Protection: Enabled11/11/2012 9:58:51 PMmbam-log-2012-11-11 (21-58-51).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 206622Time elapsed: 4 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Hala\AppData\Local\Temp\8CDD.tmp (Trojan.Agent.EDDGen) -> Quarantined and deleted successfully.(end)ESET.txtC:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll probably a variant of Win32/Toolbar.Babylon applicationC:\ProgramData\wxDownload\50775104de468.ocx Win32/Adware.MultiPlug.D applicationC:\ProgramData\wxDownload\5077520822f9f.ocx Win32/Adware.MultiPlug.D applicationC:\ProgramData\wxDownload\509312840bb5f.ocx Win32/Adware.MultiPlug.D applicationC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojanC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojanC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojanC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojanC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojanC:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojanC:\Users\All Users\wxDownload\50775104de468.ocx Win32/Adware.MultiPlug.D applicationC:\Users\All Users\wxDownload\5077520822f9f.ocx Win32/Adware.MultiPlug.D applicationC:\Users\All Users\wxDownload\509312840bb5f.ocx Win32/Adware.MultiPlug.D applicationC:\Users\Hala\Desktop\Downloads\SoftonicDownloader_for_tango.exe a variant of Win32/SoftonicDownloader.E applicationOperating memory Win32/Adware.MultiPlug.D applicationThank You Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612394 Share Posted November 12, 2012 Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:ClearJavaCache::File::C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll C:\ProgramData\wxDownload\50775104de468.ocx C:\ProgramData\wxDownload\5077520822f9f.ocx C:\ProgramData\wxDownload\509312840bb5f.ocx Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Post the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.----------Post the new ComboFix log and let me know how your system is running now. Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612457 Share Posted November 12, 2012 GOOD MORNINGHere is the log , thank youComboFix 12-11-12.02 - Hala 11/12/2012 10:39:02.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2653 [GMT -8:00]Running from: c:\users\Hala\Desktop\ComboFix.exeCommand switches used :: c:\users\Hala\Desktop\CFScript.txtAV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll""c:\programdata\wxDownload\50775104de468.ocx""c:\programdata\wxDownload\5077520822f9f.ocx""c:\programdata\wxDownload\509312840bb5f.ocx"..((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))..2012-11-12 18:49 . 2012-11-12 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-12 06:13 . 2012-11-12 06:13 -------- d-----w- c:\program files (x86)\ESET2012-11-12 05:53 . 2012-11-12 05:53 -------- d-----w- c:\program files (x86)\Common Files\Java2012-11-12 05:52 . 2012-11-12 05:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2012-11-12 05:52 . 2012-11-12 05:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2012-11-12 05:52 . 2012-11-12 05:52 -------- d-----w- c:\program files (x86)\Java2012-11-12 05:30 . 2012-11-12 05:30 190976 ----a-w- c:\programdata\Microsoft\Windows\DRM\2BB6.tmp.dat2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-12 05:31 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-11-12 05:31 . 2012-06-26 16:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 05:31].2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18].2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine -FF - prefs.js: keyword.URL -FF - prefs.js: browser.startup.homepage -FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpiFF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMozFF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.binFF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-12 10:54:12ComboFix-quarantined-files.txt 2012-11-12 18:54ComboFix2.txt 2012-11-12 04:39ComboFix3.txt 2012-11-12 02:23.Pre-Run: 229,842,362,368 bytes freePost-Run: 229,561,270,272 bytes free.- - End Of File - - 9E427F0A7106BD3AFFA0F4CBBAFA72FB Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612492 Share Posted November 12, 2012 and let me know how your system is running now Link to post Share on other sites More sharing options...
sexysarah Posted November 12, 2012 Author ID:612494 Share Posted November 12, 2012 much better then before. What about ESET , I didn't remove those viruses. Also do you think I should uninstall Kaspersky ? Link to post Share on other sites More sharing options...
jeffce Posted November 12, 2012 ID:612502 Share Posted November 12, 2012 What about ESET , I didn't remove those viruses.I just did with ComboFix. Also do you think I should uninstall Kaspersky ?No...just keep it updated. Any other malware problems?? Link to post Share on other sites More sharing options...
Recommended Posts