Jump to content

MBAB not able to delete svchost.exe (Trojan.Agent)


Recommended Posts

Hi, I got a brand new laptop 3 weeks or so ago. Today Its running really slow. So I tried running MBAB, the result was bad, like real bad. :(

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.11.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hala :: HALA-VAIO [administrator]

Protection: Enabled

11/11/2012 11:29:30 AM

mbam-log-2012-11-11 (11-29-30).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 360257

Time elapsed: 57 minute(s), 7 second(s)

Memory Processes Detected: 4

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.CP) -> 4420 -> Delete on reboot.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> 4964 -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> 4980 -> Delete on reboot.

C:\Windows\svchost.exe (Trojan.Agent) -> 5316 -> Delete on reboot.

Memory Modules Detected: 3

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar) -> Delete on reboot.

Registry Keys Detected: 168

HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{8e74a826-02ac-4edf-8827-7cfde086fb48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{a66eec44-aa6d-4af2-bf75-490e2ca17ae9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{0243D748-2F31-42C0-AC9D-17A44DC93907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{74cef9d2-506a-4bc6-b577-4f6505317fba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{1265ae6e-5141-468b-ab11-67ece832f5e8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{4C7D4EF1-B4DE-4D32-AEDE-4D16E24431A5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{716f0a7a-66f8-4c51-9ef2-be22e0ea2f00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{39ae4193-9636-4786-a7e8-d0bed697cdf3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{bdfcf196-0622-41cf-bda6-d1cdb44ab5e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{55E0C5EA-CEB2-4B31-BF39-37194037C570} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{5489857c-d16b-4f23-a322-9f3d3423dc6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{6a751d61-7a6b-4999-bfd0-adf01a40f6f2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{3F7C4052-B2B0-452C-99CA-BABD1FCB297B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{779a6469-e20c-4517-9d59-394ee65e216c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{b8cbcb5a-9192-4122-b3de-bd139320ec09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{f6c482a5-17ae-43d3-a6ac-52a70674283c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{3436BC13-C898-4775-B1EA-BA224587010D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8CBCB5A-9192-4122-B3DE-BD139320EC09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{a1912af6-dfe3-48b1-bdfe-9a65259ac702} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{5dc6445c-89ce-4895-9eee-79449a453700} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{1856a7bd-de8c-488b-aa7a-5682d13166fc} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{92364364-56b2-4c54-aae3-a7d03a30c023} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{A0E4F729-E247-43D3-ADBA-A7BBCEE7B99F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1856A7BD-DE8C-488B-AA7A-5682D13166FC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{f0c8ccc2-baaa-4236-ad0a-22b5a401b9ef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{a50c4254-a6a2-48cb-a2d0-c5e0a53fd965} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{29092667-E116-4C0D-B53F-8C8511571185} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{d424710b-af83-49a6-9f26-033e0cf794b1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{bc61ca7a-6b81-47ec-b62d-ae1a236cadb9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{71e326b6-2dc3-40b7-93d8-3ceda9c83f53} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{4691B0B0-2AB8-404C-BD83-DAB9E26BC177} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\BringMeSports_1c.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\Software\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 10

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vidshakeSA (Adware.HotBar.CP) -> Data: "C:\Users\Hala\AppData\Local\vidshakeSA\bin\1.0.7.0\vidshakeSA.exe" -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 11

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0 (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0 (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\data (Adware.HotBar.VS) -> Delete on reboot.

Files Detected: 106

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.CP) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar) -> Delete on reboot.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1chttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1creghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1ctpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cuabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\DRM\8164.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\DRM\8194.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VH1LL9U\509312841ac13[1].exe (PUP.FakePlug) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23QS016W\uninstaller[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVJ32JOR\aol_checker[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEXGIB4A\509312398eab3[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Temp\0.5130699428170687 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\Temp\8222.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\VidShakeSACB.exe (Adware.HotBar.Gen) -> Quarantined and deleted successfully.

C:\Users\Hala\Desktop\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

C:\Users\Hala\Desktop\Downloads\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\vidshakeSA.exe (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\bin\1.0.7.0\VidShakeUninstaller.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\VidShakeSA\bin\1.0.7.0\VidShakeUninstaller.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.

C:\Users\Hala\AppData\Local\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Delete on reboot.

C:\Users\Hala\AppData\Local\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Delete on reboot.

(end)

Now after rebooting my laptop , A MBAB pop up keeps telling me that im infected with svchost.exe (Trojan.Agent)

I scanned my laptopn again and here is the result

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.11.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hala :: HALA-VAIO [administrator]

Protection: Enabled

11/11/2012 12:41:25 PM

mbam-log-2012-11-11 (12-41-25).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 353638

Time elapsed: 57 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

I rebooted my laptop and still got the same pop up. That im infected with svchost.exe

Can someone help me ?

Thank You

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Link to post
Share on other sites

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Hi , Thank You Very Much Jeff , I really apperciate it.

DDS.txt

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by Hala at 15:13:44 on 2012-11-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.1908 [GMT -8:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\ProgramData\Premium\WxDFast\WxDFast.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\StikyNot.exe

c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files\Sony\VAIO Care\VCAdmin.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://sony.msn.com

uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

uURLSearchHooks: <No Name>: {06b5b051-1d05-443d-822f-39ab0d05f018} -

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

BHO: wxDownload Class: {47CA08BB-3387-E2F5-E7E6-5E0BA2B85343} - C:\ProgramData\wxDownload\509312840bb5f.ocx

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: wxDownload Class: {8356F990-30E7-9A55-7BD9-7EEC0EC318F2} - C:\ProgramData\wxDownload\50775104de468.ocx

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

TB: BringMeSports: {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} -

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll

TB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} -

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Facebook Update] "C:\Users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377}\0516E64616D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

TCP: Interfaces\{1FCC26EE-C6F8-4D7C-8AEC-4E4AA2ED8377}\649455355434552554 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10

TCP: Interfaces\{7AB9BADE-DBD3-4696-BA38-DC654F894241} : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll

FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll

FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

FF - plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Hala\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; C:\Program Files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpi

FF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; C:\Program Files (x86)\WordWeb\WCaptureMoz

FF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; C:\Program Files (x86)\BringMeSports_1c\bar\1.bin

FF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin

FF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; C:\Program Files (x86)\WordWeb\WCaptureMoz

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-12-22 202296]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-26 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-26 2429544]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-26 128280]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-26 161560]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-11 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-11 676936]

R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-3 1269208]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-5 51200]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-6-26 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-26 363800]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-6-26 978056]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-6-26 19968]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]

R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 787736]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-11 25928]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-26 339048]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-6-26 112256]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-26 535688]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]

S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-15 195320]

S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-13 249648]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-11 21:45:56 20480 ----a-w- C:\Windows\svchost.exe

2012-11-11 19:28:29 -------- d-----w- C:\Users\Hala\AppData\Roaming\Malwarebytes

2012-11-11 19:28:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-11 19:28:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-11 19:28:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-11 19:24:42 -------- d-----w- C:\Users\Hala\AppData\Local\{986EFAC7-A861-40C7-96AD-FECAABAD8C9C}

2012-11-11 07:13:49 -------- d-----w- C:\Users\Hala\AppData\Local\{98F9ABB8-DA51-4F44-B2C7-D1E1277AA09B}

2012-11-09 21:46:15 -------- d-----w- C:\Users\Hala\AppData\Local\Macromedia

2012-11-09 21:45:07 -------- d-----w- C:\Users\Hala\AppData\Local\Mozilla

2012-11-09 19:04:32 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll

2012-11-08 17:59:48 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco

2012-11-07 12:33:30 -------- d-----w- C:\Users\Hala\AppData\Local\{78F80C72-A690-4A6A-BCBB-55E19844553D}

2012-11-06 06:53:01 -------- d-----w- C:\ProgramData\McAfee Security Scan

2012-11-06 06:52:55 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2012-11-05 19:27:47 -------- d-----w- C:\Users\Hala\AppData\Local\{CA79EC81-4197-4070-AF16-8AC16E32E92E}

2012-11-02 03:13:56 -------- d-----w- C:\Users\Hala\AppData\Local\Price Check by AOL

2012-11-02 03:13:53 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2012-11-02 03:13:49 -------- d-----w- C:\Users\Hala\AppData\Local\AOL Toolbar

2012-11-02 03:13:46 -------- d-----w- C:\ProgramData\Price Check by AOL

2012-11-02 03:13:46 -------- d-----w- C:\Program Files (x86)\Price Check by AOL

2012-11-02 03:13:38 -------- d-----w- C:\ProgramData\AOL Toolbar

2012-11-02 03:13:38 -------- d-----w- C:\Program Files (x86)\AOL Toolbar

2012-11-02 03:13:03 -------- d-----w- C:\Program Files (x86)\WxDownload

2012-10-31 19:50:07 -------- d-----w- C:\Users\Hala\AppData\Local\{FFA52C86-EC6D-41EF-B9AA-6D087B42C349}

2012-10-31 19:46:36 -------- d-----w- C:\Users\Hala\AppData\Local\{577959CF-8793-4492-9411-914FB3AD9AC0}

2012-10-29 14:22:58 -------- d-----w- C:\Users\Hala\AppData\Local\{4EA06E10-29DF-4945-A1D9-07E3A6A8D6EB}

2012-10-27 22:59:02 -------- d-----w- C:\Users\Hala\AppData\Local\{7DA1A486-9F50-4558-9F7C-FF71BE2B7FA9}

2012-10-27 00:13:04 -------- d-----w- C:\Users\Hala\AppData\Local\{8B61E7C5-A732-4BB5-B304-704A53B86634}

2012-10-24 14:11:45 -------- d-----w- C:\Users\Hala\AppData\Local\{A09F7368-65F2-4465-8189-EF9A61C90C1F}

2012-10-22 04:52:10 -------- d-----w- C:\Program Files (x86)\TelevisionFanatic

2012-10-22 04:04:11 -------- d-----w- C:\Program Files (x86)\BringMeSports_1c

2012-10-19 04:56:27 -------- d-----w- C:\Program Files (x86)\SwikiIE

2012-10-19 04:56:26 -------- d-----w- C:\Program Files (x86)\Swiki

2012-10-19 04:53:13 -------- d-----w- C:\Users\Hala\AppData\Local\CRE

2012-10-15 02:07:05 -------- d-----w- C:\Users\Hala\AppData\Local\{23F25AE5-DD5F-4FDD-9299-903F5B79D755}

.

==================== Find3M ====================

.

2012-11-11 21:46:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-11 21:46:27 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 20:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 15:16:02.60 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/16/2012 5:49:44 PM

System Uptime: 11/11/2012 3:09:16 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i3-2370M CPU @ 2.40GHz | N/A | 792/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 214.622 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 10/11/2012 6:58:54 PM - Installed WeatherBug

RP17: 10/16/2012 5:16:55 PM - Windows Update

RP18: 10/21/2012 3:00:21 AM - Windows Update

RP19: 10/26/2012 7:19:57 AM - Windows Update

RP20: 10/30/2012 6:50:50 AM - Windows Update

RP21: 11/2/2012 7:43:10 AM - Windows Update

RP22: 11/6/2012 4:23:46 PM - Installed Cisco NAC Agent .

RP23: 11/6/2012 4:34:02 PM - Windows Update

RP24: 11/8/2012 9:58:27 AM - Installed Cisco NAC Agent .

.

==== Installed Programs ======================

.

ACID Music Studio 8.0

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

Adobe Shockwave Player 11.6

AOL Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Manager for VAIO

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

Atheros Bluetooth Suite (64)

Babylon toolbar

Bing Bar

Bonjour

Cisco NAC Agent

CyberLink PowerDVD

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Download Updater (AOL Inc.)

DVD Architect Studio 5.0

Evernote v. 4.5.2

Facebook Video Calling 1.2.0.287

FDUx86

Google Chrome

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java Auto Updater

Java 7 Update 1

Java 7 Update 1 (64-bit)

Junk Mail filter update

Kaspersky Internet Security 2012

Keyboard_Shortcuts

KUx86

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Security Scan Plus

Media Gallery

Media Go

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 16.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

Oasis2Service

PlayMemories Home

PlayReady PC Runtime amd64

PlayStation®Network Downloader

PlayStation®Store

Price Check by AOL

Qualcomm Atheros Direct Connect

Qualcomm Atheros WiFi Driver Installation

Reader for PC

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation®3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.10

Sound Forge Audio Studio 10.0

SSLx64

SSLx86

Swiki version 1.0

swMSM

Synaptics Pointing Device Driver

TrackID with BRAVIA

TriDef 3D (Sony) 2.0.5

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

V3DPx86

VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325

VAIO - PlayMemories Home Plug-in

VAIO - Remote Keyboard

VAIO - Remote Keyboard with PlayStation®3

VAIO - Remote Play with PlayStation®3

VAIO - TrackID™ with BRAVIA

VAIO 3D Portal

VAIO Care

VAIO Control Center

VAIO CPU Fan Diagnostic

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Gate

VAIO Gate Default

VAIO Gesture Control

VAIO Help and Support

VAIO Improvement

VAIO Manual

VAIO Messenger

VAIO OOBE

VAIO Sample Contents

VAIO Satisfaction Survey.

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VAIO Update Merge Module x64

VCCx64

VCCx86

Vegas Movie Studio HD Platinum 11.0

VHD

VIx64

VIx86

VMLx86

VPMx64

VSNx64

VSNx86

VSSTx64

VSSTx86

VU5x64

VU5x86

VWSTx86

WeatherBug

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WordWeb

WxDFast

WxDownload Expansion

wxDownload Fast 0.6.0

.

==== Event Viewer Messages From Past Week ========

.

11/8/2012 9:59:55 AM, Error: Service Control Manager [7030] - The Cisco NAC Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/7/2012 9:50:43 AM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Hala-VAIO\Hala (96) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

11/7/2012 1:19:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:19:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IPsec Policy Agent service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:18:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:17:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:17:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

11/7/2012 1:17:34 PM, Error: Service Control Manager [7034] - The VSNService service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 1:17:28 PM, Error: Service Control Manager [7034] - The VAIO Care Performance Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:17:19 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:17:15 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/7/2012 1:17:11 PM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/7/2012 1:17:08 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:17:05 PM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:17:02 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:59 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 1:16:58 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:53 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:44 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/7/2012 1:16:43 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/6/2012 11:15:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.

11/5/2012 9:27:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/5/2012 6:37:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

11/11/2012 12:42:33 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.

11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:17 PM, Error: Service Control Manager [7034] - The Cisco NAC Agent service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:16 PM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:16 PM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 1:45:16 PM, Error: Service Control Manager [7031] - The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/11/2012 1:45:10 PM, Error: Service Control Manager [7023] - The Intel® ME Service service terminated with the following error: %%-2147467243

11/11/2012 1:07:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb766b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-46815-01.

11/10/2012 6:51:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.

11/10/2012 6:41:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.

11/10/2012 3:55:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

11/10/2012 11:13:20 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Hala-VAIO\Hala (111) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR.txt On my first scan I got the Blue Screen of Death. So I powered back my laptop and tried again and it worked

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-11 15:22:04

-----------------------------

15:22:04.245 OS Version: Windows x64 6.1.7601 Service Pack 1

15:22:04.245 Number of processors: 4 586 0x2A07

15:22:04.261 ComputerName: HALA-VAIO UserName: Hala

15:22:07.349 Initialize success

15:24:05.481 AVAST engine defs: 12111100

15:24:32.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:24:32.657 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

15:24:32.657 Device \Driver\iaStor -> MajorFunction fffffa80079d35e8

15:24:32.657 Disk 0 MBR read successfully

15:24:32.672 Disk 0 MBR scan

15:24:32.672 Disk 0 Windows 7 default MBR code

15:24:32.704 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18940 MB offset 2048

15:24:32.735 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 38791168

15:24:32.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285953 MB offset 39507968

15:24:32.782 Disk 0 scanning C:\Windows\system32\drivers

15:24:44.825 Service scanning

15:25:23.187 Modules scanning

15:25:23.203 Disk 0 trace - called modules:

15:25:23.718 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80079d35e8]<<

15:25:23.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072dd060]

15:25:23.733 3 CLASSPNP.SYS[fffff88001dbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004df2050]

15:25:23.749 \Driver\iaStor[0xfffffa80071e69d0] -> IRP_MJ_CREATE -> 0xfffffa80079d35e8

15:25:25.590 AVAST engine scan C:\Windows

15:25:28.803 AVAST engine scan C:\Windows\system32

15:30:35.536 AVAST engine scan C:\Windows\system32\drivers

15:30:50.169 AVAST engine scan C:\Users\Hala

15:43:27.595 AVAST engine scan C:\ProgramData

15:47:21.536 Scan finished successfully

15:47:36.184 Disk 0 MBR has been saved successfully to "C:\Users\Hala\Desktop\MBR.dat"

15:47:36.200 The log file has been saved successfully to "C:\Users\Hala\Desktop\aswMBR.txt"

TDSSKiller.txt

15:49:30.0004 3940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:49:30.0441 3940 ============================================================

15:49:30.0441 3940 Current date / time: 2012/11/11 15:49:30.0441

15:49:30.0441 3940 SystemInfo:

15:49:30.0441 3940

15:49:30.0441 3940 OS Version: 6.1.7601 ServicePack: 1.0

15:49:30.0441 3940 Product type: Workstation

15:49:30.0441 3940 ComputerName: HALA-VAIO

15:49:30.0441 3940 UserName: Hala

15:49:30.0441 3940 Windows directory: C:\Windows

15:49:30.0441 3940 System windows directory: C:\Windows

15:49:30.0441 3940 Running under WOW64

15:49:30.0441 3940 Processor architecture: Intel x64

15:49:30.0441 3940 Number of processors: 4

15:49:30.0441 3940 Page size: 0x1000

15:49:30.0441 3940 Boot type: Normal boot

15:49:30.0441 3940 ============================================================

15:49:31.0283 3940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:31.0299 3940 ============================================================

15:49:31.0299 3940 \Device\Harddisk0\DR0:

15:49:31.0299 3940 MBR partitions:

15:49:31.0299 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24FE800, BlocksNum 0xAF000

15:49:31.0299 3940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25AD800, BlocksNum 0x22E80AB0

15:49:31.0299 3940 ============================================================

15:49:31.0377 3940 C: <-> \Device\Harddisk0\DR0\Partition2

15:49:31.0377 3940 ============================================================

15:49:31.0377 3940 Initialize success

15:49:31.0377 3940 ============================================================

15:49:33.0296 6964 ============================================================

15:49:33.0296 6964 Scan started

15:49:33.0296 6964 Mode: Manual;

15:49:33.0296 6964 ============================================================

15:49:35.0683 6964 ================ Scan system memory ========================

15:49:35.0683 6964 System memory - ok

15:49:35.0683 6964 ================ Scan services =============================

15:49:36.0353 6964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:49:36.0369 6964 1394ohci - ok

15:49:36.0556 6964 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:49:36.0556 6964 ACDaemon - ok

15:49:36.0603 6964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:49:36.0619 6964 ACPI - ok

15:49:36.0665 6964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:49:36.0665 6964 AcpiPmi - ok

15:49:36.0728 6964 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:49:36.0728 6964 AdobeARMservice - ok

15:49:36.0993 6964 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:49:36.0993 6964 AdobeFlashPlayerUpdateSvc - ok

15:49:37.0102 6964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

15:49:37.0118 6964 adp94xx - ok

15:49:37.0165 6964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

15:49:37.0180 6964 adpahci - ok

15:49:37.0180 6964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

15:49:37.0196 6964 adpu320 - ok

15:49:37.0258 6964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:49:37.0258 6964 AeLookupSvc - ok

15:49:37.0305 6964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:49:37.0321 6964 AFD - ok

15:49:37.0367 6964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:49:37.0367 6964 agp440 - ok

15:49:37.0414 6964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:49:37.0430 6964 ALG - ok

15:49:37.0445 6964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:49:37.0445 6964 aliide - ok

15:49:37.0461 6964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:49:37.0461 6964 amdide - ok

15:49:37.0477 6964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

15:49:37.0477 6964 AmdK8 - ok

15:49:37.0492 6964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

15:49:37.0492 6964 AmdPPM - ok

15:49:37.0539 6964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:49:37.0539 6964 amdsata - ok

15:49:37.0555 6964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

15:49:37.0570 6964 amdsbs - ok

15:49:37.0570 6964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:49:37.0570 6964 amdxata - ok

15:49:37.0601 6964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:49:37.0601 6964 AppID - ok

15:49:37.0648 6964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:49:37.0648 6964 AppIDSvc - ok

15:49:37.0711 6964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

15:49:37.0711 6964 Appinfo - ok

15:49:37.0820 6964 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:49:37.0820 6964 Apple Mobile Device - ok

15:49:37.0851 6964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

15:49:37.0851 6964 arc - ok

15:49:37.0867 6964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

15:49:37.0882 6964 arcsas - ok

15:49:37.0929 6964 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

15:49:37.0929 6964 ArcSoftKsUFilter - ok

15:49:38.0147 6964 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:49:38.0179 6964 aspnet_state - ok

15:49:38.0210 6964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:49:38.0210 6964 AsyncMac - ok

15:49:38.0241 6964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:49:38.0241 6964 atapi - ok

15:49:38.0288 6964 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

15:49:38.0288 6964 AthBTPort - ok

15:49:38.0382 6964 [ 1FDE0AAAEA06519AAE98CCF24715B765 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

15:49:38.0382 6964 AtherosSvc - ok

15:49:38.0491 6964 [ 237EE0B7A65D55E08EB7530F77423480 ] athr C:\Windows\system32\DRIVERS\athrx.sys

15:49:38.0631 6964 athr - ok

15:49:38.0709 6964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:49:38.0740 6964 AudioEndpointBuilder - ok

15:49:38.0772 6964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:49:38.0787 6964 AudioSrv - ok

15:49:38.0865 6964 [ 77D4E46F41422F16142141500E5B9FFB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

15:49:38.0865 6964 AVP - ok

15:49:38.0896 6964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:49:38.0912 6964 AxInstSV - ok

15:49:38.0959 6964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

15:49:38.0974 6964 b06bdrv - ok

15:49:39.0052 6964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:49:39.0052 6964 b57nd60a - ok

15:49:39.0130 6964 [ 216EC30BEAA9AE6818B21C969500D308 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

15:49:39.0130 6964 BBSvc - ok

15:49:39.0162 6964 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

15:49:39.0177 6964 BBUpdate - ok

15:49:39.0208 6964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:49:39.0224 6964 BDESVC - ok

15:49:39.0255 6964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:49:39.0255 6964 Beep - ok

15:49:39.0333 6964 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:49:39.0364 6964 BFE - ok

15:49:39.0520 6964 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

15:49:39.0567 6964 BITS - ok

15:49:39.0614 6964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:49:39.0614 6964 blbdrive - ok

15:49:39.0692 6964 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:49:39.0708 6964 Bonjour Service - ok

15:49:39.0723 6964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:49:39.0723 6964 bowser - ok

15:49:39.0723 6964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

15:49:39.0723 6964 BrFiltLo - ok

15:49:39.0770 6964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

15:49:39.0770 6964 BrFiltUp - ok

15:49:39.0817 6964 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:49:39.0832 6964 Browser - ok

15:49:39.0848 6964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:49:39.0864 6964 Brserid - ok

15:49:39.0864 6964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:49:39.0864 6964 BrSerWdm - ok

15:49:39.0879 6964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:49:39.0895 6964 BrUsbMdm - ok

15:49:39.0895 6964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:49:39.0895 6964 BrUsbSer - ok

15:49:39.0973 6964 [ 9455A8F85BE24514E50AFE90D4C976DB ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

15:49:39.0973 6964 BTATH_A2DP - ok

15:49:39.0988 6964 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys

15:49:39.0988 6964 btath_avdt - ok

15:49:40.0051 6964 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

15:49:40.0051 6964 BTATH_BUS - ok

15:49:40.0066 6964 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

15:49:40.0082 6964 BTATH_HCRP - ok

15:49:40.0082 6964 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

15:49:40.0082 6964 BTATH_LWFLT - ok

15:49:40.0144 6964 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

15:49:40.0160 6964 BTATH_RCP - ok

15:49:40.0176 6964 [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP C:\Windows\system32\drivers\btath_vdp.sys

15:49:40.0191 6964 BTATH_VDP - ok

15:49:40.0254 6964 [ EA92CE309DD24F489FDB149847AE6835 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

15:49:40.0269 6964 BtFilter - ok

15:49:40.0300 6964 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

15:49:40.0316 6964 BthEnum - ok

15:49:40.0332 6964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

15:49:40.0332 6964 BTHMODEM - ok

15:49:40.0363 6964 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

15:49:40.0363 6964 BthPan - ok

15:49:40.0441 6964 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

15:49:40.0456 6964 BTHPORT - ok

15:49:40.0534 6964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:49:40.0534 6964 bthserv - ok

15:49:40.0550 6964 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

15:49:40.0566 6964 BTHUSB - ok

15:49:40.0612 6964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:49:40.0612 6964 cdfs - ok

15:49:40.0644 6964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:49:40.0644 6964 cdrom - ok

15:49:40.0659 6964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:49:40.0675 6964 CertPropSvc - ok

15:49:40.0675 6964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

15:49:40.0675 6964 circlass - ok

15:49:40.0722 6964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:49:40.0753 6964 CLFS - ok

15:49:40.0893 6964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:49:40.0909 6964 clr_optimization_v2.0.50727_32 - ok

15:49:40.0987 6964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:49:40.0987 6964 clr_optimization_v2.0.50727_64 - ok

15:49:41.0112 6964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:49:41.0143 6964 clr_optimization_v4.0.30319_32 - ok

15:49:41.0190 6964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:49:41.0190 6964 clr_optimization_v4.0.30319_64 - ok

15:49:41.0221 6964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:49:41.0221 6964 CmBatt - ok

15:49:41.0236 6964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:49:41.0236 6964 cmdide - ok

15:49:41.0268 6964 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

15:49:41.0283 6964 CNG - ok

15:49:41.0330 6964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:49:41.0330 6964 Compbatt - ok

15:49:41.0361 6964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:49:41.0361 6964 CompositeBus - ok

15:49:41.0408 6964 COMSysApp - ok

15:49:41.0611 6964 [ 453A8D09DB02EB0DF64709B1603EAA2C ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

15:49:41.0626 6964 cphs - ok

15:49:41.0689 6964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

15:49:41.0689 6964 crcdisk - ok

15:49:41.0782 6964 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:49:41.0798 6964 CryptSvc - ok

15:49:41.0907 6964 [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe

15:49:41.0907 6964 DCDhcpService - ok

15:49:41.0954 6964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:49:41.0985 6964 DcomLaunch - ok

15:49:42.0126 6964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:49:42.0126 6964 defragsvc - ok

15:49:42.0157 6964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:49:42.0172 6964 DfsC - ok

15:49:42.0188 6964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:49:42.0204 6964 Dhcp - ok

15:49:42.0266 6964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:49:42.0282 6964 discache - ok

15:49:42.0297 6964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

15:49:42.0297 6964 Disk - ok

15:49:42.0328 6964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:49:42.0328 6964 Dnscache - ok

15:49:42.0360 6964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:49:42.0375 6964 dot3svc - ok

15:49:42.0375 6964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:49:42.0391 6964 DPS - ok

15:49:42.0406 6964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:49:42.0406 6964 drmkaud - ok

15:49:42.0453 6964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:49:42.0484 6964 DXGKrnl - ok

15:49:42.0500 6964 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

15:49:42.0500 6964 e1yexpress - ok

15:49:42.0531 6964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:49:42.0531 6964 EapHost - ok

15:49:42.0640 6964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

15:49:42.0750 6964 ebdrv - ok

15:49:42.0812 6964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:49:42.0812 6964 EFS - ok

15:49:42.0874 6964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:49:42.0906 6964 ehRecvr - ok

15:49:42.0921 6964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:49:42.0921 6964 ehSched - ok

15:49:42.0968 6964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

15:49:42.0984 6964 elxstor - ok

15:49:42.0999 6964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:49:42.0999 6964 ErrDev - ok

15:49:43.0077 6964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:49:43.0093 6964 EventSystem - ok

15:49:43.0124 6964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:49:43.0140 6964 exfat - ok

15:49:43.0171 6964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:49:43.0171 6964 fastfat - ok

15:49:43.0218 6964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:49:43.0264 6964 Fax - ok

15:49:43.0280 6964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

15:49:43.0280 6964 fdc - ok

15:49:43.0311 6964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:49:43.0311 6964 fdPHost - ok

15:49:43.0327 6964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:49:43.0327 6964 FDResPub - ok

15:49:43.0358 6964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:49:43.0358 6964 FileInfo - ok

15:49:43.0374 6964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:49:43.0374 6964 Filetrace - ok

15:49:43.0374 6964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

15:49:43.0389 6964 flpydisk - ok

15:49:43.0405 6964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:49:43.0420 6964 FltMgr - ok

15:49:43.0498 6964 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

15:49:43.0561 6964 FontCache - ok

15:49:43.0608 6964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:49:43.0608 6964 FontCache3.0.0.0 - ok

15:49:43.0623 6964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:49:43.0623 6964 FsDepends - ok

15:49:43.0639 6964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:49:43.0654 6964 Fs_Rec - ok

15:49:43.0686 6964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:49:43.0686 6964 fvevol - ok

15:49:43.0717 6964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

15:49:43.0717 6964 gagp30kx - ok

15:49:43.0748 6964 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:49:43.0748 6964 GEARAspiWDM - ok

15:49:43.0795 6964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:49:43.0842 6964 gpsvc - ok

15:49:43.0888 6964 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:49:43.0888 6964 gupdate - ok

15:49:43.0904 6964 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:49:43.0920 6964 gupdatem - ok

15:49:43.0920 6964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:49:43.0920 6964 hcw85cir - ok

15:49:43.0951 6964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:49:43.0966 6964 HdAudAddService - ok

15:49:43.0998 6964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:49:43.0998 6964 HDAudBus - ok

15:49:44.0013 6964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

15:49:44.0013 6964 HidBatt - ok

15:49:44.0013 6964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

15:49:44.0029 6964 HidBth - ok

15:49:44.0029 6964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

15:49:44.0044 6964 HidIr - ok

15:49:44.0076 6964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:49:44.0076 6964 hidserv - ok

15:49:44.0091 6964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:49:44.0091 6964 HidUsb - ok

15:49:44.0138 6964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:49:44.0138 6964 hkmsvc - ok

15:49:44.0154 6964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:49:44.0154 6964 HomeGroupListener - ok

15:49:44.0232 6964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:49:44.0247 6964 HomeGroupProvider - ok

15:49:44.0247 6964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:49:44.0247 6964 HpSAMD - ok

15:49:44.0278 6964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:49:44.0310 6964 HTTP - ok

15:49:44.0325 6964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:49:44.0325 6964 hwpolicy - ok

15:49:44.0341 6964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:49:44.0341 6964 i8042prt - ok

15:49:44.0403 6964 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys

15:49:44.0403 6964 iaStor - ok

15:49:44.0512 6964 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:49:44.0512 6964 IAStorDataMgrSvc - ok

15:49:44.0559 6964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:49:44.0575 6964 iaStorV - ok

15:49:44.0701 6964 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

15:49:44.0732 6964 IconMan_R - ok

15:49:44.0810 6964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:49:44.0825 6964 idsvc - ok

15:49:45.0434 6964 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

15:49:45.0842 6964 igfx - ok

15:49:45.0998 6964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

15:49:45.0998 6964 iirsp - ok

15:49:46.0201 6964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:49:46.0217 6964 IKEEXT - ok

15:49:46.0560 6964 [ 602788BF364D43E5878AA1B4F85C232B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

15:49:46.0700 6964 IntcAzAudAddService - ok

15:49:46.0795 6964 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

15:49:46.0810 6964 IntcDAud - ok

15:49:46.0920 6964 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe

15:49:46.0935 6964 Intel® Capability Licensing Service Interface - ok

15:49:46.0966 6964 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

15:49:46.0966 6964 Intel® ME Service - ok

15:49:46.0982 6964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:49:46.0998 6964 intelide - ok

15:49:47.0013 6964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:49:47.0029 6964 intelppm - ok

15:49:47.0060 6964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:49:47.0076 6964 IPBusEnum - ok

15:49:47.0076 6964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:49:47.0076 6964 IpFilterDriver - ok

15:49:47.0107 6964 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:49:47.0122 6964 iphlpsvc - ok

15:49:47.0138 6964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:49:47.0138 6964 IPMIDRV - ok

15:49:47.0154 6964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:49:47.0154 6964 IPNAT - ok

15:49:47.0247 6964 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:49:47.0263 6964 iPod Service - ok

15:49:47.0278 6964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:49:47.0278 6964 IRENUM - ok

15:49:47.0278 6964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:49:47.0278 6964 isapnp - ok

15:49:47.0310 6964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:49:47.0325 6964 iScsiPrt - ok

15:49:47.0356 6964 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

15:49:47.0356 6964 iusb3hcs - ok

15:49:47.0388 6964 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

15:49:47.0403 6964 iusb3hub - ok

15:49:47.0434 6964 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

15:49:47.0466 6964 iusb3xhc - ok

15:49:47.0497 6964 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

15:49:47.0497 6964 jhi_service - ok

15:49:47.0528 6964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:49:47.0528 6964 kbdclass - ok

15:49:47.0544 6964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:49:47.0544 6964 kbdhid - ok

15:49:47.0559 6964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:49:47.0559 6964 KeyIso - ok

15:49:47.0622 6964 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys

15:49:47.0637 6964 KL1 - ok

15:49:47.0637 6964 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys

15:49:47.0637 6964 kl2 - ok

15:49:47.0684 6964 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys

15:49:47.0700 6964 KLIF - ok

15:49:47.0731 6964 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

15:49:47.0731 6964 KLIM6 - ok

15:49:47.0746 6964 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

15:49:47.0746 6964 klmouflt - ok

15:49:47.0778 6964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:49:47.0778 6964 KSecDD - ok

15:49:47.0809 6964 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:49:47.0809 6964 KSecPkg - ok

15:49:47.0856 6964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:49:47.0856 6964 ksthunk - ok

15:49:47.0887 6964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:49:47.0902 6964 KtmRm - ok

15:49:47.0949 6964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:49:47.0965 6964 LanmanServer - ok

15:49:47.0980 6964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:49:47.0996 6964 LanmanWorkstation - ok

15:49:48.0012 6964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:49:48.0012 6964 lltdio - ok

15:49:48.0058 6964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:49:48.0074 6964 lltdsvc - ok

15:49:48.0105 6964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:49:48.0105 6964 lmhosts - ok

15:49:48.0152 6964 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:49:48.0152 6964 LMS - ok

15:49:48.0199 6964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

15:49:48.0214 6964 LSI_FC - ok

15:49:48.0214 6964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

15:49:48.0230 6964 LSI_SAS - ok

15:49:48.0230 6964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

15:49:48.0230 6964 LSI_SAS2 - ok

15:49:48.0246 6964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

15:49:48.0246 6964 LSI_SCSI - ok

15:49:48.0261 6964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:49:48.0261 6964 luafv - ok

15:49:48.0339 6964 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:49:48.0355 6964 MBAMProtector - ok

15:49:48.0480 6964 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:49:48.0495 6964 MBAMScheduler - ok

15:49:48.0542 6964 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:49:48.0573 6964 MBAMService - ok

15:49:48.0760 6964 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe

15:49:48.0760 6964 McComponentHostService - ok

15:49:48.0807 6964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:49:48.0807 6964 Mcx2Svc - ok

15:49:48.0838 6964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

15:49:48.0838 6964 megasas - ok

15:49:48.0870 6964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

15:49:48.0870 6964 MegaSR - ok

15:49:48.0916 6964 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

15:49:48.0916 6964 MEIx64 - ok

15:49:48.0979 6964 Microsoft SharePoint Workspace Audit Service - ok

15:49:49.0041 6964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:49:49.0041 6964 MMCSS - ok

15:49:49.0057 6964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:49:49.0057 6964 Modem - ok

15:49:49.0088 6964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:49:49.0088 6964 monitor - ok

15:49:49.0104 6964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:49:49.0104 6964 mouclass - ok

15:49:49.0119 6964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:49:49.0119 6964 mouhid - ok

15:49:49.0166 6964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:49:49.0182 6964 mountmgr - ok

15:49:49.0275 6964 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:49:49.0291 6964 MozillaMaintenance - ok

15:49:49.0306 6964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:49:49.0322 6964 mpio - ok

15:49:49.0322 6964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:49:49.0322 6964 mpsdrv - ok

15:49:49.0369 6964 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:49:49.0400 6964 MpsSvc - ok

15:49:49.0400 6964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:49:49.0416 6964 MRxDAV - ok

15:49:49.0416 6964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:49:49.0431 6964 mrxsmb - ok

15:49:49.0431 6964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:49:49.0447 6964 mrxsmb10 - ok

15:49:49.0462 6964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:49:49.0462 6964 mrxsmb20 - ok

15:49:49.0478 6964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:49:49.0478 6964 msahci - ok

15:49:49.0494 6964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:49:49.0494 6964 msdsm - ok

15:49:49.0509 6964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:49:49.0525 6964 MSDTC - ok

15:49:49.0540 6964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:49:49.0540 6964 Msfs - ok

15:49:49.0556 6964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:49:49.0556 6964 mshidkmdf - ok

15:49:49.0572 6964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:49:49.0587 6964 msisadrv - ok

15:49:49.0634 6964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:49:49.0634 6964 MSiSCSI - ok

15:49:49.0650 6964 msiserver - ok

15:49:49.0681 6964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:49:49.0681 6964 MSKSSRV - ok

15:49:49.0696 6964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:49:49.0696 6964 MSPCLOCK - ok

15:49:49.0712 6964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:49:49.0712 6964 MSPQM - ok

15:49:49.0743 6964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:49:49.0743 6964 MsRPC - ok

15:49:49.0774 6964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:49:49.0774 6964 mssmbios - ok

15:49:49.0790 6964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:49:49.0790 6964 MSTEE - ok

15:49:49.0790 6964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

15:49:49.0806 6964 MTConfig - ok

15:49:49.0806 6964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:49:49.0806 6964 Mup - ok

15:49:49.0899 6964 [ D49740F2A4D81812AE9E63A77B9DD580 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

15:49:49.0930 6964 NACAgent - ok

15:49:49.0977 6964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:49:49.0993 6964 napagent - ok

15:49:50.0055 6964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:49:50.0055 6964 NativeWifiP - ok

15:49:50.0118 6964 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:49:50.0149 6964 NDIS - ok

15:49:50.0149 6964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:49:50.0164 6964 NdisCap - ok

15:49:50.0180 6964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:49:50.0180 6964 NdisTapi - ok

15:49:50.0180 6964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:49:50.0196 6964 Ndisuio - ok

15:49:50.0196 6964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:49:50.0211 6964 NdisWan - ok

15:49:50.0211 6964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:49:50.0227 6964 NDProxy - ok

15:49:50.0227 6964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:49:50.0227 6964 NetBIOS - ok

15:49:50.0242 6964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:49:50.0258 6964 NetBT - ok

15:49:50.0274 6964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:49:50.0274 6964 Netlogon - ok

15:49:50.0336 6964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:49:50.0336 6964 Netman - ok

15:49:50.0430 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:49:50.0430 6964 NetMsmqActivator - ok

15:49:50.0445 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:49:50.0445 6964 NetPipeActivator - ok

15:49:50.0461 6964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:49:50.0476 6964 netprofm - ok

15:49:50.0492 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:49:50.0492 6964 NetTcpActivator - ok

15:49:50.0508 6964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:49:50.0508 6964 NetTcpPortSharing - ok

15:49:50.0570 6964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

15:49:50.0570 6964 nfrd960 - ok

15:49:50.0601 6964 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:49:50.0617 6964 NlaSvc - ok

15:49:50.0632 6964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:49:50.0632 6964 Npfs - ok

15:49:50.0664 6964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:49:50.0664 6964 nsi - ok

15:49:50.0679 6964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:49:50.0679 6964 nsiproxy - ok

15:49:50.0804 6964 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:49:50.0866 6964 Ntfs - ok

15:49:50.0882 6964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:49:50.0898 6964 Null - ok

15:49:51.0288 6964 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:49:51.0615 6964 nvlddmkm - ok

15:49:51.0662 6964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:49:51.0662 6964 nvraid - ok

15:49:51.0693 6964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:49:51.0693 6964 nvstor - ok

15:49:51.0724 6964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:49:51.0724 6964 nv_agp - ok

15:49:51.0787 6964 [ 7C3BE2E60DF8FA35525591884E6DEDD7 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

15:49:51.0787 6964 Oasis2Service - ok

15:49:51.0802 6964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:49:51.0818 6964 ohci1394 - ok

15:49:51.0896 6964 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:49:51.0896 6964 ose - ok

15:49:52.0146 6964 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:49:52.0270 6964 osppsvc - ok

15:49:52.0333 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:49:52.0333 6964 p2pimsvc - ok

15:49:52.0442 6964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:49:52.0458 6964 p2psvc - ok

15:49:52.0489 6964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

15:49:52.0489 6964 Parport - ok

15:49:52.0520 6964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:49:52.0520 6964 partmgr - ok

15:49:52.0551 6964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:49:52.0551 6964 PcaSvc - ok

15:49:52.0567 6964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:49:52.0567 6964 pci - ok

15:49:52.0582 6964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:49:52.0582 6964 pciide - ok

15:49:52.0598 6964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

15:49:52.0614 6964 pcmcia - ok

15:49:52.0614 6964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:49:52.0629 6964 pcw - ok

15:49:52.0660 6964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:49:52.0676 6964 PEAUTH - ok

15:49:52.0801 6964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:49:52.0801 6964 PerfHost - ok

15:49:52.0894 6964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:49:52.0957 6964 pla - ok

15:49:53.0004 6964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:49:53.0019 6964 PlugPlay - ok

15:49:53.0113 6964 [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

15:49:53.0128 6964 PMBDeviceInfoProvider - ok

15:49:53.0175 6964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:49:53.0175 6964 PNRPAutoReg - ok

15:49:53.0191 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:49:53.0206 6964 PNRPsvc - ok

15:49:53.0316 6964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:49:53.0316 6964 PolicyAgent - ok

15:49:53.0347 6964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:49:53.0347 6964 Power - ok

15:49:53.0394 6964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:49:53.0409 6964 PptpMiniport - ok

15:49:53.0425 6964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

15:49:53.0425 6964 Processor - ok

15:49:53.0456 6964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:49:53.0472 6964 ProfSvc - ok

15:49:53.0487 6964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:49:53.0487 6964 ProtectedStorage - ok

15:49:53.0518 6964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:49:53.0518 6964 Psched - ok

15:49:53.0581 6964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

15:49:53.0628 6964 ql2300 - ok

15:49:53.0628 6964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

15:49:53.0643 6964 ql40xx - ok

15:49:53.0674 6964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:49:53.0690 6964 QWAVE - ok

15:49:53.0690 6964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:49:53.0706 6964 QWAVEdrv - ok

15:49:53.0706 6964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:49:53.0706 6964 RasAcd - ok

15:49:53.0752 6964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:49:53.0752 6964 RasAgileVpn - ok

15:49:53.0768 6964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:49:53.0784 6964 RasAuto - ok

15:49:53.0799 6964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:49:53.0799 6964 Rasl2tp - ok

15:49:53.0830 6964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:49:53.0846 6964 RasMan - ok

15:49:53.0846 6964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:49:53.0862 6964 RasPppoe - ok

15:49:53.0862 6964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:49:53.0877 6964 RasSstp - ok

15:49:53.0893 6964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:49:53.0893 6964 rdbss - ok

15:49:53.0908 6964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

15:49:53.0908 6964 rdpbus - ok

15:49:53.0940 6964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:49:53.0940 6964 RDPCDD - ok

15:49:53.0955 6964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:49:53.0955 6964 RDPENCDD - ok

15:49:53.0971 6964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:49:53.0971 6964 RDPREFMP - ok

15:49:54.0018 6964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:49:54.0018 6964 RDPWD - ok

15:49:54.0049 6964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:49:54.0049 6964 rdyboost - ok

15:49:54.0080 6964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:49:54.0080 6964 RemoteAccess - ok

15:49:54.0111 6964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:49:54.0127 6964 RemoteRegistry - ok

15:49:54.0158 6964 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

15:49:54.0174 6964 RFCOMM - ok

15:49:54.0205 6964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:49:54.0205 6964 RpcEptMapper - ok

15:49:54.0236 6964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:49:54.0236 6964 RpcLocator - ok

15:49:54.0267 6964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:49:54.0267 6964 RpcSs - ok

15:49:54.0330 6964 [ 9BD6DEBC9862FBE0C0467F0633B34962 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

15:49:54.0330 6964 RSPCIESTOR - ok

15:49:54.0408 6964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:49:54.0408 6964 rspndr - ok

15:49:54.0454 6964 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:49:54.0470 6964 RTL8167 - ok

15:49:54.0501 6964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:49:54.0501 6964 SamSs - ok

15:49:54.0517 6964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:49:54.0517 6964 sbp2port - ok

15:49:54.0564 6964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:49:54.0564 6964 SCardSvr - ok

15:49:54.0595 6964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:49:54.0595 6964 scfilter - ok

15:49:54.0642 6964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:49:54.0688 6964 Schedule - ok

15:49:54.0751 6964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:49:54.0751 6964 SCPolicySvc - ok

15:49:54.0813 6964 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

15:49:54.0830 6964 sdbus - ok

15:49:54.0830 6964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:49:54.0845 6964 SDRSVC - ok

15:49:54.0892 6964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:49:54.0892 6964 secdrv - ok

15:49:54.0908 6964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:49:54.0908 6964 seclogon - ok

15:49:54.0923 6964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:49:54.0939 6964 SENS - ok

15:49:54.0955 6964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:49:54.0955 6964 SensrSvc - ok

15:49:54.0970 6964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

15:49:54.0970 6964 Serenum - ok

15:49:55.0001 6964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

15:49:55.0001 6964 Serial - ok

15:49:55.0001 6964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

15:49:55.0017 6964 sermouse - ok

15:49:55.0048 6964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:49:55.0064 6964 SessionEnv - ok

15:49:55.0095 6964 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys

15:49:55.0095 6964 SFEP - ok

15:49:55.0126 6964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:49:55.0126 6964 sffdisk - ok

15:49:55.0126 6964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:49:55.0142 6964 sffp_mmc - ok

15:49:55.0142 6964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:49:55.0142 6964 sffp_sd - ok

15:49:55.0157 6964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

15:49:55.0157 6964 sfloppy - ok

15:49:55.0204 6964 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:49:55.0204 6964 SharedAccess - ok

15:49:55.0235 6964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:49:55.0251 6964 ShellHWDetection - ok

15:49:55.0267 6964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

15:49:55.0282 6964 SiSRaid2 - ok

15:49:55.0282 6964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

15:49:55.0313 6964 SiSRaid4 - ok

15:49:55.0360 6964 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:49:55.0360 6964 SkypeUpdate - ok

15:49:55.0376 6964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:49:55.0376 6964 Smb - ok

15:49:55.0423 6964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:49:55.0423 6964 SNMPTRAP - ok

15:49:55.0516 6964 [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

15:49:55.0532 6964 SOHCImp - ok

15:49:55.0532 6964 [ 16FD95781117E13107D477AE36219E6F ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

15:49:55.0563 6964 SOHDs - ok

15:49:55.0594 6964 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

15:49:55.0594 6964 Sony SCSI Helper Service - ok

15:49:55.0657 6964 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

15:49:55.0657 6964 SpfService - ok

15:49:55.0688 6964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:49:55.0688 6964 spldr - ok

15:49:55.0735 6964 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:49:55.0750 6964 Spooler - ok

15:49:55.0875 6964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:49:56.0000 6964 sppsvc - ok

15:49:56.0000 6964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:49:56.0015 6964 sppuinotify - ok

15:49:56.0031 6964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:49:56.0031 6964 srv - ok

15:49:56.0078 6964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:49:56.0078 6964 srv2 - ok

15:49:56.0093 6964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:49:56.0093 6964 srvnet - ok

15:49:56.0125 6964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:49:56.0140 6964 SSDPSRV - ok

15:49:56.0140 6964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:49:56.0156 6964 SstpSvc - ok

15:49:56.0156 6964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

15:49:56.0171 6964 stexstor - ok

15:49:56.0187 6964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:49:56.0234 6964 stisvc - ok

15:49:56.0234 6964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:49:56.0234 6964 swenum - ok

15:49:56.0265 6964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:49:56.0296 6964 swprv - ok

15:49:56.0327 6964 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:49:56.0343 6964 SynTP - ok

15:49:56.0483 6964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:49:56.0530 6964 SysMain - ok

15:49:56.0546 6964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:49:56.0561 6964 TabletInputService - ok

15:49:56.0577 6964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:49:56.0577 6964 TapiSrv - ok

15:49:56.0593 6964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:49:56.0608 6964 TBS - ok

15:49:56.0780 6964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:49:56.0873 6964 Tcpip - ok

15:49:56.0951 6964 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:49:56.0967 6964 TCPIP6 - ok

15:49:57.0107 6964 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:49:57.0107 6964 tcpipreg - ok

15:49:57.0123 6964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:49:57.0123 6964 TDPIPE - ok

15:49:57.0154 6964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:49:57.0154 6964 TDTCP - ok

15:49:57.0185 6964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:49:57.0201 6964 tdx - ok

15:49:57.0201 6964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:49:57.0201 6964 TermDD - ok

15:49:57.0248 6964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:49:57.0279 6964 TermService - ok

15:49:57.0310 6964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:49:57.0310 6964 Themes - ok

15:49:57.0341 6964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:49:57.0357 6964 THREADORDER - ok

15:49:57.0373 6964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:49:57.0373 6964 TrkWks - ok

15:49:57.0466 6964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:49:57.0466 6964 TrustedInstaller - ok

15:49:57.0497 6964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:49:57.0497 6964 tssecsrv - ok

15:49:57.0529 6964 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:49:57.0529 6964 TsUsbFlt - ok

15:49:57.0544 6964 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

15:49:57.0544 6964 TsUsbGD - ok

15:49:57.0560 6964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:49:57.0560 6964 tunnel - ok

15:49:57.0575 6964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

15:49:57.0575 6964 uagp35 - ok

15:49:57.0638 6964 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

15:49:57.0653 6964 uCamMonitor - ok

15:49:57.0669 6964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:49:57.0669 6964 udfs - ok

15:49:57.0716 6964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:49:57.0716 6964 UI0Detect - ok

15:49:57.0731 6964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:49:57.0731 6964 uliagpkx - ok

15:49:57.0747 6964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:49:57.0763 6964 umbus - ok

15:49:57.0778 6964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

15:49:57.0778 6964 UmPass - ok

15:49:57.0856 6964 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:49:57.0856 6964 UNS - ok

15:49:57.0887 6964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:49:57.0887 6964 upnphost - ok

15:49:57.0934 6964 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:49:57.0950 6964 USBAAPL64 - ok

15:49:57.0950 6964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:49:57.0965 6964 usbccgp - ok

15:49:57.0965 6964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:49:57.0981 6964 usbcir - ok

15:49:57.0981 6964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:49:57.0981 6964 usbehci - ok

15:49:58.0028 6964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:49:58.0043 6964 usbhub - ok

15:49:58.0043 6964 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

15:49:58.0043 6964 usbohci - ok

15:49:58.0059 6964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:49:58.0059 6964 usbprint - ok

15:49:58.0106 6964 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:49:58.0106 6964 usbscan - ok

15:49:58.0137 6964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:49:58.0137 6964 USBSTOR - ok

15:49:58.0153 6964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

15:49:58.0153 6964 usbuhci - ok

15:49:58.0184 6964 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

15:49:58.0199 6964 usbvideo - ok

15:49:58.0215 6964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:49:58.0231 6964 UxSms - ok

15:49:58.0293 6964 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

15:49:58.0293 6964 VAIO Event Service - ok

15:49:58.0402 6964 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

15:49:58.0418 6964 VAIO Power Management - ok

15:49:58.0449 6964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:49:58.0449 6964 VaultSvc - ok

15:49:58.0543 6964 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

15:49:58.0574 6964 VCFw - ok

15:49:58.0605 6964 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

15:49:58.0621 6964 VcmIAlzMgr - ok

15:49:58.0714 6964 [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

15:49:58.0714 6964 VcmINSMgr - ok

15:49:58.0745 6964 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

15:49:58.0761 6964 VcmXmlIfHelper - ok

15:49:58.0808 6964 [ D076011ECD0D1310E879F32EBF3B4886 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe

15:49:58.0808 6964 VCService - ok

15:49:58.0855 6964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:49:58.0855 6964 vdrvroot - ok

15:49:58.0901 6964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:49:58.0933 6964 vds - ok

15:49:58.0933 6964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:49:58.0948 6964 vga - ok

15:49:58.0948 6964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:49:58.0948 6964 VgaSave - ok

15:49:58.0964 6964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:49:58.0964 6964 vhdmp - ok

15:49:59.0011 6964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:49:59.0011 6964 viaide - ok

15:49:59.0026 6964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:49:59.0026 6964 volmgr - ok

15:49:59.0042 6964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:49:59.0057 6964 volmgrx - ok

15:49:59.0073 6964 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:49:59.0089 6964 volsnap - ok

15:49:59.0104 6964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

15:49:59.0104 6964 vsmraid - ok

15:49:59.0167 6964 [ 596E65BDEE804CC6658A39756CC61849 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

15:49:59.0182 6964 VSNService - ok

15:49:59.0260 6964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:49:59.0323 6964 VSS - ok

15:49:59.0385 6964 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

15:49:59.0401 6964 VUAgent - ok

15:49:59.0432 6964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:49:59.0432 6964 vwifibus - ok

15:49:59.0463 6964 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:49:59.0463 6964 vwififlt - ok

15:49:59.0479 6964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:49:59.0494 6964 W32Time - ok

15:49:59.0510 6964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

15:49:59.0510 6964 WacomPen - ok

15:49:59.0525 6964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:49:59.0525 6964 WANARP - ok

15:49:59.0541 6964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:49:59.0541 6964 Wanarpv6 - ok

15:49:59.0666 6964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:49:59.0697 6964 WatAdminSvc - ok

15:49:59.0775 6964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:49:59.0837 6964 wbengine - ok

15:49:59.0837 6964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:49:59.0853 6964 WbioSrvc - ok

15:49:59.0869 6964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:49:59.0884 6964 wcncsvc - ok

15:49:59.0900 6964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:49:59.0900 6964 WcsPlugInService - ok

15:49:59.0962 6964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

15:49:59.0962 6964 Wd - ok

15:49:59.0993 6964 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:50:00.0009 6964 Wdf01000 - ok

15:50:00.0025 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:50:00.0025 6964 WdiServiceHost - ok

15:50:00.0040 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:50:00.0040 6964 WdiSystemHost - ok

15:50:00.0071 6964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:50:00.0071 6964 WebClient - ok

15:50:00.0118 6964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:50:00.0118 6964 Wecsvc - ok

15:50:00.0149 6964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:50:00.0165 6964 wercplsupport - ok

15:50:00.0181 6964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:50:00.0196 6964 WerSvc - ok

15:50:00.0227 6964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:50:00.0227 6964 WfpLwf - ok

15:50:00.0259 6964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:50:00.0259 6964 WIMMount - ok

15:50:00.0274 6964 WinDefend - ok

15:50:00.0290 6964 WinHttpAutoProxySvc - ok

15:50:00.0352 6964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:50:00.0368 6964 Winmgmt - ok

15:50:00.0446 6964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:50:00.0508 6964 WinRM - ok

15:50:00.0571 6964 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

15:50:00.0571 6964 WinUsb - ok

15:50:00.0617 6964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:50:00.0649 6964 Wlansvc - ok

15:50:00.0727 6964 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:50:00.0727 6964 wlcrasvc - ok

15:50:00.0820 6964 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:50:00.0915 6964 wlidsvc - ok

15:50:00.0930 6964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

15:50:00.0930 6964 WmiAcpi - ok

15:50:00.0993 6964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:50:01.0008 6964 wmiApSrv - ok

15:50:01.0024 6964 WMPNetworkSvc - ok

15:50:01.0055 6964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:50:01.0055 6964 WPCSvc - ok

15:50:01.0071 6964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:50:01.0086 6964 WPDBusEnum - ok

15:50:01.0118 6964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:50:01.0118 6964 ws2ifsl - ok

15:50:01.0133 6964 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

15:50:01.0133 6964 wscsvc - ok

15:50:01.0149 6964 WSearch - ok

15:50:01.0258 6964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:50:01.0367 6964 wuauserv - ok

15:50:01.0367 6964 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:50:01.0367 6964 WudfPf - ok

15:50:01.0430 6964 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:50:01.0430 6964 WUDFRd - ok

15:50:01.0461 6964 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:50:01.0461 6964 wudfsvc - ok

15:50:01.0492 6964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:50:01.0492 6964 WwanSvc - ok

15:50:01.0570 6964 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

15:50:01.0570 6964 ZAtheros Bt&Wlan Coex Agent - ok

15:50:01.0601 6964 ================ Scan global ===============================

15:50:01.0632 6964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:50:01.0726 6964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

15:50:01.0742 6964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

15:50:01.0773 6964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:50:01.0820 6964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:50:01.0820 6964 [Global] - ok

15:50:01.0820 6964 ================ Scan MBR ==================================

15:50:01.0851 6964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:50:01.0851 6964 Suspicious mbr (Forged): \Device\Harddisk0\DR0

15:50:01.0929 6964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:50:01.0929 6964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:50:01.0929 6964 ================ Scan VBR ==================================

15:50:01.0944 6964 [ 7FA58C318AF30B74C90B460DFE98E0A4 ] \Device\Harddisk0\DR0\Partition1

15:50:01.0944 6964 \Device\Harddisk0\DR0\Partition1 - ok

15:50:01.0960 6964 [ 1C65518377E3876FB1F6C0788798515C ] \Device\Harddisk0\DR0\Partition2

15:50:01.0976 6964 \Device\Harddisk0\DR0\Partition2 - ok

15:50:01.0976 6964 ============================================================

15:50:01.0976 6964 Scan finished

15:50:01.0976 6964 ============================================================

15:50:01.0991 6336 Detected object count: 1

15:50:01.0991 6336 Actual detected object count: 1

15:50:32.0131 6336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

15:50:32.0131 6336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

15:50:46.0595 4904 Deinitialize success

again Thank You

Link to post
Share on other sites

hi sorry for the late reply

here is the new log

16:38:21.0430 5580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:38:23.0420 5580 ============================================================

16:38:23.0420 5580 Current date / time: 2012/11/11 16:38:23.0420

16:38:23.0420 5580 SystemInfo:

16:38:23.0420 5580

16:38:23.0420 5580 OS Version: 6.1.7601 ServicePack: 1.0

16:38:23.0420 5580 Product type: Workstation

16:38:23.0420 5580 ComputerName: HALA-VAIO

16:38:23.0420 5580 UserName: Hala

16:38:23.0420 5580 Windows directory: C:\Windows

16:38:23.0420 5580 System windows directory: C:\Windows

16:38:23.0420 5580 Running under WOW64

16:38:23.0420 5580 Processor architecture: Intel x64

16:38:23.0420 5580 Number of processors: 4

16:38:23.0420 5580 Page size: 0x1000

16:38:23.0420 5580 Boot type: Normal boot

16:38:23.0420 5580 ============================================================

16:38:24.0051 5580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:38:24.0061 5580 ============================================================

16:38:24.0061 5580 \Device\Harddisk0\DR0:

16:38:24.0061 5580 MBR partitions:

16:38:24.0061 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24FE800, BlocksNum 0xAF000

16:38:24.0061 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25AD800, BlocksNum 0x22E80AB0

16:38:24.0061 5580 ============================================================

16:38:24.0131 5580 C: <-> \Device\Harddisk0\DR0\Partition2

16:38:24.0131 5580 ============================================================

16:38:24.0131 5580 Initialize success

16:38:24.0131 5580 ============================================================

16:38:30.0272 3048 ============================================================

16:38:30.0272 3048 Scan started

16:38:30.0272 3048 Mode: Manual;

16:38:30.0272 3048 ============================================================

16:38:30.0832 3048 ================ Scan system memory ========================

16:38:30.0832 3048 System memory - ok

16:38:30.0832 3048 ================ Scan services =============================

16:38:31.0112 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:38:31.0112 3048 1394ohci - ok

16:38:31.0622 3048 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

16:38:31.0632 3048 ACDaemon - ok

16:38:31.0792 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:38:31.0802 3048 ACPI - ok

16:38:31.0902 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:38:31.0902 3048 AcpiPmi - ok

16:38:32.0202 3048 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:38:32.0212 3048 AdobeARMservice - ok

16:38:32.0532 3048 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:38:32.0532 3048 AdobeFlashPlayerUpdateSvc - ok

16:38:32.0602 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:38:32.0622 3048 adp94xx - ok

16:38:32.0652 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:38:32.0662 3048 adpahci - ok

16:38:32.0672 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:38:32.0672 3048 adpu320 - ok

16:38:32.0712 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:38:32.0712 3048 AeLookupSvc - ok

16:38:32.0762 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:38:32.0772 3048 AFD - ok

16:38:32.0802 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:38:32.0812 3048 agp440 - ok

16:38:32.0822 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

16:38:32.0822 3048 ALG - ok

16:38:32.0832 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:38:32.0832 3048 aliide - ok

16:38:32.0842 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

16:38:32.0852 3048 amdide - ok

16:38:32.0862 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:38:32.0862 3048 AmdK8 - ok

16:38:32.0872 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

16:38:32.0872 3048 AmdPPM - ok

16:38:32.0902 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:38:32.0912 3048 amdsata - ok

16:38:32.0932 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

16:38:32.0942 3048 amdsbs - ok

16:38:32.0942 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:38:32.0952 3048 amdxata - ok

16:38:32.0982 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

16:38:32.0982 3048 AppID - ok

16:38:33.0052 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:38:33.0052 3048 AppIDSvc - ok

16:38:33.0062 3048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

16:38:33.0072 3048 Appinfo - ok

16:38:33.0143 3048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:38:33.0153 3048 Apple Mobile Device - ok

16:38:33.0173 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

16:38:33.0183 3048 arc - ok

16:38:33.0203 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:38:33.0203 3048 arcsas - ok

16:38:33.0243 3048 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

16:38:33.0243 3048 ArcSoftKsUFilter - ok

16:38:33.0393 3048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:38:33.0393 3048 aspnet_state - ok

16:38:33.0433 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:38:33.0433 3048 AsyncMac - ok

16:38:33.0463 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

16:38:33.0473 3048 atapi - ok

16:38:33.0513 3048 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

16:38:33.0513 3048 AthBTPort - ok

16:38:33.0583 3048 [ 1FDE0AAAEA06519AAE98CCF24715B765 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

16:38:33.0593 3048 AtherosSvc - ok

16:38:33.0703 3048 [ 237EE0B7A65D55E08EB7530F77423480 ] athr C:\Windows\system32\DRIVERS\athrx.sys

16:38:33.0813 3048 athr - ok

16:38:33.0893 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:38:33.0933 3048 AudioEndpointBuilder - ok

16:38:33.0953 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:38:33.0963 3048 AudioSrv - ok

16:38:34.0043 3048 [ 77D4E46F41422F16142141500E5B9FFB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

16:38:34.0053 3048 AVP - ok

16:38:34.0073 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:38:34.0083 3048 AxInstSV - ok

16:38:34.0143 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

16:38:34.0153 3048 b06bdrv - ok

16:38:34.0223 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:38:34.0223 3048 b57nd60a - ok

16:38:34.0353 3048 [ 216EC30BEAA9AE6818B21C969500D308 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

16:38:34.0353 3048 BBSvc - ok

16:38:34.0393 3048 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

16:38:34.0403 3048 BBUpdate - ok

16:38:34.0443 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:38:34.0443 3048 BDESVC - ok

16:38:34.0483 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:38:34.0493 3048 Beep - ok

16:38:34.0533 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

16:38:34.0563 3048 BFE - ok

16:38:34.0623 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

16:38:34.0653 3048 BITS - ok

16:38:34.0693 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:38:34.0693 3048 blbdrive - ok

16:38:34.0773 3048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:38:34.0783 3048 Bonjour Service - ok

16:38:34.0803 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:38:34.0813 3048 bowser - ok

16:38:34.0813 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

16:38:34.0823 3048 BrFiltLo - ok

16:38:34.0873 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

16:38:34.0873 3048 BrFiltUp - ok

16:38:34.0913 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

16:38:34.0923 3048 Browser - ok

16:38:34.0943 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:38:34.0953 3048 Brserid - ok

16:38:34.0963 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:38:34.0963 3048 BrSerWdm - ok

16:38:34.0973 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:38:34.0973 3048 BrUsbMdm - ok

16:38:34.0983 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:38:34.0983 3048 BrUsbSer - ok

16:38:35.0063 3048 [ 9455A8F85BE24514E50AFE90D4C976DB ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

16:38:35.0073 3048 BTATH_A2DP - ok

16:38:35.0083 3048 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys

16:38:35.0083 3048 btath_avdt - ok

16:38:35.0163 3048 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

16:38:35.0163 3048 BTATH_BUS - ok

16:38:35.0173 3048 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

16:38:35.0183 3048 BTATH_HCRP - ok

16:38:35.0193 3048 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

16:38:35.0193 3048 BTATH_LWFLT - ok

16:38:35.0243 3048 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

16:38:35.0253 3048 BTATH_RCP - ok

16:38:35.0293 3048 [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP C:\Windows\system32\drivers\btath_vdp.sys

16:38:35.0303 3048 BTATH_VDP - ok

16:38:35.0353 3048 [ EA92CE309DD24F489FDB149847AE6835 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

16:38:35.0363 3048 BtFilter - ok

16:38:35.0413 3048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

16:38:35.0413 3048 BthEnum - ok

16:38:35.0443 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:38:35.0443 3048 BTHMODEM - ok

16:38:35.0483 3048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

16:38:35.0483 3048 BthPan - ok

16:38:35.0523 3048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

16:38:35.0543 3048 BTHPORT - ok

16:38:35.0613 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

16:38:35.0623 3048 bthserv - ok

16:38:35.0643 3048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

16:38:35.0643 3048 BTHUSB - ok

16:38:35.0683 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:38:35.0683 3048 cdfs - ok

16:38:35.0713 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:38:35.0713 3048 cdrom - ok

16:38:35.0753 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

16:38:35.0753 3048 CertPropSvc - ok

16:38:35.0773 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

16:38:35.0773 3048 circlass - ok

16:38:35.0813 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

16:38:35.0823 3048 CLFS - ok

16:38:35.0943 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:38:35.0943 3048 clr_optimization_v2.0.50727_32 - ok

16:38:36.0003 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:38:36.0003 3048 clr_optimization_v2.0.50727_64 - ok

16:38:36.0073 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:38:36.0073 3048 clr_optimization_v4.0.30319_32 - ok

16:38:36.0093 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:38:36.0093 3048 clr_optimization_v4.0.30319_64 - ok

16:38:36.0133 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

16:38:36.0133 3048 CmBatt - ok

16:38:36.0143 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:38:36.0143 3048 cmdide - ok

16:38:36.0213 3048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

16:38:36.0223 3048 CNG - ok

16:38:36.0273 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

16:38:36.0273 3048 Compbatt - ok

16:38:36.0293 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

16:38:36.0293 3048 CompositeBus - ok

16:38:36.0333 3048 COMSysApp - ok

16:38:36.0473 3048 [ 453A8D09DB02EB0DF64709B1603EAA2C ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

16:38:36.0473 3048 cphs - ok

16:38:36.0493 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:38:36.0493 3048 crcdisk - ok

16:38:36.0563 3048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:38:36.0563 3048 CryptSvc - ok

16:38:36.0683 3048 [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe

16:38:36.0683 3048 DCDhcpService - ok

16:38:36.0733 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:38:36.0753 3048 DcomLaunch - ok

16:38:36.0793 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

16:38:36.0803 3048 defragsvc - ok

16:38:36.0833 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:38:36.0843 3048 DfsC - ok

16:38:36.0863 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

16:38:36.0873 3048 Dhcp - ok

16:38:36.0883 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

16:38:36.0883 3048 discache - ok

16:38:36.0913 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

16:38:36.0913 3048 Disk - ok

16:38:36.0933 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:38:36.0943 3048 Dnscache - ok

16:38:36.0963 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:38:36.0973 3048 dot3svc - ok

16:38:36.0983 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

16:38:36.0993 3048 DPS - ok

16:38:37.0013 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:38:37.0023 3048 drmkaud - ok

16:38:37.0063 3048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:38:37.0103 3048 DXGKrnl - ok

16:38:37.0123 3048 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

16:38:37.0133 3048 e1yexpress - ok

16:38:37.0143 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:38:37.0153 3048 EapHost - ok

16:38:37.0253 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

16:38:37.0353 3048 ebdrv - ok

16:38:37.0373 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

16:38:37.0373 3048 EFS - ok

16:38:37.0473 3048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:38:37.0493 3048 ehRecvr - ok

16:38:37.0523 3048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

16:38:37.0533 3048 ehSched - ok

16:38:37.0573 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:38:37.0583 3048 elxstor - ok

16:38:37.0613 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:38:37.0613 3048 ErrDev - ok

16:38:37.0683 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

16:38:37.0693 3048 EventSystem - ok

16:38:37.0733 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

16:38:37.0743 3048 exfat - ok

16:38:37.0773 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:38:37.0773 3048 fastfat - ok

16:38:37.0833 3048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

16:38:37.0863 3048 Fax - ok

16:38:37.0893 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

16:38:37.0893 3048 fdc - ok

16:38:37.0913 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:38:37.0913 3048 fdPHost - ok

16:38:37.0923 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:38:37.0933 3048 FDResPub - ok

16:38:37.0953 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:38:37.0953 3048 FileInfo - ok

16:38:37.0963 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:38:37.0963 3048 Filetrace - ok

16:38:37.0983 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

16:38:37.0983 3048 flpydisk - ok

16:38:38.0033 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:38:38.0043 3048 FltMgr - ok

16:38:38.0123 3048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

16:38:38.0173 3048 FontCache - ok

16:38:38.0223 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:38:38.0223 3048 FontCache3.0.0.0 - ok

16:38:38.0233 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:38:38.0243 3048 FsDepends - ok

16:38:38.0273 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:38:38.0273 3048 Fs_Rec - ok

16:38:38.0313 3048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:38:38.0313 3048 fvevol - ok

16:38:38.0333 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:38:38.0343 3048 gagp30kx - ok

16:38:38.0383 3048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:38:38.0383 3048 GEARAspiWDM - ok

16:38:38.0443 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

16:38:38.0473 3048 gpsvc - ok

16:38:38.0533 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:38:38.0543 3048 gupdate - ok

16:38:38.0563 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:38:38.0573 3048 gupdatem - ok

16:38:38.0583 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:38:38.0583 3048 hcw85cir - ok

16:38:38.0623 3048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:38:38.0623 3048 HdAudAddService - ok

16:38:38.0653 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:38:38.0663 3048 HDAudBus - ok

16:38:38.0673 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

16:38:38.0673 3048 HidBatt - ok

16:38:38.0683 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:38:38.0683 3048 HidBth - ok

16:38:38.0703 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

16:38:38.0703 3048 HidIr - ok

16:38:38.0733 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

16:38:38.0733 3048 hidserv - ok

16:38:38.0743 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:38:38.0753 3048 HidUsb - ok

16:38:38.0783 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:38:38.0793 3048 hkmsvc - ok

16:38:38.0813 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:38:38.0823 3048 HomeGroupListener - ok

16:38:38.0863 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:38:38.0873 3048 HomeGroupProvider - ok

16:38:38.0893 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:38:38.0893 3048 HpSAMD - ok

16:38:38.0933 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:38:38.0953 3048 HTTP - ok

16:38:38.0973 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:38:38.0973 3048 hwpolicy - ok

16:38:39.0003 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

16:38:39.0003 3048 i8042prt - ok

16:38:39.0063 3048 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys

16:38:39.0073 3048 iaStor - ok

16:38:39.0204 3048 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

16:38:39.0204 3048 IAStorDataMgrSvc - ok

16:38:39.0254 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:38:39.0274 3048 iaStorV - ok

16:38:39.0474 3048 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

16:38:39.0534 3048 IconMan_R - ok

16:38:39.0624 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:38:39.0664 3048 idsvc - ok

16:38:40.0174 3048 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

16:38:40.0614 3048 igfx - ok

16:38:40.0664 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:38:40.0664 3048 iirsp - ok

16:38:40.0714 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

16:38:40.0754 3048 IKEEXT - ok

16:38:40.0944 3048 [ 602788BF364D43E5878AA1B4F85C232B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

16:38:41.0074 3048 IntcAzAudAddService - ok

16:38:41.0134 3048 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

16:38:41.0144 3048 IntcDAud - ok

16:38:41.0204 3048 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe

16:38:41.0224 3048 Intel® Capability Licensing Service Interface - ok

16:38:41.0284 3048 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

16:38:41.0284 3048 Intel® ME Service - ok

16:38:41.0324 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

16:38:41.0334 3048 intelide - ok

16:38:41.0374 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:38:41.0374 3048 intelppm - ok

16:38:41.0404 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:38:41.0404 3048 IPBusEnum - ok

16:38:41.0414 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:38:41.0424 3048 IpFilterDriver - ok

16:38:41.0464 3048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:38:41.0484 3048 iphlpsvc - ok

16:38:41.0494 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:38:41.0494 3048 IPMIDRV - ok

16:38:41.0504 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:38:41.0504 3048 IPNAT - ok

16:38:41.0564 3048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:38:41.0594 3048 iPod Service - ok

16:38:41.0624 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:38:41.0624 3048 IRENUM - ok

16:38:41.0634 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:38:41.0634 3048 isapnp - ok

16:38:41.0664 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:38:41.0674 3048 iScsiPrt - ok

16:38:41.0704 3048 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

16:38:41.0704 3048 iusb3hcs - ok

16:38:41.0744 3048 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

16:38:41.0754 3048 iusb3hub - ok

16:38:41.0794 3048 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

16:38:41.0804 3048 iusb3xhc - ok

16:38:41.0844 3048 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

16:38:41.0854 3048 jhi_service - ok

16:38:41.0894 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:38:41.0894 3048 kbdclass - ok

16:38:41.0904 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:38:41.0914 3048 kbdhid - ok

16:38:41.0934 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

16:38:41.0934 3048 KeyIso - ok

16:38:41.0994 3048 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys

16:38:42.0004 3048 KL1 - ok

16:38:42.0034 3048 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys

16:38:42.0034 3048 kl2 - ok

16:38:42.0074 3048 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys

16:38:42.0094 3048 KLIF - ok

16:38:42.0134 3048 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

16:38:42.0134 3048 KLIM6 - ok

16:38:42.0154 3048 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

16:38:42.0154 3048 klmouflt - ok

16:38:42.0184 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:38:42.0184 3048 KSecDD - ok

16:38:42.0214 3048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:38:42.0214 3048 KSecPkg - ok

16:38:42.0264 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:38:42.0264 3048 ksthunk - ok

16:38:42.0294 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

16:38:42.0314 3048 KtmRm - ok

16:38:42.0364 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

16:38:42.0374 3048 LanmanServer - ok

16:38:42.0414 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:38:42.0424 3048 LanmanWorkstation - ok

16:38:42.0454 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:38:42.0454 3048 lltdio - ok

16:38:42.0504 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:38:42.0514 3048 lltdsvc - ok

16:38:42.0534 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:38:42.0544 3048 lmhosts - ok

16:38:42.0644 3048 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:38:42.0644 3048 LMS - ok

16:38:42.0714 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:38:42.0734 3048 LSI_FC - ok

16:38:42.0774 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:38:42.0774 3048 LSI_SAS - ok

16:38:42.0794 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

16:38:42.0794 3048 LSI_SAS2 - ok

16:38:42.0814 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:38:42.0824 3048 LSI_SCSI - ok

16:38:42.0874 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

16:38:42.0884 3048 luafv - ok

16:38:43.0115 3048 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

16:38:43.0125 3048 MBAMProtector - ok

16:38:43.0525 3048 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:38:43.0535 3048 MBAMScheduler - ok

16:38:43.0595 3048 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:38:43.0615 3048 MBAMService - ok

16:38:43.0745 3048 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe

16:38:43.0745 3048 McComponentHostService - ok

16:38:43.0795 3048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:38:43.0805 3048 Mcx2Svc - ok

16:38:43.0835 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

16:38:43.0845 3048 megasas - ok

16:38:43.0885 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

16:38:43.0885 3048 MegaSR - ok

16:38:43.0915 3048 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

16:38:43.0915 3048 MEIx64 - ok

16:38:44.0265 3048 Microsoft SharePoint Workspace Audit Service - ok

16:38:44.0375 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

16:38:44.0375 3048 MMCSS - ok

16:38:44.0455 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:38:44.0455 3048 Modem - ok

16:38:44.0565 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:38:44.0575 3048 monitor - ok

16:38:44.0635 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:38:44.0645 3048 mouclass - ok

16:38:44.0685 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:38:44.0685 3048 mouhid - ok

16:38:44.0745 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:38:44.0745 3048 mountmgr - ok

16:38:44.0865 3048 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:38:44.0865 3048 MozillaMaintenance - ok

16:38:44.0905 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:38:44.0905 3048 mpio - ok

16:38:44.0915 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:38:44.0925 3048 mpsdrv - ok

16:38:45.0085 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:38:45.0155 3048 MpsSvc - ok

16:38:45.0185 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:38:45.0185 3048 MRxDAV - ok

16:38:45.0195 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:38:45.0205 3048 mrxsmb - ok

16:38:45.0215 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:38:45.0225 3048 mrxsmb10 - ok

16:38:45.0235 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:38:45.0235 3048 mrxsmb20 - ok

16:38:45.0245 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:38:45.0255 3048 msahci - ok

16:38:45.0265 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:38:45.0265 3048 msdsm - ok

16:38:45.0305 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

16:38:45.0315 3048 MSDTC - ok

16:38:45.0325 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:38:45.0335 3048 Msfs - ok

16:38:45.0375 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:38:45.0375 3048 mshidkmdf - ok

16:38:45.0395 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:38:45.0395 3048 msisadrv - ok

16:38:45.0435 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:38:45.0445 3048 MSiSCSI - ok

16:38:45.0445 3048 msiserver - ok

16:38:45.0475 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:38:45.0475 3048 MSKSSRV - ok

16:38:45.0495 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:38:45.0495 3048 MSPCLOCK - ok

16:38:45.0525 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:38:45.0525 3048 MSPQM - ok

16:38:45.0555 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:38:45.0565 3048 MsRPC - ok

16:38:45.0575 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

16:38:45.0575 3048 mssmbios - ok

16:38:45.0625 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:38:45.0625 3048 MSTEE - ok

16:38:45.0645 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

16:38:45.0645 3048 MTConfig - ok

16:38:45.0675 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:38:45.0675 3048 Mup - ok

16:38:45.0775 3048 [ D49740F2A4D81812AE9E63A77B9DD580 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

16:38:45.0815 3048 NACAgent - ok

16:38:45.0865 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

16:38:45.0875 3048 napagent - ok

16:38:45.0915 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:38:45.0925 3048 NativeWifiP - ok

16:38:45.0985 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:38:46.0005 3048 NDIS - ok

16:38:46.0065 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:38:46.0065 3048 NdisCap - ok

16:38:46.0085 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:38:46.0085 3048 NdisTapi - ok

16:38:46.0095 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:38:46.0095 3048 Ndisuio - ok

16:38:46.0115 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:38:46.0115 3048 NdisWan - ok

16:38:46.0125 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:38:46.0135 3048 NDProxy - ok

16:38:46.0145 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:38:46.0145 3048 NetBIOS - ok

16:38:46.0215 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:38:46.0215 3048 NetBT - ok

16:38:46.0235 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

16:38:46.0235 3048 Netlogon - ok

16:38:46.0285 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

16:38:46.0305 3048 Netman - ok

16:38:46.0385 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:46.0385 3048 NetMsmqActivator - ok

16:38:46.0395 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:46.0405 3048 NetPipeActivator - ok

16:38:46.0425 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

16:38:46.0435 3048 netprofm - ok

16:38:46.0445 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:46.0455 3048 NetTcpActivator - ok

16:38:46.0465 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:46.0465 3048 NetTcpPortSharing - ok

16:38:46.0485 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:38:46.0485 3048 nfrd960 - ok

16:38:46.0515 3048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:38:46.0525 3048 NlaSvc - ok

16:38:46.0535 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:38:46.0535 3048 Npfs - ok

16:38:46.0555 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:38:46.0555 3048 nsi - ok

16:38:46.0575 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:38:46.0575 3048 nsiproxy - ok

16:38:46.0675 3048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:38:46.0755 3048 Ntfs - ok

16:38:46.0785 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

16:38:46.0785 3048 Null - ok

16:38:47.0167 3048 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:38:47.0507 3048 nvlddmkm - ok

16:38:47.0567 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:38:47.0577 3048 nvraid - ok

16:38:47.0617 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:38:47.0617 3048 nvstor - ok

16:38:47.0647 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:38:47.0647 3048 nv_agp - ok

16:38:47.0727 3048 [ 7C3BE2E60DF8FA35525591884E6DEDD7 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

16:38:47.0727 3048 Oasis2Service - ok

16:38:47.0747 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:38:47.0757 3048 ohci1394 - ok

16:38:47.0817 3048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:38:47.0827 3048 ose - ok

16:38:48.0027 3048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:38:48.0207 3048 osppsvc - ok

16:38:48.0327 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:38:48.0327 3048 p2pimsvc - ok

16:38:48.0547 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:38:48.0567 3048 p2psvc - ok

16:38:48.0677 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

16:38:48.0677 3048 Parport - ok

16:38:48.0807 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:38:48.0807 3048 partmgr - ok

16:38:48.0837 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:38:48.0847 3048 PcaSvc - ok

16:38:48.0917 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

16:38:48.0917 3048 pci - ok

16:38:48.0927 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

16:38:48.0927 3048 pciide - ok

16:38:48.0977 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:38:48.0977 3048 pcmcia - ok

16:38:48.0987 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:38:48.0997 3048 pcw - ok

16:38:49.0057 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:38:49.0067 3048 PEAUTH - ok

16:38:49.0207 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:38:49.0207 3048 PerfHost - ok

16:38:49.0347 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

16:38:49.0397 3048 pla - ok

16:38:49.0457 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:38:49.0467 3048 PlugPlay - ok

16:38:49.0627 3048 [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

16:38:49.0637 3048 PMBDeviceInfoProvider - ok

16:38:49.0667 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:38:49.0667 3048 PNRPAutoReg - ok

16:38:49.0687 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:38:49.0697 3048 PNRPsvc - ok

16:38:49.0747 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:38:49.0757 3048 PolicyAgent - ok

16:38:49.0817 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

16:38:49.0817 3048 Power - ok

16:38:49.0857 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:38:49.0867 3048 PptpMiniport - ok

16:38:49.0877 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

16:38:49.0887 3048 Processor - ok

16:38:49.0907 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:38:49.0917 3048 ProfSvc - ok

16:38:49.0937 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:38:49.0937 3048 ProtectedStorage - ok

16:38:49.0977 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:38:49.0977 3048 Psched - ok

16:38:50.0087 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:38:50.0137 3048 ql2300 - ok

16:38:50.0167 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:38:50.0177 3048 ql40xx - ok

16:38:50.0277 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

16:38:50.0287 3048 QWAVE - ok

16:38:50.0297 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:38:50.0307 3048 QWAVEdrv - ok

16:38:50.0327 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:38:50.0337 3048 RasAcd - ok

16:38:50.0387 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:38:50.0387 3048 RasAgileVpn - ok

16:38:50.0417 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

16:38:50.0417 3048 RasAuto - ok

16:38:50.0427 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:38:50.0427 3048 Rasl2tp - ok

16:38:50.0457 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

16:38:50.0467 3048 RasMan - ok

16:38:50.0477 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:38:50.0477 3048 RasPppoe - ok

16:38:50.0507 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:38:50.0507 3048 RasSstp - ok

16:38:50.0527 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:38:50.0527 3048 rdbss - ok

16:38:50.0547 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

16:38:50.0547 3048 rdpbus - ok

16:38:50.0557 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:38:50.0567 3048 RDPCDD - ok

16:38:50.0587 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:38:50.0597 3048 RDPENCDD - ok

16:38:50.0637 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:38:50.0637 3048 RDPREFMP - ok

16:38:50.0687 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:38:50.0687 3048 RDPWD - ok

16:38:50.0707 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:38:50.0707 3048 rdyboost - ok

16:38:50.0747 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:38:50.0757 3048 RemoteAccess - ok

16:38:50.0777 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:38:50.0777 3048 RemoteRegistry - ok

16:38:50.0827 3048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

16:38:50.0827 3048 RFCOMM - ok

16:38:50.0837 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:38:50.0847 3048 RpcEptMapper - ok

16:38:50.0877 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

16:38:50.0877 3048 RpcLocator - ok

16:38:50.0907 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

16:38:50.0917 3048 RpcSs - ok

16:38:50.0987 3048 [ 9BD6DEBC9862FBE0C0467F0633B34962 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

16:38:50.0997 3048 RSPCIESTOR - ok

16:38:51.0057 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:38:51.0057 3048 rspndr - ok

16:38:51.0117 3048 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:38:51.0127 3048 RTL8167 - ok

16:38:51.0177 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

16:38:51.0187 3048 SamSs - ok

16:38:51.0207 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:38:51.0217 3048 sbp2port - ok

16:38:51.0247 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:38:51.0247 3048 SCardSvr - ok

16:38:51.0267 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:38:51.0267 3048 scfilter - ok

16:38:51.0337 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

16:38:51.0367 3048 Schedule - ok

16:38:51.0407 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:38:51.0407 3048 SCPolicySvc - ok

16:38:51.0417 3048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

16:38:51.0427 3048 sdbus - ok

16:38:51.0437 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:38:51.0437 3048 SDRSVC - ok

16:38:51.0457 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:38:51.0457 3048 secdrv - ok

16:38:51.0457 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

16:38:51.0467 3048 seclogon - ok

16:38:51.0467 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

16:38:51.0477 3048 SENS - ok

16:38:51.0497 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:38:51.0507 3048 SensrSvc - ok

16:38:51.0517 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

16:38:51.0517 3048 Serenum - ok

16:38:51.0547 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

16:38:51.0547 3048 Serial - ok

16:38:51.0577 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:38:51.0587 3048 sermouse - ok

16:38:51.0637 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:38:51.0647 3048 SessionEnv - ok

16:38:51.0697 3048 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys

16:38:51.0697 3048 SFEP - ok

16:38:51.0717 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:38:51.0717 3048 sffdisk - ok

16:38:51.0727 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:38:51.0737 3048 sffp_mmc - ok

16:38:51.0737 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:38:51.0747 3048 sffp_sd - ok

16:38:51.0757 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:38:51.0757 3048 sfloppy - ok

16:38:51.0797 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:38:51.0797 3048 SharedAccess - ok

16:38:51.0827 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:38:51.0837 3048 ShellHWDetection - ok

16:38:51.0847 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

16:38:51.0857 3048 SiSRaid2 - ok

16:38:51.0867 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:38:51.0867 3048 SiSRaid4 - ok

16:38:51.0897 3048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:38:51.0897 3048 SkypeUpdate - ok

16:38:51.0917 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:38:51.0917 3048 Smb - ok

16:38:51.0947 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:38:51.0957 3048 SNMPTRAP - ok

16:38:52.0097 3048 [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

16:38:52.0097 3048 SOHCImp - ok

16:38:52.0127 3048 [ 16FD95781117E13107D477AE36219E6F ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

16:38:52.0137 3048 SOHDs - ok

16:38:52.0167 3048 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

16:38:52.0167 3048 Sony SCSI Helper Service - ok

16:38:52.0267 3048 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

16:38:52.0267 3048 SpfService - ok

16:38:52.0317 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:38:52.0317 3048 spldr - ok

16:38:52.0357 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:38:52.0367 3048 Spooler - ok

16:38:52.0497 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

16:38:52.0607 3048 sppsvc - ok

16:38:52.0617 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:38:52.0627 3048 sppuinotify - ok

16:38:52.0647 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

16:38:52.0657 3048 srv - ok

16:38:52.0687 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:38:52.0697 3048 srv2 - ok

16:38:52.0717 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:38:52.0717 3048 srvnet - ok

16:38:52.0767 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:38:52.0777 3048 SSDPSRV - ok

16:38:52.0797 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:38:52.0797 3048 SstpSvc - ok

16:38:52.0807 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

16:38:52.0817 3048 stexstor - ok

16:38:52.0857 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

16:38:52.0887 3048 stisvc - ok

16:38:52.0897 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

16:38:52.0897 3048 swenum - ok

16:38:52.0937 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

16:38:52.0957 3048 swprv - ok

16:38:52.0987 3048 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

16:38:52.0997 3048 SynTP - ok

16:38:53.0067 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

16:38:53.0147 3048 SysMain - ok

16:38:53.0168 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:38:53.0178 3048 TabletInputService - ok

16:38:53.0188 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:38:53.0198 3048 TapiSrv - ok

16:38:53.0218 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

16:38:53.0218 3048 TBS - ok

16:38:53.0308 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:38:53.0368 3048 Tcpip - ok

16:38:53.0428 3048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:38:53.0458 3048 TCPIP6 - ok

16:38:53.0488 3048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:38:53.0488 3048 tcpipreg - ok

16:38:53.0508 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:38:53.0508 3048 TDPIPE - ok

16:38:53.0538 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:38:53.0538 3048 TDTCP - ok

16:38:53.0558 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:38:53.0568 3048 tdx - ok

16:38:53.0578 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

16:38:53.0578 3048 TermDD - ok

16:38:53.0658 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

16:38:53.0678 3048 TermService - ok

16:38:53.0698 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

16:38:53.0708 3048 Themes - ok

16:38:53.0788 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

16:38:53.0788 3048 THREADORDER - ok

16:38:53.0838 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

16:38:53.0848 3048 TrkWks - ok

16:38:54.0078 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:38:54.0088 3048 TrustedInstaller - ok

16:38:54.0148 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:38:54.0148 3048 tssecsrv - ok

16:38:54.0248 3048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:38:54.0258 3048 TsUsbFlt - ok

16:38:54.0318 3048 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

16:38:54.0318 3048 TsUsbGD - ok

16:38:54.0358 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:38:54.0358 3048 tunnel - ok

16:38:54.0368 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:38:54.0368 3048 uagp35 - ok

16:38:54.0438 3048 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

16:38:54.0438 3048 uCamMonitor - ok

16:38:54.0458 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:38:54.0468 3048 udfs - ok

16:38:54.0578 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:38:54.0578 3048 UI0Detect - ok

16:38:54.0618 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:38:54.0618 3048 uliagpkx - ok

16:38:54.0638 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:38:54.0638 3048 umbus - ok

16:38:54.0698 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

16:38:54.0698 3048 UmPass - ok

16:38:54.0778 3048 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:38:54.0778 3048 UNS - ok

16:38:54.0878 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

16:38:54.0888 3048 upnphost - ok

16:38:54.0948 3048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

16:38:54.0948 3048 USBAAPL64 - ok

16:38:54.0958 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:38:54.0958 3048 usbccgp - ok

16:38:55.0018 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:38:55.0018 3048 usbcir - ok

16:38:55.0058 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:38:55.0058 3048 usbehci - ok

16:38:55.0088 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:38:55.0108 3048 usbhub - ok

16:38:55.0118 3048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:38:55.0118 3048 usbohci - ok

16:38:55.0158 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:38:55.0158 3048 usbprint - ok

16:38:55.0218 3048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:38:55.0218 3048 usbscan - ok

16:38:55.0248 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:38:55.0258 3048 USBSTOR - ok

16:38:55.0268 3048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:38:55.0268 3048 usbuhci - ok

16:38:55.0338 3048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

16:38:55.0348 3048 usbvideo - ok

16:38:55.0368 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

16:38:55.0378 3048 UxSms - ok

16:38:55.0438 3048 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

16:38:55.0438 3048 VAIO Event Service - ok

16:38:55.0598 3048 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

16:38:55.0618 3048 VAIO Power Management - ok

16:38:55.0688 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

16:38:55.0688 3048 VaultSvc - ok

16:38:56.0018 3048 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

16:38:56.0058 3048 VCFw - ok

16:38:56.0108 3048 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

16:38:56.0128 3048 VcmIAlzMgr - ok

16:38:56.0208 3048 [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

16:38:56.0218 3048 VcmINSMgr - ok

16:38:56.0328 3048 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

16:38:56.0328 3048 VcmXmlIfHelper - ok

16:38:56.0438 3048 [ D076011ECD0D1310E879F32EBF3B4886 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe

16:38:56.0438 3048 VCService - ok

16:38:56.0488 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:38:56.0488 3048 vdrvroot - ok

16:38:56.0538 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

16:38:56.0548 3048 vds - ok

16:38:56.0558 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:38:56.0558 3048 vga - ok

16:38:56.0568 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

16:38:56.0578 3048 VgaSave - ok

16:38:56.0608 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:38:56.0618 3048 vhdmp - ok

16:38:56.0658 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:38:56.0668 3048 viaide - ok

16:38:56.0708 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:38:56.0708 3048 volmgr - ok

16:38:56.0728 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:38:56.0738 3048 volmgrx - ok

16:38:56.0778 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:38:56.0778 3048 volsnap - ok

16:38:56.0788 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:38:56.0798 3048 vsmraid - ok

16:38:56.0888 3048 [ 596E65BDEE804CC6658A39756CC61849 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

16:38:56.0918 3048 VSNService - ok

16:38:57.0379 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

16:38:57.0409 3048 VSS - ok

16:38:57.0699 3048 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

16:38:57.0719 3048 VUAgent - ok

16:38:57.0769 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

16:38:57.0769 3048 vwifibus - ok

16:38:57.0809 3048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

16:38:57.0809 3048 vwififlt - ok

16:38:57.0859 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

16:38:57.0869 3048 W32Time - ok

16:38:57.0889 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:38:57.0899 3048 WacomPen - ok

16:38:57.0949 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:38:57.0949 3048 WANARP - ok

16:38:57.0969 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:38:57.0969 3048 Wanarpv6 - ok

16:38:58.0069 3048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:38:58.0109 3048 WatAdminSvc - ok

16:38:58.0179 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

16:38:58.0259 3048 wbengine - ok

16:38:58.0269 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:38:58.0279 3048 WbioSrvc - ok

16:38:58.0299 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:38:58.0309 3048 wcncsvc - ok

16:38:58.0349 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:38:58.0349 3048 WcsPlugInService - ok

16:38:58.0369 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

16:38:58.0379 3048 Wd - ok

16:38:58.0399 3048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:38:58.0419 3048 Wdf01000 - ok

16:38:58.0449 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:38:58.0459 3048 WdiServiceHost - ok

16:38:58.0469 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:38:58.0479 3048 WdiSystemHost - ok

16:38:58.0499 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:38:58.0509 3048 WebClient - ok

16:38:58.0589 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:38:58.0609 3048 Wecsvc - ok

16:38:58.0629 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:38:58.0629 3048 wercplsupport - ok

16:38:58.0659 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:38:58.0659 3048 WerSvc - ok

16:38:58.0689 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:38:58.0689 3048 WfpLwf - ok

16:38:58.0709 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:38:58.0709 3048 WIMMount - ok

16:38:58.0729 3048 WinDefend - ok

16:38:58.0749 3048 WinHttpAutoProxySvc - ok

16:38:58.0829 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:38:58.0839 3048 Winmgmt - ok

16:38:58.0929 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

16:38:58.0999 3048 WinRM - ok

16:38:59.0069 3048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

16:38:59.0079 3048 WinUsb - ok

16:38:59.0139 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

16:38:59.0169 3048 Wlansvc - ok

16:38:59.0239 3048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:38:59.0239 3048 wlcrasvc - ok

16:38:59.0359 3048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:38:59.0389 3048 wlidsvc - ok

16:38:59.0529 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:38:59.0569 3048 WmiAcpi - ok

16:38:59.0639 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:38:59.0639 3048 wmiApSrv - ok

16:38:59.0679 3048 WMPNetworkSvc - ok

16:38:59.0739 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:38:59.0739 3048 WPCSvc - ok

16:38:59.0789 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:38:59.0799 3048 WPDBusEnum - ok

16:38:59.0819 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:38:59.0819 3048 ws2ifsl - ok

16:38:59.0849 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

16:38:59.0849 3048 wscsvc - ok

16:38:59.0859 3048 WSearch - ok

16:38:59.0969 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:39:00.0069 3048 wuauserv - ok

16:39:00.0119 3048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:39:00.0119 3048 WudfPf - ok

16:39:00.0149 3048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:39:00.0149 3048 WUDFRd - ok

16:39:00.0209 3048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:39:00.0219 3048 wudfsvc - ok

16:39:00.0239 3048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

16:39:00.0249 3048 WwanSvc - ok

16:39:00.0309 3048 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

16:39:00.0309 3048 ZAtheros Bt&Wlan Coex Agent - ok

16:39:00.0329 3048 ================ Scan global ===============================

16:39:00.0369 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

16:39:00.0419 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

16:39:00.0439 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

16:39:00.0499 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

16:39:00.0529 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

16:39:00.0539 3048 [Global] - ok

16:39:00.0539 3048 ================ Scan MBR ==================================

16:39:00.0559 3048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:39:00.0559 3048 Suspicious mbr (Forged): \Device\Harddisk0\DR0

16:39:00.0619 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

16:39:00.0619 3048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

16:39:00.0619 3048 ================ Scan VBR ==================================

16:39:00.0629 3048 [ 7FA58C318AF30B74C90B460DFE98E0A4 ] \Device\Harddisk0\DR0\Partition1

16:39:00.0629 3048 \Device\Harddisk0\DR0\Partition1 - ok

16:39:00.0659 3048 [ 1C65518377E3876FB1F6C0788798515C ] \Device\Harddisk0\DR0\Partition2

16:39:00.0659 3048 \Device\Harddisk0\DR0\Partition2 - ok

16:39:00.0659 3048 ============================================================

16:39:00.0659 3048 Scan finished

16:39:00.0659 3048 ============================================================

16:39:00.0689 6524 Detected object count: 1

16:39:00.0689 6524 Actual detected object count: 1

16:39:05.0111 6524 \Device\Harddisk0\DR0\# - copied to quarantine

16:39:05.0111 6524 \Device\Harddisk0\DR0 - copied to quarantine

16:39:05.0191 6524 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

16:39:05.0191 6524 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

16:39:05.0201 6524 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

16:39:05.0221 6524 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

16:39:05.0231 6524 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

16:39:05.0271 6524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

16:39:05.0271 6524 \Device\Harddisk0\DR0 - ok

16:39:05.0401 6524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

16:39:09.0713 4328 Deinitialize success

I scanned it one more time after reboot and there is nothing found :)

Link to post
Share on other sites

Good job!

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Hi Jeff,

After running combofix for almost an hour , I think it get stuck on Preparing Log Report.

I closed it after almost an hour of running it . and run it again.

It is still stuck on "Preparing Log Report" its almost a 30-45 mins now , should I wait more or what should I do exactly ?

Thank You

Link to post
Share on other sites

Wait about another 30 minutes. If it is still stuck reboot your system and see if there is a log located at C:\ComboFix.txt Post it if it is there....if not rerun ComboFix.

Link to post
Share on other sites

Got it , Thank You

ComboFix 12-11-10.02 - Hala 11/11/2012 17:49:27.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2245 [GMT -8:00]

Running from: c:\users\Hala\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\program files (x86)\TelevisionFanatic

c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E3BD1D2-2D93-4A45-B323-272F91988592}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{398183AA-5262-4015-8408-9C79E0F60B18}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FE09C4E-2791-4C46-9F4B-A235C9F0A866}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{632850D6-3C9E-4402-9B36-9118A323636C}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8674DF60-DBAD-4B61-932E-C8440FF2B246}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97DA38AB-01EF-44B5-8FF5-27CFCC26C401}.xps

c:\users\Hala\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D66C565-7965-4F7E-873D-53FFE51BAD30}.xps

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))

.

.

2012-11-12 01:59 . 2012-11-12 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll

2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia

2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla

2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll

2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco

2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee

2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload

2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c

2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki

2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-11 21:46 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-11 21:46 . 2012-06-26 16:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]

2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]

2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]

2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]

R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]

S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 34057632

*NewlyCreated* - 58960813

*Deregistered* - 34057632

*Deregistered* - 58960813

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 21:46]

.

2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job

- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpi

FF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

FF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.bin

FF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin

FF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{06b5b051-1d05-443d-822f-39ab0d05f018} - c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-11 18:22:50

ComboFix-quarantined-files.txt 2012-11-12 02:22

.

Pre-Run: 230,428,127,232 bytes free

Post-Run: 231,123,398,656 bytes free

.

- - End Of File - - 88D765933663A33D87A573189C93F7C0

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uURLSearchHooks: <No Name>: {06b5b051-1d05-443d-822f-39ab0d05f018} -
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll
    BHO: wxDownload Class: {47CA08BB-3387-E2F5-E7E6-5E0BA2B85343} - C:\ProgramData\wxDownload\509312840bb5f.ocx
    BHO: wxDownload Class: {8356F990-30E7-9A55-7BD9-7EEC0EC318F2} - C:\ProgramData\wxDownload\50775104de468.ocx
    TB: BringMeSports: {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll
    TB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} -
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

hi sorry for the late reply again here is the result

ComboFix 12-11-10.03 - Hala 11/11/2012 20:23:35.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2524 [GMT -8:00]

Running from: c:\users\Hala\Desktop\ComboFix.exe

Command switches used :: c:\users\Hala\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Hala\AppData\Local\{ADDAD481-506F-45D0-9D4F-E7050188877F}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))

.

.

2012-11-12 04:35 . 2012-11-12 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll

2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia

2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla

2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll

2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco

2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee

2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload

2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c

2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki

2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-11 21:46 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-11 21:46 . 2012-06-26 16:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]

2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]

2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]

2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]

R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]

S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 34057632

*NewlyCreated* - 58960813

*Deregistered* - 34057632

*Deregistered* - 58960813

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 21:46]

.

2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job

- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpi

FF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

FF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.bin

FF - ExtSQL: 2012-10-21 21:52; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin

FF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-11 20:39:51

ComboFix-quarantined-files.txt 2012-11-12 04:39

ComboFix2.txt 2012-11-12 02:23

.

Pre-Run: 231,177,515,008 bytes free

Post-Run: 231,114,182,656 bytes free

.

- - End Of File - - DA5977C5394BBEB7A1DE06CC0E83CD94

Link to post
Share on other sites

its still very slow. Should I format it ?
I had not even considered that yet, but if that is what you would like to do let me know. I don't see any reason to at the time being......there are many reasons a computer can be slow that is not malware....

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Hi It took a very long time for ESET to scan but here is the result

I have followed all your steps and cleared the java cache.

MBAB new log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.11.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hala :: HALA-VAIO [administrator]

Protection: Enabled

11/11/2012 9:58:51 PM

mbam-log-2012-11-11 (21-58-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206622

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hala\AppData\Local\Temp\8CDD.tmp (Trojan.Agent.EDDGen) -> Quarantined and deleted successfully.

(end)

ESET.txt

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll probably a variant of Win32/Toolbar.Babylon application

C:\ProgramData\wxDownload\50775104de468.ocx Win32/Adware.MultiPlug.D application

C:\ProgramData\wxDownload\5077520822f9f.ocx Win32/Adware.MultiPlug.D application

C:\ProgramData\wxDownload\509312840bb5f.ocx Win32/Adware.MultiPlug.D application

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan

C:\TDSSKiller_Quarantine\11.11.2012_16.38.23\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan

C:\Users\All Users\wxDownload\50775104de468.ocx Win32/Adware.MultiPlug.D application

C:\Users\All Users\wxDownload\5077520822f9f.ocx Win32/Adware.MultiPlug.D application

C:\Users\All Users\wxDownload\509312840bb5f.ocx Win32/Adware.MultiPlug.D application

C:\Users\Hala\Desktop\Downloads\SoftonicDownloader_for_tango.exe a variant of Win32/SoftonicDownloader.E application

Operating memory Win32/Adware.MultiPlug.D application

Thank You

Link to post
Share on other sites

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll
    C:\ProgramData\wxDownload\50775104de468.ocx
    C:\ProgramData\wxDownload\5077520822f9f.ocx
    C:\ProgramData\wxDownload\509312840bb5f.ocx
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

GOOD MORNING

Here is the log , thank you

ComboFix 12-11-12.02 - Hala 11/12/2012 10:39:02.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3996.2653 [GMT -8:00]

Running from: c:\users\Hala\Desktop\ComboFix.exe

Command switches used :: c:\users\Hala\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll"

"c:\programdata\wxDownload\50775104de468.ocx"

"c:\programdata\wxDownload\5077520822f9f.ocx"

"c:\programdata\wxDownload\509312840bb5f.ocx"

.

.

((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))

.

.

2012-11-12 18:49 . 2012-11-12 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-12 06:13 . 2012-11-12 06:13 -------- d-----w- c:\program files (x86)\ESET

2012-11-12 05:53 . 2012-11-12 05:53 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-12 05:52 . 2012-11-12 05:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-12 05:52 . 2012-11-12 05:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-12 05:52 . 2012-11-12 05:52 -------- d-----w- c:\program files (x86)\Java

2012-11-12 05:30 . 2012-11-12 05:30 190976 ----a-w- c:\programdata\Microsoft\Windows\DRM\2BB6.tmp.dat

2012-11-12 01:19 . 2012-11-12 01:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\offreg.dll

2012-11-12 00:39 . 2012-11-12 00:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Hala\AppData\Roaming\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\programdata\Malwarebytes

2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-11 19:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-09 21:46 . 2012-11-09 21:46 -------- d-----w- c:\users\Hala\AppData\Local\Macromedia

2012-11-09 21:45 . 2012-11-09 21:45 -------- d-----w- c:\users\Hala\AppData\Local\Mozilla

2012-11-09 19:04 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5AEDFC-EDDE-4A43-A770-BFFD5CAD0F4A}\mpengine.dll

2012-11-08 17:59 . 2012-11-08 17:59 -------- d-----w- c:\program files (x86)\Common Files\Cisco

2012-11-06 06:53 . 2012-11-06 06:53 -------- d-----w- c:\programdata\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\programdata\McAfee

2012-11-06 06:52 . 2012-11-08 06:53 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-11-06 06:52 . 2012-11-06 06:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\users\Hala\AppData\Local\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\Price Check by AOL

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\programdata\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\AOL Toolbar

2012-11-02 03:13 . 2012-11-02 03:13 -------- d-----w- c:\program files (x86)\WxDownload

2012-10-22 04:04 . 2012-10-22 04:04 -------- d-----w- c:\program files (x86)\BringMeSports_1c

2012-10-19 04:56 . 2012-10-19 04:56 -------- d-----w- c:\program files (x86)\Swiki

2012-10-19 04:53 . 2012-10-19 04:53 -------- d-----w- c:\users\Hala\AppData\Local\CRE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 05:31 . 2012-06-26 16:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 05:31 . 2012-06-26 16:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-17 00:50 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-14 19:19 . 2012-10-10 19:10 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 19:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 19:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 19:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 19:11 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 19:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-17 16:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-17 16:40 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-17 16:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-17 16:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 14:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-10-06 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-10 19:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 19:11 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 19:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 19:11 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 19:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 19:11 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 19:11 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 19:11 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 19:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 19:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 19:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 19:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 19:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 19:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 19:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{47CA08BB-3387-E2F5-E7E6-5E0BA2B85343}]

2012-11-02 00:23 129024 ----a-w- c:\programdata\wxDownload\509312840bb5f.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8356F990-30E7-9A55-7BD9-7EEC0EC318F2}]

2012-10-11 23:06 129024 ----a-w- c:\programdata\wxDownload\50775104de468.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D25B97E9-62B2-40CE-BECF-E43A7B879072}]

2012-09-04 17:57 270216 ----a-w- c:\program files (x86)\Price Check by AOL\aolpricecheck.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Facebook Update"="c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-02 138096]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-12-23 202296]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-03 610776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WXDOWN~2\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-22 112256]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]

R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-03 1269208]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-12-05 51200]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-13 363800]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-24 158880]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-24 68256]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-24 280992]

S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-24 421664]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-24 550560]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 05:31]

.

2012-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000Core.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2961923168-3939447232-3755786148-1000UA.job

- c:\users\Hala\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 18:03]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 19:18]

.

2012-11-12 c:\windows\Tasks\WxDFastUpdaterTask{1D514599-27E5-4CEC-9033-8EBBD91675E2}.job

- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-12 14:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2012-09-20 13:21; swiki@swiki.com; c:\program files (x86)\Mozilla Firefox\extensions\swiki@swiki.com.xpi

FF - ExtSQL: 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

FF - ExtSQL: 2012-10-21 21:04; 1cffxtbr@BringMeSports_1c.com; c:\program files (x86)\BringMeSports_1c\bar\1.bin

FF - ExtSQL: 2012-11-09 13:45; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Hala\AppData\Roaming\Mozilla\Firefox\Profiles\3rpp5pbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - ExtSQL: !HIDDEN! 2012-09-22 21:39; wcapturex@deskperience.com; c:\program files (x86)\WordWeb\WCaptureMoz

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-12 10:54:12

ComboFix-quarantined-files.txt 2012-11-12 18:54

ComboFix2.txt 2012-11-12 04:39

ComboFix3.txt 2012-11-12 02:23

.

Pre-Run: 229,842,362,368 bytes free

Post-Run: 229,561,270,272 bytes free

.

- - End Of File - - 9E427F0A7106BD3AFFA0F4CBBAFA72FB

Link to post
Share on other sites

What about ESET , I didn't remove those viruses.

I just did with ComboFix. :)

Also do you think I should uninstall Kaspersky ?
No...just keep it updated. :)

Any other malware problems??

Link to post
Share on other sites