Jump to content

Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>
The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Lannie at 19:08:00 on 2013-03-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2672 [GMT -6:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Lannie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Update\VUAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\taskhost.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lannie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sony.msn.com

uDefault_Page_URL = hxxp://sony.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

uRun: [Google Update] "C:\Users\Lannie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "C:\Users\Lannie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

StartupFolder: C:\Users\Lannie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{1C98567A-13BE-4ECA-BF7F-90A6CA4C210F} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{1C98567A-13BE-4ECA-BF7F-90A6CA4C210F}\05F6F607 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lannie\AppData\Roaming\Mozilla\Firefox\Profiles\cahlydyl.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Lannie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - ExtSQL: 2013-02-07 09:21; extension21804@extension21804.com; C:\Users\Lannie\AppData\Roaming\Mozilla\Firefox\Profiles\cahlydyl.default\extensions\extension21804@extension21804.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2013-2-24 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2013-2-24 1133216]

R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-1-22 45968]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-8 1388120]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2013-2-24 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSviA64.sys [2013-2-28 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2013-2-24 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2013-2-24 432800]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-18 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-9 2429544]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-1-14 66600]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2013-2-24 143928]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2012-2-18 14112]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-18 2656280]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-2-18 852160]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-2-17 75264]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-2-17 174080]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-2-17 81920]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-28 317440]

R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-1-22 26448]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-16 76912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-28 24176]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-9 340072]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-23 1286784]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 652016]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-21 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-02-28 22:19:15 -------- d-----w- C:\Users\Lannie\AppData\Roaming\SpeedyPC Software

2013-02-28 22:19:15 -------- d-----w- C:\Users\Lannie\AppData\Roaming\DriverCure

2013-02-28 22:18:48 -------- d-----w- C:\ProgramData\SpeedyPC Software

2013-02-28 16:32:19 -------- d-----w- C:\Users\Lannie\AppData\Roaming\Malwarebytes

2013-02-28 16:32:01 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-28 16:32:00 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-28 16:32:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-28 16:31:02 -------- d-----w- C:\Users\Lannie\AppData\Local\Programs

2013-02-26 15:04:39 -------- d-----w- C:\ProgramData\AVAST Software

2013-02-26 15:04:39 -------- d-----w- C:\Program Files\AVAST Software

2013-02-26 03:13:26 -------- d-----w- C:\Users\Lannie\AppData\Local\NPE

2013-02-26 02:51:34 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DF3D.tmp

2013-02-26 02:51:34 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DEFE.tmp

2013-02-24 20:29:44 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys

2013-02-24 20:29:44 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys

2013-02-24 20:29:44 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\srtspx64.sys

2013-02-24 20:29:44 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symelam.sys

2013-02-24 20:29:44 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys

2013-02-24 20:29:43 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\srtsp64.sys

2013-02-24 20:29:43 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys

2013-02-24 20:29:43 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys

2013-02-24 20:29:12 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402000.013

2013-02-18 01:59:09 -------- d-----w- C:\Users\Lannie\AppData\Local\Sony Corporation

2013-02-14 14:28:40 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 14:28:40 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 14:14:05 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 14:14:02 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 14:14:01 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 14:13:54 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 14:13:52 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 14:13:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 14:13:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 14:13:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 14:13:51 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 14:13:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 14:13:49 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 14:13:49 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-10 23:52:39 -------- d-----w- C:\Users\Lannie\AppData\Roaming\.minecraft

2013-02-07 15:22:08 -------- d-----w- C:\Users\Lannie\AppData\Local\Coupon Companion Plugin

2013-02-07 15:21:59 -------- d-----w- C:\Users\Lannie\AppData\Local\Updater21804

2013-02-07 15:21:52 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin

.

==================== Find3M ====================

.

2013-02-28 18:12:56 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-28 18:12:56 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-18 23:03:10 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-01-23 03:51:21 45968 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-06 02:39:44 7369552 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll

2013-01-06 02:39:40 26448 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

.

============= FINISH: 19:09:16.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/18/2012 11:30:50 AM

System Uptime: 2/28/2013 5:13:36 PM (26 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | N/A | 782/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 585 GiB total, 507.083 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

Adobe Shockwave Player 11.6

Amazon Kindle

AntiLogger SDK version 1.4.6.637

Application Manager for VAIO

ArcSoft WebCam Companion 4

Artweaver Free 3.1

Best Buy pc app

Bing Bar

BlackBerry Desktop Software 7.1

BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone

Conexant HD Audio

Constant Guard Protection Suite

Corel WinDVD

Coupon Companion Plugin

D3DX10

Google Chrome

Google Earth

Google Update Helper

Intel PROSet Wireless

Intel WiMAX Tutorial

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® Wireless Display

Intel® PROSet/Wireless WiMAX Software

Java Auto Updater

Java 6 Update 22

Java 6 Update 22 (64-bit)

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

Media Gallery

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Norton Security Suite

Oasis2Service 1.0

OOBE

OpenOffice.org 3.4.1

PlayReady PC Runtime amd64

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Realtek PCIE Card Reader

Remote Keyboard

Remote Play with PlayStation 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sony Corporation

Spotify

SSLx64

SSLx86

swMSM

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Improvement

VAIO Manual

VAIO Quick Web Access

VAIO Sample Contents

VAIO Satisfaction Survey.

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VCCx86

VESx64

VESx86

VGClientX64

VGClientX86

VIx64

VIx86

VLC media player 2.0.3

VSNx64

VU5x64

VU5x86

VWSTx86

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Wizard101

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lannie [Admin rights]

Mode : Scan -- Date : 03/01/2013 19:20:20

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] Updater21804.exe : C:\Users\Lannie\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [x] -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++

--- User ---

[MBR] 281b7e90e86850a4f52b272b6e8422bb

[bSP] 10f4efb134621df8d1499901d1707182 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10930 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22386688 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22591488 | Size: 599448 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 8699fc9f23505b85f04c70dc079e0dcf

[bSP] 10f4efb134621df8d1499901d1707182 : Windows 7/8 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10930 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22386688 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22591488 | Size: 599448 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 8699fc9f23505b85f04c70dc079e0dcf

[bSP] 10f4efb134621df8d1499901d1707182 : Windows 7/8 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10930 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22386688 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22591488 | Size: 599448 Mo

Finished : << RKreport[1]_S_03012013_02d1920.txt >>

RKreport[1]_S_03012013_02d1920.txt

Link to post
Share on other sites

Please uninstall > Coupon Companion Plugin <---- from your add/remove programs:

http://www.systemloo...LSID/76623.html

------------------------------

Then...............

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

19:29:54.0787 11676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:29:56.0005 11676 ============================================================

19:29:56.0005 11676 Current date / time: 2013/03/01 19:29:56.0005

19:29:56.0005 11676 SystemInfo:

19:29:56.0006 11676

19:29:56.0006 11676 OS Version: 6.1.7601 ServicePack: 1.0

19:29:56.0006 11676 Product type: Workstation

19:29:56.0006 11676 ComputerName: LANNIE-VAIO

19:29:56.0006 11676 UserName: Lannie

19:29:56.0006 11676 Windows directory: C:\Windows

19:29:56.0006 11676 System windows directory: C:\Windows

19:29:56.0007 11676 Running under WOW64

19:29:56.0007 11676 Processor architecture: Intel x64

19:29:56.0007 11676 Number of processors: 4

19:29:56.0007 11676 Page size: 0x1000

19:29:56.0007 11676 Boot type: Normal boot

19:29:56.0007 11676 ============================================================

19:29:57.0103 11676 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:29:57.0119 11676 ============================================================

19:29:57.0119 11676 \Device\Harddisk0\DR0:

19:29:57.0119 11676 MBR partitions:

19:29:57.0119 11676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1559800, BlocksNum 0x32000

19:29:57.0119 11676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x158B800, BlocksNum 0x492CC000

19:29:57.0119 11676 ============================================================

19:29:57.0157 11676 C: <-> \Device\Harddisk0\DR0\Partition2

19:29:57.0157 11676 ============================================================

19:29:57.0158 11676 Initialize success

19:29:57.0158 11676 ============================================================

19:31:28.0238 12196 ============================================================

19:31:28.0238 12196 Scan started

19:31:28.0239 12196 Mode: Manual;

19:31:28.0239 12196 ============================================================

19:31:29.0305 12196 ================ Scan system memory ========================

19:31:29.0306 12196 System memory - ok

19:31:29.0307 12196 ================ Scan services =============================

19:31:29.0516 12196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

19:31:29.0521 12196 1394ohci - ok

19:31:29.0617 12196 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

19:31:29.0619 12196 ACDaemon - ok

19:31:29.0649 12196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:31:29.0655 12196 ACPI - ok

19:31:29.0696 12196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:31:29.0697 12196 AcpiPmi - ok

19:31:29.0768 12196 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:31:29.0770 12196 AdobeARMservice - ok

19:31:29.0900 12196 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:31:29.0905 12196 AdobeFlashPlayerUpdateSvc - ok

19:31:29.0949 12196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

19:31:29.0957 12196 adp94xx - ok

19:31:29.0992 12196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

19:31:29.0998 12196 adpahci - ok

19:31:30.0013 12196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

19:31:30.0017 12196 adpu320 - ok

19:31:30.0060 12196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:31:30.0064 12196 AeLookupSvc - ok

19:31:30.0110 12196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:31:30.0119 12196 AFD - ok

19:31:30.0162 12196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:31:30.0164 12196 agp440 - ok

19:31:30.0189 12196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:31:30.0194 12196 ALG - ok

19:31:30.0214 12196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:31:30.0216 12196 aliide - ok

19:31:30.0226 12196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:31:30.0227 12196 amdide - ok

19:31:30.0238 12196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

19:31:30.0240 12196 AmdK8 - ok

19:31:30.0249 12196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

19:31:30.0251 12196 AmdPPM - ok

19:31:30.0291 12196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:31:30.0293 12196 amdsata - ok

19:31:30.0320 12196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

19:31:30.0324 12196 amdsbs - ok

19:31:30.0341 12196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:31:30.0342 12196 amdxata - ok

19:31:30.0401 12196 [ A3AD44406CA340AB36B8C72C5D057ED5 ] AntiLog32 C:\Windows\system32\drivers\AntiLog64.sys

19:31:30.0402 12196 AntiLog32 - ok

19:31:30.0462 12196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:31:30.0464 12196 AppID - ok

19:31:30.0486 12196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:31:30.0488 12196 AppIDSvc - ok

19:31:30.0508 12196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

19:31:30.0512 12196 Appinfo - ok

19:31:30.0536 12196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

19:31:30.0538 12196 arc - ok

19:31:30.0548 12196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

19:31:30.0550 12196 arcsas - ok

19:31:30.0657 12196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:31:30.0661 12196 aspnet_state - ok

19:31:30.0690 12196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:31:30.0691 12196 AsyncMac - ok

19:31:30.0713 12196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:31:30.0714 12196 atapi - ok

19:31:30.0776 12196 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys

19:31:30.0799 12196 athr - ok

19:31:30.0855 12196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:31:30.0883 12196 AudioEndpointBuilder - ok

19:31:30.0917 12196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:31:30.0928 12196 AudioSrv - ok

19:31:30.0973 12196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:31:30.0979 12196 AxInstSV - ok

19:31:31.0028 12196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

19:31:31.0036 12196 b06bdrv - ok

19:31:31.0083 12196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:31:31.0088 12196 b57nd60a - ok

19:31:31.0159 12196 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

19:31:31.0162 12196 BBSvc - ok

19:31:31.0223 12196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:31:31.0228 12196 BDESVC - ok

19:31:31.0265 12196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:31:31.0266 12196 Beep - ok

19:31:31.0324 12196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:31:31.0351 12196 BFE - ok

19:31:31.0686 12196 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

19:31:31.0708 12196 BHDrvx64 - ok

19:31:31.0754 12196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

19:31:31.0786 12196 BITS - ok

19:31:31.0812 12196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

19:31:31.0813 12196 blbdrive - ok

19:31:31.0850 12196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:31:31.0853 12196 bowser - ok

19:31:31.0878 12196 [ 3DCB409BCBD02AB0675682F8E42A410F ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys

19:31:31.0880 12196 bpenum - ok

19:31:31.0910 12196 [ 6C66EEF6669B14DF4F426990A1CA5112 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys

19:31:31.0914 12196 bpmp - ok

19:31:31.0927 12196 [ 2EE68405BBADE51CBE1C973FF3A1A400 ] bpusb C:\Windows\system32\Drivers\bpusb.sys

19:31:31.0929 12196 bpusb - ok

19:31:31.0968 12196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

19:31:31.0969 12196 BrFiltLo - ok

19:31:31.0985 12196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

19:31:31.0986 12196 BrFiltUp - ok

19:31:32.0032 12196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:31:32.0037 12196 Browser - ok

19:31:32.0051 12196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:31:32.0056 12196 Brserid - ok

19:31:32.0066 12196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:31:32.0068 12196 BrSerWdm - ok

19:31:32.0094 12196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:31:32.0095 12196 BrUsbMdm - ok

19:31:32.0103 12196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:31:32.0104 12196 BrUsbSer - ok

19:31:32.0134 12196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

19:31:32.0136 12196 BTHMODEM - ok

19:31:32.0176 12196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:31:32.0181 12196 bthserv - ok

19:31:32.0236 12196 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys

19:31:32.0243 12196 ccSet_N360 - ok

19:31:32.0273 12196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:31:32.0276 12196 cdfs - ok

19:31:32.0325 12196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:31:32.0328 12196 cdrom - ok

19:31:32.0360 12196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:31:32.0364 12196 CertPropSvc - ok

19:31:32.0386 12196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

19:31:32.0388 12196 circlass - ok

19:31:32.0421 12196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:31:32.0431 12196 CLFS - ok

19:31:32.0493 12196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:31:32.0495 12196 clr_optimization_v2.0.50727_32 - ok

19:31:32.0532 12196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:31:32.0534 12196 clr_optimization_v2.0.50727_64 - ok

19:31:32.0587 12196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:31:32.0590 12196 clr_optimization_v4.0.30319_32 - ok

19:31:32.0616 12196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:31:32.0620 12196 clr_optimization_v4.0.30319_64 - ok

19:31:32.0669 12196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

19:31:32.0670 12196 CmBatt - ok

19:31:32.0695 12196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:31:32.0697 12196 cmdide - ok

19:31:32.0749 12196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

19:31:32.0756 12196 CNG - ok

19:31:32.0842 12196 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

19:31:32.0867 12196 CnxtHdAudService - ok

19:31:32.0901 12196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

19:31:32.0902 12196 Compbatt - ok

19:31:32.0927 12196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

19:31:32.0929 12196 CompositeBus - ok

19:31:32.0949 12196 COMSysApp - ok

19:31:32.0989 12196 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

19:31:32.0994 12196 cphs - ok

19:31:33.0026 12196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

19:31:33.0028 12196 crcdisk - ok

19:31:33.0073 12196 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:31:33.0080 12196 CryptSvc - ok

19:31:33.0175 12196 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:31:33.0188 12196 cvhsvc - ok

19:31:33.0244 12196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:31:33.0266 12196 DcomLaunch - ok

19:31:33.0320 12196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:31:33.0329 12196 defragsvc - ok

19:31:33.0364 12196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:31:33.0366 12196 DfsC - ok

19:31:33.0411 12196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:31:33.0421 12196 Dhcp - ok

19:31:33.0476 12196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:31:33.0477 12196 discache - ok

19:31:33.0542 12196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

19:31:33.0544 12196 Disk - ok

19:31:33.0625 12196 [ EC9D64CC2DD8A4C6D11550F364890DB1 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

19:31:33.0633 12196 DMAgent - ok

19:31:33.0668 12196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:31:33.0675 12196 Dnscache - ok

19:31:33.0710 12196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:31:33.0719 12196 dot3svc - ok

19:31:33.0740 12196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:31:33.0746 12196 DPS - ok

19:31:33.0774 12196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:31:33.0775 12196 drmkaud - ok

19:31:33.0835 12196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:31:33.0851 12196 DXGKrnl - ok

19:31:33.0887 12196 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

19:31:33.0892 12196 e1yexpress - ok

19:31:33.0944 12196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:31:33.0949 12196 EapHost - ok

19:31:34.0073 12196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

19:31:34.0122 12196 ebdrv - ok

19:31:34.0190 12196 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:31:34.0196 12196 eeCtrl - ok

19:31:34.0241 12196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:31:34.0245 12196 EFS - ok

19:31:34.0529 12196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:31:34.0540 12196 ehRecvr - ok

19:31:34.0585 12196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:31:34.0588 12196 ehSched - ok

19:31:34.0640 12196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

19:31:34.0648 12196 elxstor - ok

19:31:34.0681 12196 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:31:34.0684 12196 EraserUtilRebootDrv - ok

19:31:34.0704 12196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:31:34.0706 12196 ErrDev - ok

19:31:34.0764 12196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:31:34.0772 12196 EventSystem - ok

19:31:34.0872 12196 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:31:34.0896 12196 EvtEng - ok

19:31:34.0934 12196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:31:34.0937 12196 exfat - ok

19:31:34.0975 12196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:31:34.0978 12196 fastfat - ok

19:31:35.0039 12196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:31:35.0072 12196 Fax - ok

19:31:35.0089 12196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

19:31:35.0091 12196 fdc - ok

19:31:35.0120 12196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:31:35.0122 12196 fdPHost - ok

19:31:35.0137 12196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:31:35.0140 12196 FDResPub - ok

19:31:35.0174 12196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:31:35.0176 12196 FileInfo - ok

19:31:35.0189 12196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:31:35.0190 12196 Filetrace - ok

19:31:35.0215 12196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

19:31:35.0216 12196 flpydisk - ok

19:31:35.0240 12196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:31:35.0245 12196 FltMgr - ok

19:31:35.0304 12196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

19:31:35.0347 12196 FontCache - ok

19:31:35.0381 12196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:31:35.0383 12196 FontCache3.0.0.0 - ok

19:31:35.0403 12196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:31:35.0405 12196 FsDepends - ok

19:31:35.0449 12196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:31:35.0450 12196 Fs_Rec - ok

19:31:35.0499 12196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:31:35.0503 12196 fvevol - ok

19:31:35.0533 12196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

19:31:35.0535 12196 gagp30kx - ok

19:31:35.0578 12196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:31:35.0610 12196 gpsvc - ok

19:31:35.0683 12196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:31:35.0687 12196 gupdate - ok

19:31:35.0704 12196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:31:35.0707 12196 gupdatem - ok

19:31:35.0731 12196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:31:35.0732 12196 hcw85cir - ok

19:31:35.0764 12196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:31:35.0770 12196 HdAudAddService - ok

19:31:35.0804 12196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

19:31:35.0806 12196 HDAudBus - ok

19:31:35.0814 12196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

19:31:35.0818 12196 HidBatt - ok

19:31:35.0834 12196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

19:31:35.0836 12196 HidBth - ok

19:31:35.0862 12196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

19:31:35.0863 12196 HidIr - ok

19:31:35.0891 12196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

19:31:35.0895 12196 hidserv - ok

19:31:35.0923 12196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

19:31:35.0925 12196 HidUsb - ok

19:31:35.0947 12196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:31:35.0953 12196 hkmsvc - ok

19:31:35.0983 12196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:31:35.0992 12196 HomeGroupListener - ok

19:31:36.0021 12196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:31:36.0030 12196 HomeGroupProvider - ok

19:31:36.0067 12196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:31:36.0070 12196 HpSAMD - ok

19:31:36.0110 12196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:31:36.0123 12196 HTTP - ok

19:31:36.0147 12196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:31:36.0148 12196 hwpolicy - ok

19:31:36.0175 12196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

19:31:36.0177 12196 i8042prt - ok

19:31:36.0224 12196 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys

19:31:36.0232 12196 iaStor - ok

19:31:36.0291 12196 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

19:31:36.0292 12196 IAStorDataMgrSvc - ok

19:31:36.0344 12196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:31:36.0351 12196 iaStorV - ok

19:31:36.0469 12196 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

19:31:36.0506 12196 IconMan_R - ok

19:31:36.0553 12196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:31:36.0585 12196 idsvc - ok

19:31:36.0770 12196 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys

19:31:36.0779 12196 IDSVia64 - ok

19:31:36.0848 12196 [ 5949989FFE62C5EC8B91B9A37D658B90 ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

19:31:36.0851 12196 IDVaultSvc - ok

19:31:37.0231 12196 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

19:31:37.0445 12196 igfx - ok

19:31:37.0558 12196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

19:31:37.0560 12196 iirsp - ok

19:31:37.0607 12196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:31:37.0639 12196 IKEEXT - ok

19:31:37.0693 12196 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

19:31:37.0699 12196 IntcDAud - ok

19:31:37.0723 12196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:31:37.0724 12196 intelide - ok

19:31:37.0751 12196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:31:37.0753 12196 intelppm - ok

19:31:37.0790 12196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:31:37.0796 12196 IPBusEnum - ok

19:31:37.0828 12196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:31:37.0830 12196 IpFilterDriver - ok

19:31:37.0880 12196 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:31:37.0905 12196 iphlpsvc - ok

19:31:37.0914 12196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:31:37.0916 12196 IPMIDRV - ok

19:31:37.0929 12196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:31:37.0931 12196 IPNAT - ok

19:31:37.0964 12196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:31:37.0965 12196 IRENUM - ok

19:31:37.0982 12196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:31:37.0983 12196 isapnp - ok

19:31:38.0013 12196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:31:38.0018 12196 iScsiPrt - ok

19:31:38.0074 12196 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

19:31:38.0077 12196 IviRegMgr - ok

19:31:38.0107 12196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

19:31:38.0109 12196 kbdclass - ok

19:31:38.0142 12196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

19:31:38.0144 12196 kbdhid - ok

19:31:38.0185 12196 [ 0A0E659C3DEA3B5E59ECC9B31EC1A050 ] keycrypt C:\Windows\system32\DRIVERS\KeyCrypt64.sys

19:31:38.0186 12196 keycrypt - ok

19:31:38.0209 12196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:31:38.0212 12196 KeyIso - ok

19:31:38.0237 12196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:31:38.0239 12196 KSecDD - ok

19:31:38.0278 12196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:31:38.0281 12196 KSecPkg - ok

19:31:38.0311 12196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:31:38.0312 12196 ksthunk - ok

19:31:38.0385 12196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:31:38.0413 12196 KtmRm - ok

19:31:38.0467 12196 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

19:31:38.0469 12196 L1C - ok

19:31:38.0512 12196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

19:31:38.0521 12196 LanmanServer - ok

19:31:38.0618 12196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:31:38.0628 12196 LanmanWorkstation - ok

19:31:38.0665 12196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:31:38.0667 12196 lltdio - ok

19:31:38.0688 12196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:31:38.0709 12196 lltdsvc - ok

19:31:38.0745 12196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:31:38.0748 12196 lmhosts - ok

19:31:38.0801 12196 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:31:38.0808 12196 LMS - ok

19:31:38.0848 12196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

19:31:38.0850 12196 LSI_FC - ok

19:31:38.0866 12196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

19:31:38.0869 12196 LSI_SAS - ok

19:31:38.0878 12196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

19:31:38.0880 12196 LSI_SAS2 - ok

19:31:38.0890 12196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

19:31:38.0893 12196 LSI_SCSI - ok

19:31:38.0912 12196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:31:38.0915 12196 luafv - ok

19:31:38.0983 12196 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

19:31:38.0984 12196 MBAMProtector - ok

19:31:39.0056 12196 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:31:39.0063 12196 MBAMScheduler - ok

19:31:39.0128 12196 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:31:39.0138 12196 MBAMService - ok

19:31:39.0214 12196 [ 98E19D3FCAAE0236816E4942C5771F89 ] McComponentHostServiceSony C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe

19:31:39.0219 12196 McComponentHostServiceSony - ok

19:31:39.0252 12196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:31:39.0260 12196 Mcx2Svc - ok

19:31:39.0288 12196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

19:31:39.0290 12196 megasas - ok

19:31:39.0304 12196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

19:31:39.0311 12196 MegaSR - ok

19:31:39.0344 12196 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

19:31:39.0346 12196 MEIx64 - ok

19:31:39.0365 12196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:31:39.0369 12196 MMCSS - ok

19:31:39.0395 12196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:31:39.0397 12196 Modem - ok

19:31:39.0423 12196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:31:39.0425 12196 monitor - ok

19:31:39.0457 12196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

19:31:39.0459 12196 mouclass - ok

19:31:39.0491 12196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:31:39.0493 12196 mouhid - ok

19:31:39.0520 12196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:31:39.0522 12196 mountmgr - ok

19:31:39.0579 12196 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:31:39.0581 12196 MozillaMaintenance - ok

19:31:39.0603 12196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:31:39.0606 12196 mpio - ok

19:31:39.0631 12196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:31:39.0633 12196 mpsdrv - ok

19:31:39.0677 12196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:31:39.0709 12196 MpsSvc - ok

19:31:39.0719 12196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:31:39.0722 12196 MRxDAV - ok

19:31:39.0748 12196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:31:39.0751 12196 mrxsmb - ok

19:31:39.0775 12196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:31:39.0781 12196 mrxsmb10 - ok

19:31:39.0803 12196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:31:39.0806 12196 mrxsmb20 - ok

19:31:39.0828 12196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:31:39.0830 12196 msahci - ok

19:31:39.0841 12196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:31:39.0844 12196 msdsm - ok

19:31:39.0884 12196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:31:39.0892 12196 MSDTC - ok

19:31:39.0928 12196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:31:39.0930 12196 Msfs - ok

19:31:39.0947 12196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:31:39.0949 12196 mshidkmdf - ok

19:31:39.0965 12196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:31:39.0966 12196 msisadrv - ok

19:31:40.0011 12196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:31:40.0019 12196 MSiSCSI - ok

19:31:40.0027 12196 msiserver - ok

19:31:40.0065 12196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:31:40.0066 12196 MSKSSRV - ok

19:31:40.0079 12196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:31:40.0081 12196 MSPCLOCK - ok

19:31:40.0095 12196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:31:40.0096 12196 MSPQM - ok

19:31:40.0125 12196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:31:40.0132 12196 MsRPC - ok

19:31:40.0155 12196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

19:31:40.0157 12196 mssmbios - ok

19:31:40.0171 12196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:31:40.0173 12196 MSTEE - ok

19:31:40.0196 12196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

19:31:40.0198 12196 MTConfig - ok

19:31:40.0212 12196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:31:40.0214 12196 Mup - ok

19:31:40.0273 12196 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

19:31:40.0279 12196 MyWiFiDHCPDNS - ok

19:31:40.0371 12196 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

19:31:40.0375 12196 N360 - ok

19:31:40.0422 12196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:31:40.0443 12196 napagent - ok

19:31:40.0500 12196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:31:40.0506 12196 NativeWifiP - ok

19:31:40.0562 12196 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130301.019\ENG64.SYS

19:31:40.0565 12196 NAVENG - ok

19:31:40.0668 12196 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130301.019\EX64.SYS

19:31:40.0699 12196 NAVEX15 - ok

19:31:40.0770 12196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:31:40.0785 12196 NDIS - ok

19:31:40.0815 12196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:31:40.0817 12196 NdisCap - ok

19:31:40.0842 12196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:31:40.0844 12196 NdisTapi - ok

19:31:40.0878 12196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:31:40.0880 12196 Ndisuio - ok

19:31:40.0905 12196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:31:40.0909 12196 NdisWan - ok

19:31:40.0937 12196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:31:40.0939 12196 NDProxy - ok

19:31:40.0958 12196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:31:40.0960 12196 NetBIOS - ok

19:31:40.0983 12196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:31:40.0988 12196 NetBT - ok

19:31:41.0014 12196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:31:41.0017 12196 Netlogon - ok

19:31:41.0069 12196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:31:41.0090 12196 Netman - ok

19:31:41.0153 12196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:31:41.0156 12196 NetMsmqActivator - ok

19:31:41.0174 12196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:31:41.0176 12196 NetPipeActivator - ok

19:31:41.0208 12196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:31:41.0230 12196 netprofm - ok

19:31:41.0246 12196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:31:41.0249 12196 NetTcpActivator - ok

19:31:41.0266 12196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:31:41.0269 12196 NetTcpPortSharing - ok

19:31:41.0520 12196 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

19:31:41.0644 12196 NETwNs64 - ok

19:31:41.0681 12196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

19:31:41.0683 12196 nfrd960 - ok

19:31:41.0726 12196 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:31:41.0747 12196 NlaSvc - ok

19:31:41.0764 12196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:31:41.0766 12196 Npfs - ok

19:31:41.0787 12196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:31:41.0792 12196 nsi - ok

19:31:41.0825 12196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:31:41.0826 12196 nsiproxy - ok

19:31:41.0892 12196 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:31:41.0917 12196 Ntfs - ok

19:31:41.0936 12196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:31:41.0938 12196 Null - ok

19:31:42.0263 12196 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:31:42.0407 12196 nvlddmkm - ok

19:31:42.0586 12196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:31:42.0589 12196 nvraid - ok

19:31:42.0612 12196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:31:42.0615 12196 nvstor - ok

19:31:42.0626 12196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:31:42.0629 12196 nv_agp - ok

19:31:42.0669 12196 [ 1D2DB985CB27A4B238E418BD5B25E7F2 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

19:31:42.0670 12196 Oasis2Service - ok

19:31:42.0691 12196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:31:42.0693 12196 ohci1394 - ok

19:31:42.0731 12196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:31:42.0734 12196 ose - ok

19:31:42.0906 12196 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:31:42.0978 12196 osppsvc - ok

19:31:43.0019 12196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:31:43.0040 12196 p2pimsvc - ok

19:31:43.0070 12196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:31:43.0095 12196 p2psvc - ok

19:31:43.0118 12196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

19:31:43.0120 12196 Parport - ok

19:31:43.0148 12196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:31:43.0151 12196 partmgr - ok

19:31:43.0179 12196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:31:43.0188 12196 PcaSvc - ok

19:31:43.0211 12196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:31:43.0214 12196 pci - ok

19:31:43.0227 12196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:31:43.0228 12196 pciide - ok

19:31:43.0254 12196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

19:31:43.0259 12196 pcmcia - ok

19:31:43.0278 12196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:31:43.0280 12196 pcw - ok

19:31:43.0316 12196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:31:43.0328 12196 PEAUTH - ok

19:31:43.0458 12196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:31:43.0460 12196 PerfHost - ok

19:31:43.0539 12196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:31:43.0592 12196 pla - ok

19:31:43.0634 12196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:31:43.0646 12196 PlugPlay - ok

19:31:43.0711 12196 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

19:31:43.0718 12196 PMBDeviceInfoProvider - ok

19:31:43.0748 12196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:31:43.0754 12196 PNRPAutoReg - ok

19:31:43.0779 12196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:31:43.0787 12196 PNRPsvc - ok

19:31:43.0827 12196 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

19:31:43.0829 12196 Point64 - ok

19:31:43.0866 12196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:31:43.0887 12196 PolicyAgent - ok

19:31:43.0931 12196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:31:43.0940 12196 Power - ok

19:31:43.0977 12196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:31:43.0980 12196 PptpMiniport - ok

19:31:44.0016 12196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

19:31:44.0018 12196 Processor - ok

19:31:44.0051 12196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:31:44.0072 12196 ProfSvc - ok

19:31:44.0086 12196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:31:44.0090 12196 ProtectedStorage - ok

19:31:44.0121 12196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:31:44.0124 12196 Psched - ok

19:31:44.0175 12196 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

19:31:44.0178 12196 PSI_SVC_2 - ok

19:31:44.0233 12196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

19:31:44.0256 12196 ql2300 - ok

19:31:44.0272 12196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

19:31:44.0275 12196 ql40xx - ok

19:31:44.0303 12196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:31:44.0324 12196 QWAVE - ok

19:31:44.0342 12196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:31:44.0344 12196 QWAVEdrv - ok

19:31:44.0354 12196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:31:44.0356 12196 RasAcd - ok

19:31:44.0391 12196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:31:44.0393 12196 RasAgileVpn - ok

19:31:44.0433 12196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:31:44.0440 12196 RasAuto - ok

19:31:44.0462 12196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:31:44.0465 12196 Rasl2tp - ok

19:31:44.0497 12196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:31:44.0519 12196 RasMan - ok

19:31:44.0545 12196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:31:44.0548 12196 RasPppoe - ok

19:31:44.0571 12196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:31:44.0573 12196 RasSstp - ok

19:31:44.0609 12196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:31:44.0614 12196 rdbss - ok

19:31:44.0634 12196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

19:31:44.0636 12196 rdpbus - ok

19:31:44.0676 12196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:31:44.0678 12196 RDPCDD - ok

19:31:44.0717 12196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:31:44.0718 12196 RDPENCDD - ok

19:31:44.0756 12196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:31:44.0758 12196 RDPREFMP - ok

19:31:44.0805 12196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:31:44.0809 12196 RDPWD - ok

19:31:44.0872 12196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:31:44.0877 12196 rdyboost - ok

19:31:44.0916 12196 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys

19:31:44.0917 12196 regi - ok

19:31:44.0991 12196 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:31:45.0001 12196 RegSrvc - ok

19:31:45.0032 12196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:31:45.0038 12196 RemoteAccess - ok

19:31:45.0072 12196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:31:45.0082 12196 RemoteRegistry - ok

19:31:45.0112 12196 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

19:31:45.0115 12196 RimUsb - ok

19:31:45.0208 12196 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

19:31:45.0209 12196 RimVSerPort - ok

19:31:45.0290 12196 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

19:31:45.0292 12196 ROOTMODEM - ok

19:31:45.0382 12196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:31:45.0391 12196 RpcEptMapper - ok

19:31:45.0423 12196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:31:45.0428 12196 RpcLocator - ok

19:31:45.0462 12196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:31:45.0473 12196 RpcSs - ok

19:31:45.0517 12196 [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

19:31:45.0523 12196 RSPCIESTOR - ok

19:31:45.0560 12196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:31:45.0562 12196 rspndr - ok

19:31:45.0617 12196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:31:45.0620 12196 SamSs - ok

19:31:45.0654 12196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:31:45.0656 12196 sbp2port - ok

19:31:45.0695 12196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:31:45.0706 12196 SCardSvr - ok

19:31:45.0728 12196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:31:45.0729 12196 scfilter - ok

19:31:45.0776 12196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:31:45.0820 12196 Schedule - ok

19:31:45.0851 12196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:31:45.0854 12196 SCPolicySvc - ok

19:31:45.0896 12196 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

19:31:45.0899 12196 sdbus - ok

19:31:45.0930 12196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:31:45.0939 12196 SDRSVC - ok

19:31:45.0990 12196 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

19:31:45.0995 12196 SeaPort - ok

19:31:46.0019 12196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:31:46.0021 12196 secdrv - ok

19:31:46.0048 12196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:31:46.0054 12196 seclogon - ok

19:31:46.0085 12196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

19:31:46.0092 12196 SENS - ok

19:31:46.0125 12196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:31:46.0133 12196 SensrSvc - ok

19:31:46.0163 12196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

19:31:46.0165 12196 Serenum - ok

19:31:46.0174 12196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

19:31:46.0176 12196 Serial - ok

19:31:46.0194 12196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

19:31:46.0196 12196 sermouse - ok

19:31:46.0238 12196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:31:46.0245 12196 SessionEnv - ok

19:31:46.0287 12196 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys

19:31:46.0288 12196 SFEP - ok

19:31:46.0298 12196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:31:46.0300 12196 sffdisk - ok

19:31:46.0320 12196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:31:46.0321 12196 sffp_mmc - ok

19:31:46.0330 12196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:31:46.0332 12196 sffp_sd - ok

19:31:46.0352 12196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

19:31:46.0354 12196 sfloppy - ok

19:31:46.0407 12196 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

19:31:46.0419 12196 Sftfs - ok

19:31:46.0472 12196 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

19:31:46.0480 12196 sftlist - ok

19:31:46.0515 12196 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:31:46.0519 12196 Sftplay - ok

19:31:46.0537 12196 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:31:46.0539 12196 Sftredir - ok

19:31:46.0562 12196 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

19:31:46.0564 12196 Sftvol - ok

19:31:46.0581 12196 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

19:31:46.0585 12196 sftvsa - ok

19:31:46.0622 12196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:31:46.0643 12196 SharedAccess - ok

19:31:46.0688 12196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:31:46.0709 12196 ShellHWDetection - ok

19:31:46.0745 12196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

19:31:46.0747 12196 SiSRaid2 - ok

19:31:46.0769 12196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

19:31:46.0771 12196 SiSRaid4 - ok

19:31:46.0791 12196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:31:46.0795 12196 Smb - ok

19:31:46.0843 12196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:31:46.0849 12196 SNMPTRAP - ok

19:31:46.0904 12196 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

19:31:46.0907 12196 SOHCImp - ok

19:31:46.0928 12196 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

19:31:46.0930 12196 SOHDs - ok

19:31:46.0974 12196 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

19:31:46.0979 12196 SpfService - ok

19:31:47.0007 12196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:31:47.0009 12196 spldr - ok

19:31:47.0050 12196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:31:47.0075 12196 Spooler - ok

19:31:47.0182 12196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:31:47.0298 12196 sppsvc - ok

19:31:47.0343 12196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:31:47.0350 12196 sppuinotify - ok

19:31:47.0448 12196 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

19:31:47.0480 12196 SRTSP - ok

19:31:47.0503 12196 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

19:31:47.0505 12196 SRTSPX - ok

19:31:47.0541 12196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:31:47.0549 12196 srv - ok

19:31:47.0577 12196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:31:47.0584 12196 srv2 - ok

19:31:47.0618 12196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:31:47.0621 12196 srvnet - ok

19:31:47.0668 12196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:31:47.0676 12196 SSDPSRV - ok

19:31:47.0694 12196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:31:47.0701 12196 SstpSvc - ok

19:31:47.0726 12196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

19:31:47.0727 12196 stexstor - ok

19:31:47.0777 12196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:31:47.0805 12196 stisvc - ok

19:31:47.0823 12196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

19:31:47.0824 12196 swenum - ok

19:31:47.0857 12196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:31:47.0885 12196 swprv - ok

19:31:47.0921 12196 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

19:31:47.0942 12196 SymDS - ok

19:31:48.0016 12196 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

19:31:48.0059 12196 SymEFA - ok

19:31:48.0108 12196 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

19:31:48.0112 12196 SymEvent - ok

19:31:48.0151 12196 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS

19:31:48.0159 12196 SymIRON - ok

19:31:48.0187 12196 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

19:31:48.0209 12196 SymNetS - ok

19:31:48.0275 12196 [ C43E3CA9C672B2EC30B66CCE0B89BD36 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

19:31:48.0296 12196 SynTP - ok

19:31:48.0369 12196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:31:48.0442 12196 SysMain - ok

19:31:48.0472 12196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:31:48.0479 12196 TabletInputService - ok

19:31:48.0508 12196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:31:48.0530 12196 TapiSrv - ok

19:31:48.0553 12196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:31:48.0559 12196 TBS - ok

19:31:48.0631 12196 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:31:48.0660 12196 Tcpip - ok

19:31:48.0744 12196 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:31:48.0772 12196 TCPIP6 - ok

19:31:48.0807 12196 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:31:48.0809 12196 tcpipreg - ok

19:31:48.0840 12196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:31:48.0842 12196 TDPIPE - ok

19:31:48.0863 12196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:31:48.0865 12196 TDTCP - ok

19:31:48.0888 12196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:31:48.0891 12196 tdx - ok

19:31:48.0918 12196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

19:31:48.0921 12196 TermDD - ok

19:31:48.0971 12196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:31:49.0003 12196 TermService - ok

19:31:49.0033 12196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:31:49.0039 12196 Themes - ok

19:31:49.0065 12196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:31:49.0069 12196 THREADORDER - ok

19:31:49.0091 12196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:31:49.0099 12196 TrkWks - ok

19:31:49.0143 12196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:31:49.0147 12196 TrustedInstaller - ok

19:31:49.0163 12196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:31:49.0165 12196 tssecsrv - ok

19:31:49.0205 12196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:31:49.0207 12196 TsUsbFlt - ok

19:31:49.0216 12196 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

19:31:49.0218 12196 TsUsbGD - ok

19:31:49.0244 12196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:31:49.0247 12196 tunnel - ok

19:31:49.0256 12196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

19:31:49.0259 12196 uagp35 - ok

19:31:49.0286 12196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:31:49.0292 12196 udfs - ok

19:31:49.0327 12196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:31:49.0334 12196 UI0Detect - ok

19:31:49.0351 12196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:31:49.0353 12196 uliagpkx - ok

19:31:49.0392 12196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

19:31:49.0394 12196 umbus - ok

19:31:49.0413 12196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

19:31:49.0416 12196 UmPass - ok

19:31:49.0537 12196 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:31:49.0576 12196 UNS - ok

19:31:49.0617 12196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:31:49.0639 12196 upnphost - ok

19:31:49.0669 12196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:31:49.0672 12196 usbccgp - ok

19:31:49.0709 12196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:31:49.0712 12196 usbcir - ok

19:31:49.0731 12196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

19:31:49.0733 12196 usbehci - ok

19:31:49.0775 12196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:31:49.0781 12196 usbhub - ok

19:31:49.0807 12196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

19:31:49.0809 12196 usbohci - ok

19:31:49.0839 12196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

19:31:49.0841 12196 usbprint - ok

19:31:49.0859 12196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:31:49.0861 12196 USBSTOR - ok

19:31:49.0881 12196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

19:31:49.0884 12196 usbuhci - ok

19:31:49.0918 12196 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

19:31:49.0922 12196 usbvideo - ok

19:31:49.0951 12196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:31:49.0957 12196 UxSms - ok

19:31:49.0992 12196 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

19:31:49.0994 12196 VAIO Event Service - ok

19:31:50.0015 12196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:31:50.0019 12196 VaultSvc - ok

19:31:50.0089 12196 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

19:31:50.0103 12196 VCFw - ok

19:31:50.0182 12196 [ BFFDE5AF83DBEF61F8AFE1781482521D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

19:31:50.0193 12196 VcmIAlzMgr - ok

19:31:50.0233 12196 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

19:31:50.0240 12196 VcmINSMgr - ok

19:31:50.0278 12196 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

19:31:50.0281 12196 VcmXmlIfHelper - ok

19:31:50.0376 12196 [ 8F0840FF3A11D6B3F767AD6C79AC2A40 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe

19:31:50.0378 12196 VCService - ok

19:31:50.0414 12196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:31:50.0416 12196 vdrvroot - ok

19:31:50.0460 12196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:31:50.0488 12196 vds - ok

19:31:50.0519 12196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:31:50.0520 12196 vga - ok

19:31:50.0534 12196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:31:50.0536 12196 VgaSave - ok

19:31:50.0564 12196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

19:31:50.0568 12196 vhdmp - ok

19:31:50.0582 12196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:31:50.0584 12196 viaide - ok

19:31:50.0601 12196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:31:50.0603 12196 volmgr - ok

19:31:50.0624 12196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:31:50.0630 12196 volmgrx - ok

19:31:50.0661 12196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:31:50.0667 12196 volsnap - ok

19:31:50.0698 12196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

19:31:50.0702 12196 vsmraid - ok

19:31:50.0770 12196 [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

19:31:50.0783 12196 VSNService - ok

19:31:50.0864 12196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:31:50.0917 12196 VSS - ok

19:31:51.0005 12196 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe

19:31:51.0024 12196 VUAgent - ok

19:31:51.0047 12196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

19:31:51.0049 12196 vwifibus - ok

19:31:51.0073 12196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

19:31:51.0075 12196 vwififlt - ok

19:31:51.0094 12196 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

19:31:51.0095 12196 vwifimp - ok

19:31:51.0134 12196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:31:51.0155 12196 W32Time - ok

19:31:51.0191 12196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

19:31:51.0192 12196 WacomPen - ok

19:31:51.0228 12196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:31:51.0231 12196 WANARP - ok

19:31:51.0259 12196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:31:51.0262 12196 Wanarpv6 - ok

19:31:51.0363 12196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

19:31:51.0406 12196 WatAdminSvc - ok

19:31:51.0483 12196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:31:51.0547 12196 wbengine - ok

19:31:51.0575 12196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:31:51.0596 12196 WbioSrvc - ok

19:31:51.0622 12196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:31:51.0643 12196 wcncsvc - ok

19:31:51.0661 12196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:31:51.0669 12196 WcsPlugInService - ok

19:31:51.0704 12196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

19:31:51.0706 12196 Wd - ok

19:31:51.0750 12196 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:31:51.0763 12196 Wdf01000 - ok

19:31:51.0798 12196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:31:51.0805 12196 WdiServiceHost - ok

19:31:51.0813 12196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:31:51.0819 12196 WdiSystemHost - ok

19:31:51.0864 12196 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

19:31:51.0866 12196 wdkmd - ok

19:31:51.0902 12196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:31:51.0924 12196 WebClient - ok

19:31:51.0943 12196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:31:51.0963 12196 Wecsvc - ok

19:31:51.0986 12196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:31:51.0994 12196 wercplsupport - ok

19:31:52.0018 12196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:31:52.0024 12196 WerSvc - ok

19:31:52.0057 12196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:31:52.0059 12196 WfpLwf - ok

19:31:52.0118 12196 [ 64DE79BF805724F0606FE7B3B2F13784 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

19:31:52.0132 12196 WiMAXAppSrv - ok

19:31:52.0171 12196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:31:52.0173 12196 WIMMount - ok

19:31:52.0193 12196 WinDefend - ok

19:31:52.0208 12196 WinHttpAutoProxySvc - ok

19:31:52.0265 12196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:31:52.0272 12196 Winmgmt - ok

19:31:52.0372 12196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:31:52.0446 12196 WinRM - ok

19:31:52.0504 12196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

19:31:52.0506 12196 WinUsb - ok

19:31:52.0563 12196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:31:52.0597 12196 Wlansvc - ok

19:31:52.0638 12196 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:31:52.0640 12196 wlcrasvc - ok

19:31:52.0742 12196 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:31:52.0777 12196 wlidsvc - ok

19:31:52.0808 12196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

19:31:52.0809 12196 WmiAcpi - ok

19:31:52.0844 12196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:31:52.0852 12196 wmiApSrv - ok

19:31:52.0878 12196 WMPNetworkSvc - ok

19:31:52.0913 12196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:31:52.0920 12196 WPCSvc - ok

19:31:52.0936 12196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:31:52.0945 12196 WPDBusEnum - ok

19:31:52.0978 12196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:31:52.0980 12196 ws2ifsl - ok

19:31:52.0998 12196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

19:31:53.0005 12196 wscsvc - ok

19:31:53.0015 12196 WSearch - ok

19:31:53.0131 12196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:31:53.0234 12196 wuauserv - ok

19:31:53.0266 12196 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:31:53.0269 12196 WudfPf - ok

19:31:53.0297 12196 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:31:53.0300 12196 WUDFRd - ok

19:31:53.0324 12196 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:31:53.0332 12196 wudfsvc - ok

19:31:53.0370 12196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

19:31:53.0391 12196 WwanSvc - ok

19:31:53.0459 12196 ================ Scan global ===============================

19:31:53.0490 12196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:31:53.0524 12196 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:31:53.0545 12196 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:31:53.0601 12196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:31:53.0634 12196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:31:53.0643 12196 [Global] - ok

19:31:53.0644 12196 ================ Scan MBR ==================================

19:31:53.0655 12196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

19:31:53.0656 12196 Suspicious mbr (Forged): \Device\Harddisk0\DR0

19:31:53.0727 12196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

19:31:53.0727 12196 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

19:31:53.0728 12196 ================ Scan VBR ==================================

19:31:53.0736 12196 [ D651371DF44A7366AAB931AAC89010B2 ] \Device\Harddisk0\DR0\Partition1

19:31:53.0740 12196 \Device\Harddisk0\DR0\Partition1 - ok

19:31:53.0752 12196 [ CF8F0CC6F4CEF09A166792AC1ED90D15 ] \Device\Harddisk0\DR0\Partition2

19:31:53.0756 12196 \Device\Harddisk0\DR0\Partition2 - ok

19:31:53.0757 12196 ============================================================

19:31:53.0757 12196 Scan finished

19:31:53.0757 12196 ============================================================

19:31:53.0776 4636 Detected object count: 1

19:31:53.0776 4636 Actual detected object count: 1

19:41:39.0744 4636 \Device\Harddisk0\DR0\# - copied to quarantine

19:41:39.0749 4636 \Device\Harddisk0\DR0 - copied to quarantine

19:41:39.0877 4636 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

19:41:39.0886 4636 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

19:41:39.0919 4636 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

19:41:39.0946 4636 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

19:41:39.0950 4636 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

19:41:39.0956 4636 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

19:41:39.0961 4636 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

19:41:39.0969 4636 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

19:41:39.0977 4636 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

19:41:39.0982 4636 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

19:41:39.0988 4636 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

19:41:39.0993 4636 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

19:41:40.0036 4636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

19:41:40.0041 4636 \Device\Harddisk0\DR0 - ok

19:41:40.0306 4636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

19:42:41.0646 1184 Deinitialize success

19:44:55.0357 5008 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:44:55.0498 5008 ============================================================

19:44:55.0498 5008 Current date / time: 2013/03/01 19:44:55.0498

19:44:55.0498 5008 SystemInfo:

19:44:55.0498 5008

19:44:55.0498 5008 OS Version: 6.1.7601 ServicePack: 1.0

19:44:55.0498 5008 Product type: Workstation

19:44:55.0498 5008 ComputerName: LANNIE-VAIO

19:44:55.0498 5008 UserName: Lannie

19:44:55.0498 5008 Windows directory: C:\Windows

19:44:55.0498 5008 System windows directory: C:\Windows

19:44:55.0498 5008 Running under WOW64

19:44:55.0498 5008 Processor architecture: Intel x64

19:44:55.0498 5008 Number of processors: 4

19:44:55.0498 5008 Page size: 0x1000

19:44:55.0498 5008 Boot type: Normal boot

19:44:55.0498 5008 ============================================================

19:44:55.0888 5008 BG loaded

19:44:56.0480 5008 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:44:56.0496 5008 ============================================================

19:44:56.0496 5008 \Device\Harddisk0\DR0:

19:44:56.0496 5008 MBR partitions:

19:44:56.0496 5008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1559800, BlocksNum 0x32000

19:44:56.0496 5008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x158B800, BlocksNum 0x492CC000

19:44:56.0496 5008 ============================================================

19:44:56.0527 5008 C: <-> \Device\Harddisk0\DR0\Partition2

19:44:56.0527 5008 ============================================================

19:44:56.0527 5008 Initialize success

19:44:56.0527 5008 ============================================================

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-03-01.01 - Lannie 03/01/2013 20:14:37.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3977 [GMT -6:00]

Running from: c:\users\Lannie\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\DEFE.tmp

c:\programdata\Microsoft\Windows\DRM\DF3D.tmp

c:\programdata\Roaming

.

.

((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 )))))))))))))))))))))))))))))))

.

.

2013-03-02 02:25 . 2013-03-02 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-02 01:41 . 2013-03-02 01:41 -------- d-----w- C:\TDSSKiller_Quarantine

2013-02-28 22:19 . 2013-02-28 22:19 -------- d-----w- c:\users\Lannie\AppData\Roaming\SpeedyPC Software

2013-02-28 22:19 . 2013-02-28 22:19 -------- d-----w- c:\users\Lannie\AppData\Roaming\DriverCure

2013-02-28 22:18 . 2013-02-28 22:22 -------- d-----w- c:\programdata\SpeedyPC Software

2013-02-28 16:32 . 2013-02-28 16:32 -------- d-----w- c:\users\Lannie\AppData\Roaming\Malwarebytes

2013-02-28 16:32 . 2013-02-28 16:32 -------- d-----w- c:\programdata\Malwarebytes

2013-02-28 16:32 . 2013-02-28 16:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-28 16:32 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-28 16:31 . 2013-02-28 16:31 -------- d-----w- c:\users\Lannie\AppData\Local\Programs

2013-02-26 15:04 . 2013-02-26 15:04 -------- d-----w- c:\programdata\AVAST Software

2013-02-26 15:04 . 2013-02-26 15:04 -------- d-----w- c:\program files\AVAST Software

2013-02-26 03:13 . 2013-02-28 16:14 -------- d-----w- c:\users\Lannie\AppData\Local\NPE

2013-02-24 20:29 . 2013-02-28 17:21 -------- d-----w- c:\windows\system32\drivers\N360x64\1402000.013

2013-02-18 01:59 . 2013-02-18 01:59 -------- d-----w- c:\users\Lannie\AppData\Local\Sony Corporation

2013-02-14 14:28 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 14:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 14:14 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 14:14 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 14:14 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 14:13 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 14:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 14:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 14:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 14:13 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 14:13 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 14:13 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 14:13 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 14:13 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-10 23:52 . 2013-02-11 00:25 -------- d-----w- c:\users\Lannie\AppData\Roaming\.minecraft

2013-02-07 15:22 . 2013-03-02 01:25 -------- d-----w- c:\users\Lannie\AppData\Local\Coupon Companion Plugin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-28 18:12 . 2012-04-30 12:53 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-28 18:12 . 2012-02-28 03:11 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-18 23:03 . 2012-02-18 19:48 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-02-14 14:36 . 2012-02-22 22:20 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-23 03:51 . 2013-01-23 03:51 45968 ----a-w- c:\windows\system32\drivers\AntiLog64.sys

2013-01-06 02:39 . 2013-01-23 03:51 7369552 ----a-w- c:\windows\SysWow64\ZALSDKCore.dll

2013-01-06 02:39 . 2013-01-23 03:51 26448 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys

2013-01-04 04:43 . 2013-02-13 14:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-24 20:19 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-24 20:19 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-24 20:19 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-24 20:19 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 14:26 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 14:26 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 14:26 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 14:26 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 14:26 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 14:26 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 14:26 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 14:26 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 14:26 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 14:26 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 14:26 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 14:26 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 14:26 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 14:26 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 14:26 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 14:26 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 14:26 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 14:26 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 14:26 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 14:26 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 14:26 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 14:26 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 14:26 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 14:26 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 14:26 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 14:26 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 14:26 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 14:26 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 14:26 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 14:26 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 14:26 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 14:26 51712 ----a-w- c:\windows\SysWow64\esrb.rs

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Lannie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

.

c:\users\Lannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2013-1-14 3982376]

Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(1).dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [2013-01-23 45968]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-02-08 1388120]

S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys [2013-02-23 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-07-28 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-07-23 432800]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-12 2429544]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-01-14 66600]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-16 47104]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-28 317440]

S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [2013-01-06 26448]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-12 340072]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 30300099

*NewlyCreated* - 70961677

*Deregistered* - 30300099

*Deregistered* - 70961677

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 18:12]

.

2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 21:45]

.

2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 21:45]

.

2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2500220829-1456205374-1040945134-1001Core.job

- c:\users\Lannie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 17:40]

.

2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2500220829-1456205374-1040945134-1001UA.job

- c:\users\Lannie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 17:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(1).dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://sony.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Lannie\AppData\Roaming\Mozilla\Firefox\Profiles\cahlydyl.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - ExtSQL: 2013-02-07 09:21; extension21804@extension21804.com; c:\users\Lannie\AppData\Roaming\Mozilla\Firefox\Profiles\cahlydyl.default\extensions\extension21804@extension21804.com

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-70961677.sys

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{869D8A73-BD74-4AF4-B35D-FA3A4ACE3875}\VAIO Messenger Setup 2.0.287.0.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-01 20:30:11

ComboFix-quarantined-files.txt 2013-03-02 02:30

.

Pre-Run: 544,407,699,456 bytes free

Post-Run: 544,029,265,920 bytes free

.

- - End Of File - - 90BBE28E251A431A67D77CE05E2BD9A6

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.01.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lannie :: LANNIE-VAIO [administrator]

Protection: Enabled

3/1/2013 8:54:12 PM

mbam-log-2013-03-01 (20-54-12).txt

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 416634

Time elapsed: 1 hour(s), 3 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

THANK YOU!!

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.02.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lannie :: LANNIE-VAIO [administrator]

Protection: Enabled

3/1/2013 10:17:04 PM

mbam-log-2013-03-01 (22-17-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211912

Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good.....Lets check for any adware:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.