poor_red_neck

Adobe Update -> Smart Fortress 2012 -> DNS Re-Routing...

11 posts in this topic

Hello,

Had an Adobe update pop up, I clicked cancel or no or whatever, and it kept popping up. I checked the certificate, which showed as valid so I updated.

Came back to the computer and noticed Smart Fortress doing one of those fake scans. It started blocking any application I opened. Ran malware bytes using Chameleon, and it cleaned about 8 infections. Re-booted and ran again and it found 2 or 3. Every reboot now there's one that remains "Trojan.Dropper.BCMiner"

The only side effect I notice right now is the re-routing of any search engine site, and all of google. Chrome will not allow me to visit any google URL, firefox does however I can tell it's not right.

I've changed all passwords. I have the Malwarebytes log(s) if you need them.

DDS Files are attached.

Thank you very much in advance for any assistance, and if there is anything further you need please let me know.

DDS.txt

attach.txt

Share this post


Link to post
Share on other sites

Hello and Welcome!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

Hi Gringo!

Thank you very much for your assistance.

My PC seems to be back to normal! Atleast skin deep. The issues with Chrome not allowing any SSL connections appears to have been fixed. Google URLs are no-longer being re-directed.

After removing "Smart Fortress 2012" the above symptoms were the only things noticed affecting my PC.

Here is the "checkup.txt" log

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

avast! Antivirus

Norton Internet Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 29

Java version out of date!

Adobe Flash Player 11.2.202.235

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (12.0)

Google Chrome 19.0.1084.46

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials msseces.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

And the ComboFix Log. One note about running combofix. It said I have Norton Internet Security as well as avast AV running. These programs are not installed on my computer. Norton came with my laptop, but I uninstalled it the day I booted it. Avast does not show up on the Add/Remove programs list, does not appear in the system tray, and does not show as a running process. I ran ComboFix anyways and did not encounter any errors, other than the initial warning that AV software is running.

ComboFix 12-05-29.01 - Jon 05/29/2012 13:21:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2186 [GMT -4:00]

Running from: c:\users\Jon\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WinPCap

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\L\00000004.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\L\80000032.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\n

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\00000004.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\00000008.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\000000cb.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000000.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000032.@

c:\users\Jon\AppData\Local\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000064.@

c:\users\Jon\AppData\Local\Temp\mizry.dll

c:\users\Jon\AppData\Local\Temp\swtlib-64\swt-win32-3703.dll

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\L\00000004.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\L\1afb2d56

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\L\201d3dde

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\n

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\00000004.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\00000008.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\000000cb.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000000.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000032.@

c:\windows\Installer\{f96f4439-751d-91ad-af78-9e38f0b5b963}\U\80000064.@

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\ST~2EC4.tmp

c:\windows\SysWow64\ST~300D.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))

.

.

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\programdata\Malwarebytes

2012-05-27 03:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-27 03:04 . 2012-05-27 03:32 -------- d-----w- c:\programdata\F4D55F3B000026FD005B954BB4EB2367

2012-05-26 20:32 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{527A8771-BD72-4E50-AB5C-37A091DA2AC8}\mpengine.dll

2012-05-20 07:00 . 2012-05-20 07:00 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-20 07:00 . 2012-05-20 07:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-18 21:00 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-14 20:18 . 2012-05-16 16:01 -------- d-----w- c:\program files (x86)\PEN TABLET

2012-05-10 02:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 02:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 02:09 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 02:09 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:09 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:09 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 02:09 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 01:43 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 01:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 01:43 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 01:43 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 01:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 00:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-01 07:01 . 2012-05-01 07:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-30 01:48 . 2012-04-30 01:48 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{60BFF294-7A1C-48E1-BB05-CD6555698EEF}

2012-04-30 01:47 . 2012-04-30 01:47 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{89EBD8C7-1FAC-427C-A1DB-338F2DD3FCE6}

2012-04-30 01:47 . 2012-04-30 01:47 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A9478360-C9A3-4EC4-8E39-F1889057A419}

2012-04-30 01:47 . 2012-04-30 01:47 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A2483264-FE5D-4488-B747-E8101778AAC0}

2012-04-30 01:47 . 2012-04-30 01:47 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A3EAE47D-C269-4A37-987B-FA4080C8B3CB}

2012-04-30 01:45 . 2012-04-30 01:45 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{78D59F92-F9DD-4231-A758-CC0DF950C86A}

2012-04-30 01:45 . 2012-04-30 01:45 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{DD449708-38F0-4991-9FC1-DC7049D84A1F}

2012-04-30 01:44 . 2012-04-30 01:44 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{2BA0994D-A476-4686-93E1-F58A2B42B78B}

2012-04-30 01:42 . 2012-04-30 01:42 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{312777A8-0807-4F4D-B17E-630843E60572}

2012-04-30 01:42 . 2012-04-30 01:42 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{E8D7691E-0522-428C-B100-7EC9ACA446A5}

2012-04-30 01:42 . 2012-04-30 01:42 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{E1A0CF97-C06A-489E-AB50-13F43BD248C7}

2012-04-30 01:40 . 2012-04-30 01:40 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{B14E17DF-05FE-496B-8431-F8ADCA31AFAC}

2012-04-30 01:39 . 2012-04-30 01:39 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{1CB4092F-CC00-4F19-97E5-CB95738D03F0}

2012-04-30 01:34 . 2012-04-30 01:34 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{5B5DFF30-CCA1-4785-A511-A0CB86D4647F}

2012-04-30 01:34 . 2012-04-30 01:34 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{E1B1BA19-15D0-4DD1-ADE9-78C4493B37DC}

2012-04-30 01:34 . 2012-04-30 01:34 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B1E69CB8-EC4C-4DFF-B28B-0D578332D9A3}

2012-04-30 01:34 . 2012-04-30 01:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{01AED530-962F-4229-9E6D-0C01D46189C9}

2012-04-30 01:34 . 2012-04-30 01:34 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{DF6A4CE0-4FAF-4670-8AA4-83581CB3D95C}

2012-04-30 01:31 . 2012-04-30 01:31 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{E720898B-7934-4031-9B77-EA29868A22B8}

2012-04-30 01:31 . 2012-04-30 01:31 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5A964DB1-5DB7-433C-9AE7-C1AB4B629FA9}

2012-04-30 01:31 . 2012-04-30 01:31 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{ACD9FE1F-4BD9-4C0F-8639-E8C83EF91ADB}

2012-04-30 01:31 . 2012-04-30 01:31 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{71BC82F5-FEDB-4B2D-B700-7C85C62AF53C}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{9BAB0F49-5AF2-4EBE-86FB-971323305865}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{18F8BDD4-F44D-445A-A412-A9E1188DB55A}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BC1DBC99-385A-4F2D-9393-7AA6907DC3AF}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{867F9740-6C53-4EAC-8449-38E5C3DD57D9}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{61A29CF8-8DE3-4D03-82D4-7ED5D5A1DD6B}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{78C5C809-7550-4758-8EEB-B21AA098E995}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{36D5E22F-1A12-47D2-9FE6-EB6B6C8D3992}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FCD275C7-03D8-4783-B923-F35D128FE0CA}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7F528E41-0FFE-4CB6-99E0-AE2C2D85F817}

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5C10F8D5-F2BC-4A9F-AD89-B5B5B5CAA7A5}

2012-04-30 01:28 . 2012-04-30 01:28 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{2040D0C9-E74E-4A05-AF90-8A2237889530}

2012-04-30 01:28 . 2012-04-30 01:28 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{F38346D1-51DC-46DE-8795-DBE5B0A5C76A}

2012-04-30 01:28 . 2012-04-30 01:28 -------- d-----w- c:\windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{961AC80B-E85F-45B7-B7C1-AB8EB2649236}

2012-04-30 01:26 . 2012-04-30 01:26 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{9898BDFF-0968-4E4B-8FDF-BEB9EAE8F541}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D95ABE04-75A9-4BE3-8129-516E14B50053}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B8A128E2-1E50-4BD1-855E-14B49637F94C}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{1A52F2EC-DB61-4B01-BC5A-0FD35F487AE2}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B30F3494-1C4E-415D-87C6-D3170D33B944}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{4F282303-72E0-4BF7-963B-0CB57F39D99D}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C3D8CA0C-6FA8-496C-822C-13E619B5563A}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0689EF18-7E3E-4AB3-8EE9-4F283E082FA3}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AECA6A22-E4F4-45E2-BD50-D56FA5EF16B3}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{92797260-C2D4-41CC-A096-AFF744071AD2}

2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8D162DB0-8A5A-4A98-84E3-75CDCDB48060}

2012-04-30 01:19 . 2012-04-30 01:19 -------- d-----w- c:\program files\iTunes

2012-04-30 01:19 . 2012-04-30 01:19 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 03:14 . 2012-04-13 01:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 03:14 . 2011-12-06 20:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 03:14 . 2012-04-13 02:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-20 07:16 . 2012-04-20 07:13 1536 ----a-w- c:\windows\SysWow64\bcevent.dll

2012-03-21 00:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-01 06:46 . 2012-04-11 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 07:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\Jon\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]

"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-12-09 1143288]

"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"WTClient"="WTClient.exe" [2009-08-20 32768]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

android-notifier-desktop.lnk - c:\program files\Android Notifier Desktop\android-notifier-desktop.exe [2010-10-6 608524]

Quick'n Easy FTP Server.lnk - c:\ftp server\FTPServer.exe [2012-2-22 363520]

Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-19 2447360]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

DUC 3.0.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]

Event Reminder.lnk - c:\program files (x86)\Broderbund\PrintMaster\PMremind.exe [2012-3-27 331776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-05 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\SysWOW64\drivers\bmdrvr.sys [2009-04-18 34864]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-01 17152]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Apache2.2;Apache2.2;c:\server\apache\bin\httpd.exe [2011-09-09 20549]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-18 2152688]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-24 46080]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-06-16 1465016]

S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-28 262144]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]

S2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2009-04-18 428592]

S2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2009-04-18 428592]

S2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys [2009-04-18 32816]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:14]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:55]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:55]

.

2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1005Core.job

- c:\users\Caren\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 22:23]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1005UA.job

- c:\users\Caren\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 22:23]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1007Core.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 22:23]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1007UA.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 22:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF28150.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 66.76.227.40

FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\tzv1l51b.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-MsMpSvc

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\System32\Drivers\WTSRV.EXE

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\VMware\VMware Player\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

.

**************************************************************************

.

Completion time: 2012-05-29 13:39:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-29 17:39

.

Pre-Run: 116,180,701,184 bytes free

Post-Run: 119,160,762,368 bytes free

.

- - End Of File - - C115FE7E3B4918EC63C3CC8BBDC3515A

Please let me know how to proceed. As far as I can tell it appears to be running normally, however I will wait for the all-clear.

Thank you again VERY MUCH for your assistance! :D

Share this post


Link to post
Share on other sites

Greetings

It is a little bit early yet for an all clear I am going to do some more checking first

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Share this post


Link to post
Share on other sites

Hi Gringo,

TDSS Killer ran with no issues. Nothing detected.

aswMBR would not complete with out a BSOD.

TDSS Killer Log

15:01:11.0325 1052 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

15:01:11.0683 1052 ============================================================

15:01:11.0683 1052 Current date / time: 2012/05/29 15:01:11.0683

15:01:11.0683 1052 SystemInfo:

15:01:11.0683 1052

15:01:11.0684 1052 OS Version: 6.1.7601 ServicePack: 1.0

15:01:11.0684 1052 Product type: Workstation

15:01:11.0684 1052 ComputerName: CAREN-VAIO

15:01:11.0684 1052 UserName: Jon

15:01:11.0684 1052 Windows directory: C:\Windows

15:01:11.0684 1052 System windows directory: C:\Windows

15:01:11.0684 1052 Running under WOW64

15:01:11.0684 1052 Processor architecture: Intel x64

15:01:11.0684 1052 Number of processors: 2

15:01:11.0684 1052 Page size: 0x1000

15:01:11.0684 1052 Boot type: Normal boot

15:01:11.0684 1052 ============================================================

15:01:12.0122 1052 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:01:12.0134 1052 ============================================================

15:01:12.0134 1052 \Device\Harddisk0\DR0:

15:01:12.0134 1052 MBR partitions:

15:01:12.0134 1052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1675000, BlocksNum 0x32000

15:01:12.0134 1052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16A7000, BlocksNum 0x23D872B0

15:01:12.0134 1052 ============================================================

15:01:12.0173 1052 C: <-> \Device\Harddisk0\DR0\Partition1

15:01:12.0173 1052 ============================================================

15:01:12.0173 1052 Initialize success

15:01:12.0173 1052 ============================================================

15:01:18.0392 6124 ============================================================

15:01:18.0392 6124 Scan started

15:01:18.0392 6124 Mode: Manual;

15:01:18.0392 6124 ============================================================

15:01:18.0769 6124 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:01:18.0772 6124 1394ohci - ok

15:01:18.0869 6124 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:01:18.0871 6124 ACDaemon - ok

15:01:18.0937 6124 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:01:18.0941 6124 ACPI - ok

15:01:18.0994 6124 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:01:18.0995 6124 AcpiPmi - ok

15:01:19.0131 6124 Active@ Disk Monitor (d63d78442f0f100df213e36b705c92fd) C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe

15:01:19.0175 6124 Active@ Disk Monitor - ok

15:01:19.0772 6124 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:01:19.0795 6124 AdobeFlashPlayerUpdateSvc - ok

15:01:19.0953 6124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

15:01:19.0976 6124 adp94xx - ok

15:01:20.0013 6124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

15:01:20.0021 6124 adpahci - ok

15:01:20.0039 6124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

15:01:20.0042 6124 adpu320 - ok

15:01:20.0100 6124 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:01:20.0101 6124 AeLookupSvc - ok

15:01:20.0168 6124 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:01:20.0174 6124 AFD - ok

15:01:20.0233 6124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:01:20.0235 6124 agp440 - ok

15:01:20.0394 6124 AIPS (2870ce9bfd6ba66fb0ffc6d11c9e41a7) C:\Program Files (x86)\netcut\services\AIPS.exe

15:01:20.0398 6124 AIPS - ok

15:01:20.0420 6124 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:01:20.0422 6124 ALG - ok

15:01:20.0467 6124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:01:20.0468 6124 aliide - ok

15:01:20.0486 6124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:01:20.0487 6124 amdide - ok

15:01:20.0534 6124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

15:01:20.0536 6124 AmdK8 - ok

15:01:20.0582 6124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

15:01:20.0584 6124 AmdPPM - ok

15:01:20.0624 6124 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:01:20.0626 6124 amdsata - ok

15:01:20.0676 6124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

15:01:20.0690 6124 amdsbs - ok

15:01:20.0710 6124 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:01:20.0711 6124 amdxata - ok

15:01:20.0747 6124 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

15:01:20.0748 6124 androidusb - ok

15:01:20.0885 6124 Apache2.2 (44ceaff41ede4297f30913ddf80d17c1) C:\server\apache\bin\httpd.exe

15:01:20.0887 6124 Apache2.2 - ok

15:01:20.0953 6124 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\drivers\Apfiltr.sys

15:01:20.0954 6124 ApfiltrService - ok

15:01:21.0030 6124 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:01:21.0032 6124 AppID - ok

15:01:21.0071 6124 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:01:21.0073 6124 AppIDSvc - ok

15:01:21.0118 6124 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:01:21.0120 6124 Appinfo - ok

15:01:21.0241 6124 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:01:21.0242 6124 Apple Mobile Device - ok

15:01:21.0313 6124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

15:01:21.0315 6124 arc - ok

15:01:21.0355 6124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

15:01:21.0357 6124 arcsas - ok

15:01:21.0396 6124 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

15:01:21.0397 6124 ArcSoftKsUFilter - ok

15:01:21.0442 6124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:01:21.0443 6124 AsyncMac - ok

15:01:21.0489 6124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:01:21.0490 6124 atapi - ok

15:01:21.0629 6124 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

15:01:21.0666 6124 athr - ok

15:01:22.0146 6124 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys

15:01:22.0248 6124 atikmdag - ok

15:01:22.0411 6124 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:01:22.0425 6124 AudioEndpointBuilder - ok

15:01:22.0433 6124 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:01:22.0437 6124 AudioSrv - ok

15:01:22.0488 6124 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:01:22.0491 6124 AxInstSV - ok

15:01:22.0569 6124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

15:01:22.0582 6124 b06bdrv - ok

15:01:22.0645 6124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:01:22.0689 6124 b57nd60a - ok

15:01:22.0753 6124 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:01:22.0755 6124 BDESVC - ok

15:01:22.0771 6124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:01:22.0772 6124 Beep - ok

15:01:22.0901 6124 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:01:22.0916 6124 BFE - ok

15:01:23.0027 6124 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

15:01:23.0043 6124 BITS - ok

15:01:23.0141 6124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

15:01:23.0142 6124 blbdrive - ok

15:01:23.0685 6124 bmdrvr (4d6eee6f8dde33ac7818308335175385) C:\Windows\SysWOW64\drivers\bmdrvr.sys

15:01:23.0686 6124 bmdrvr - ok

15:01:23.0838 6124 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:01:23.0840 6124 bowser - ok

15:01:23.0886 6124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

15:01:23.0887 6124 BrFiltLo - ok

15:01:23.0892 6124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

15:01:23.0893 6124 BrFiltUp - ok

15:01:23.0946 6124 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

15:01:23.0948 6124 BridgeMP - ok

15:01:24.0000 6124 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:01:24.0003 6124 Browser - ok

15:01:24.0063 6124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:01:24.0108 6124 Brserid - ok

15:01:24.0114 6124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:01:24.0116 6124 BrSerWdm - ok

15:01:24.0156 6124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:01:24.0157 6124 BrUsbMdm - ok

15:01:24.0163 6124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:01:24.0164 6124 BrUsbSer - ok

15:01:24.0212 6124 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

15:01:24.0213 6124 BthEnum - ok

15:01:24.0229 6124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

15:01:24.0230 6124 BTHMODEM - ok

15:01:24.0253 6124 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

15:01:24.0256 6124 BthPan - ok

15:01:24.0300 6124 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

15:01:24.0308 6124 BTHPORT - ok

15:01:24.0358 6124 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:01:24.0360 6124 bthserv - ok

15:01:24.0368 6124 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

15:01:24.0370 6124 BTHUSB - ok

15:01:24.0423 6124 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

15:01:24.0425 6124 btwaudio - ok

15:01:24.0442 6124 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys

15:01:24.0444 6124 btwavdt - ok

15:01:24.0546 6124 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

15:01:24.0563 6124 btwdins - ok

15:01:24.0572 6124 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

15:01:24.0573 6124 btwl2cap - ok

15:01:24.0620 6124 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys

15:01:24.0621 6124 btwrchid - ok

15:01:24.0655 6124 catchme - ok

15:01:24.0688 6124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:01:24.0690 6124 cdfs - ok

15:01:24.0740 6124 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

15:01:24.0746 6124 cdrom - ok

15:01:24.0800 6124 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:01:24.0802 6124 CertPropSvc - ok

15:01:24.0827 6124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

15:01:24.0829 6124 circlass - ok

15:01:24.0879 6124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:01:24.0884 6124 CLFS - ok

15:01:24.0982 6124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:01:24.0983 6124 clr_optimization_v2.0.50727_32 - ok

15:01:25.0054 6124 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:01:25.0056 6124 clr_optimization_v2.0.50727_64 - ok

15:01:25.0148 6124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:01:25.0151 6124 clr_optimization_v4.0.30319_32 - ok

15:01:25.0209 6124 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:01:25.0211 6124 clr_optimization_v4.0.30319_64 - ok

15:01:25.0254 6124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

15:01:25.0255 6124 CmBatt - ok

15:01:25.0302 6124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:01:25.0303 6124 cmdide - ok

15:01:25.0374 6124 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:01:25.0381 6124 CNG - ok

15:01:25.0430 6124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

15:01:25.0431 6124 Compbatt - ok

15:01:25.0475 6124 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:01:25.0477 6124 CompositeBus - ok

15:01:25.0481 6124 COMSysApp - ok

15:01:25.0528 6124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

15:01:25.0529 6124 crcdisk - ok

15:01:25.0588 6124 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

15:01:25.0603 6124 CryptSvc - ok

15:01:25.0671 6124 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:01:25.0679 6124 DcomLaunch - ok

15:01:25.0741 6124 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:01:25.0751 6124 defragsvc - ok

15:01:25.0802 6124 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:01:25.0804 6124 DfsC - ok

15:01:25.0852 6124 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys

15:01:25.0854 6124 dg_ssudbus - ok

15:01:25.0916 6124 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:01:25.0924 6124 Dhcp - ok

15:01:25.0964 6124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:01:25.0964 6124 discache - ok

15:01:26.0010 6124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

15:01:26.0011 6124 Disk - ok

15:01:26.0066 6124 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:01:26.0081 6124 Dnscache - ok

15:01:26.0133 6124 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:01:26.0157 6124 dot3svc - ok

15:01:26.0203 6124 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:01:26.0218 6124 DPS - ok

15:01:26.0234 6124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:01:26.0235 6124 drmkaud - ok

15:01:26.0260 6124 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys

15:01:26.0261 6124 dvdfab - ok

15:01:26.0364 6124 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:01:26.0370 6124 DXGKrnl - ok

15:01:26.0424 6124 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:01:26.0426 6124 EapHost - ok

15:01:26.0658 6124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

15:01:26.0704 6124 ebdrv - ok

15:01:26.0826 6124 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:01:26.0828 6124 EFS - ok

15:01:26.0941 6124 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:01:26.0954 6124 ehRecvr - ok

15:01:27.0002 6124 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:01:27.0004 6124 ehSched - ok

15:01:27.0078 6124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

15:01:27.0090 6124 elxstor - ok

15:01:27.0144 6124 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:01:27.0145 6124 ErrDev - ok

15:01:27.0211 6124 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:01:27.0228 6124 EventSystem - ok

15:01:27.0285 6124 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:01:27.0299 6124 exfat - ok

15:01:27.0324 6124 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:01:27.0339 6124 fastfat - ok

15:01:27.0422 6124 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:01:27.0438 6124 Fax - ok

15:01:27.0486 6124 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

15:01:27.0488 6124 fdc - ok

15:01:27.0504 6124 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:01:27.0505 6124 fdPHost - ok

15:01:27.0515 6124 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:01:27.0517 6124 FDResPub - ok

15:01:27.0536 6124 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:01:27.0537 6124 FileInfo - ok

15:01:27.0553 6124 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:01:27.0555 6124 Filetrace - ok

15:01:27.0560 6124 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

15:01:27.0562 6124 flpydisk - ok

15:01:27.0624 6124 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:01:27.0627 6124 FltMgr - ok

15:01:27.0730 6124 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:01:27.0752 6124 FontCache - ok

15:01:27.0824 6124 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:01:27.0825 6124 FontCache3.0.0.0 - ok

15:01:27.0869 6124 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:01:27.0871 6124 FsDepends - ok

15:01:27.0918 6124 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:01:27.0919 6124 Fs_Rec - ok

15:01:27.0970 6124 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

15:01:27.0972 6124 FTDIBUS - ok

15:01:27.0980 6124 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

15:01:27.0982 6124 FTSER2K - ok

15:01:28.0041 6124 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:01:28.0044 6124 fvevol - ok

15:01:28.0090 6124 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

15:01:28.0091 6124 gagp30kx - ok

15:01:28.0135 6124 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:01:28.0136 6124 GEARAspiWDM - ok

15:01:28.0236 6124 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:01:28.0249 6124 gpsvc - ok

15:01:28.0406 6124 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:01:28.0409 6124 gupdate - ok

15:01:28.0413 6124 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:01:28.0414 6124 gupdatem - ok

15:01:28.0469 6124 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:01:28.0485 6124 gusvc - ok

15:01:28.0541 6124 hcmon (5bf776abedea06b0779c82e9d54b58d7) C:\Windows\system32\drivers\hcmon.sys

15:01:28.0541 6124 hcmon - ok

15:01:28.0580 6124 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:01:28.0581 6124 hcw85cir - ok

15:01:28.0645 6124 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:01:28.0652 6124 HdAudAddService - ok

15:01:28.0708 6124 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:01:28.0710 6124 HDAudBus - ok

15:01:28.0750 6124 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

15:01:28.0751 6124 HidBatt - ok

15:01:28.0768 6124 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

15:01:28.0770 6124 HidBth - ok

15:01:28.0813 6124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

15:01:28.0815 6124 HidIr - ok

15:01:28.0878 6124 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

15:01:28.0880 6124 hidserv - ok

15:01:28.0922 6124 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

15:01:28.0924 6124 HidUsb - ok

15:01:28.0972 6124 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:01:28.0974 6124 hkmsvc - ok

15:01:29.0029 6124 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:01:29.0033 6124 HomeGroupListener - ok

15:01:29.0107 6124 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:01:29.0121 6124 HomeGroupProvider - ok

15:01:29.0178 6124 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:01:29.0179 6124 HpSAMD - ok

15:01:29.0283 6124 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:01:29.0293 6124 HTTP - ok

15:01:29.0342 6124 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:01:29.0342 6124 hwpolicy - ok

15:01:29.0400 6124 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:01:29.0402 6124 i8042prt - ok

15:01:29.0495 6124 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

15:01:29.0502 6124 IAANTMON - ok

15:01:29.0570 6124 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\drivers\iaStor.sys

15:01:29.0573 6124 iaStor - ok

15:01:29.0612 6124 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:01:29.0628 6124 iaStorV - ok

15:01:29.0748 6124 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:01:29.0765 6124 idsvc - ok

15:01:30.0232 6124 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:01:30.0370 6124 igfx - ok

15:01:30.0503 6124 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

15:01:30.0504 6124 iirsp - ok

15:01:30.0604 6124 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

15:01:30.0606 6124 IJPLMSVC - ok

15:01:30.0708 6124 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:01:30.0724 6124 IKEEXT - ok

15:01:30.0877 6124 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys

15:01:30.0888 6124 IntcAzAudAddService - ok

15:01:31.0012 6124 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

15:01:31.0015 6124 IntcHdmiAddService - ok

15:01:31.0059 6124 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:01:31.0060 6124 intelide - ok

15:01:31.0112 6124 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

15:01:31.0113 6124 intelppm - ok

15:01:31.0168 6124 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:01:31.0171 6124 IPBusEnum - ok

15:01:31.0221 6124 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:01:31.0222 6124 IpFilterDriver - ok

15:01:31.0342 6124 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:01:31.0350 6124 iphlpsvc - ok

15:01:31.0399 6124 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:01:31.0401 6124 IPMIDRV - ok

15:01:31.0461 6124 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:01:31.0463 6124 IPNAT - ok

15:01:31.0620 6124 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

15:01:31.0633 6124 iPod Service - ok

15:01:31.0646 6124 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:01:31.0647 6124 IRENUM - ok

15:01:31.0683 6124 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:01:31.0684 6124 isapnp - ok

15:01:31.0738 6124 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:01:31.0749 6124 iScsiPrt - ok

15:01:31.0814 6124 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

15:01:31.0815 6124 IviRegMgr - ok

15:01:31.0859 6124 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:01:31.0860 6124 kbdclass - ok

15:01:31.0911 6124 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:01:31.0913 6124 kbdhid - ok

15:01:31.0952 6124 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:01:31.0954 6124 KeyIso - ok

15:01:31.0971 6124 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:01:31.0972 6124 KSecDD - ok

15:01:31.0991 6124 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:01:31.0993 6124 KSecPkg - ok

15:01:32.0038 6124 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:01:32.0039 6124 ksthunk - ok

15:01:32.0099 6124 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:01:32.0106 6124 KtmRm - ok

15:01:32.0163 6124 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

15:01:32.0174 6124 LanmanServer - ok

15:01:32.0220 6124 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:01:32.0223 6124 LanmanWorkstation - ok

15:01:32.0428 6124 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

15:01:32.0482 6124 Lavasoft Ad-Aware Service - ok

15:01:32.0575 6124 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

15:01:32.0576 6124 Lavasoft Kernexplorer - ok

15:01:32.0714 6124 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

15:01:32.0715 6124 Lbd - ok

15:01:32.0771 6124 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:01:32.0772 6124 lltdio - ok

15:01:32.0836 6124 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:01:32.0847 6124 lltdsvc - ok

15:01:32.0878 6124 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:01:32.0879 6124 lmhosts - ok

15:01:32.0931 6124 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

15:01:32.0933 6124 LSI_FC - ok

15:01:33.0003 6124 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

15:01:33.0006 6124 LSI_SAS - ok

15:01:33.0053 6124 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

15:01:33.0054 6124 LSI_SAS2 - ok

15:01:33.0110 6124 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

15:01:33.0112 6124 LSI_SCSI - ok

15:01:33.0139 6124 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:01:33.0141 6124 luafv - ok

15:01:33.0190 6124 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

15:01:33.0190 6124 MBAMProtector - ok

15:01:33.0297 6124 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:01:33.0336 6124 MBAMService - ok

15:01:33.0390 6124 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:01:33.0393 6124 Mcx2Svc - ok

15:01:33.0445 6124 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

15:01:33.0447 6124 megasas - ok

15:01:33.0502 6124 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

15:01:33.0513 6124 MegaSR - ok

15:01:33.0616 6124 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

15:01:33.0618 6124 Microsoft Office Groove Audit Service - ok

15:01:33.0676 6124 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:01:33.0678 6124 MMCSS - ok

15:01:33.0699 6124 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:01:33.0701 6124 Modem - ok

15:01:33.0722 6124 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:01:33.0723 6124 monitor - ok

15:01:33.0769 6124 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:01:33.0770 6124 mouclass - ok

15:01:33.0812 6124 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:01:33.0814 6124 mouhid - ok

15:01:33.0862 6124 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:01:33.0863 6124 mountmgr - ok

15:01:33.0942 6124 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:01:33.0944 6124 MozillaMaintenance - ok

15:01:34.0037 6124 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

15:01:34.0040 6124 MpFilter - ok

15:01:34.0100 6124 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:01:34.0117 6124 mpio - ok

15:01:34.0171 6124 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:01:34.0172 6124 mpsdrv - ok

15:01:34.0319 6124 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:01:34.0336 6124 MpsSvc - ok

15:01:34.0401 6124 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:01:34.0404 6124 MRxDAV - ok

15:01:34.0456 6124 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:01:34.0458 6124 mrxsmb - ok

15:01:34.0515 6124 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:01:34.0525 6124 mrxsmb10 - ok

15:01:34.0548 6124 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:01:34.0551 6124 mrxsmb20 - ok

15:01:34.0593 6124 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:01:34.0594 6124 msahci - ok

15:01:34.0654 6124 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:01:34.0657 6124 msdsm - ok

15:01:34.0714 6124 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:01:34.0719 6124 MSDTC - ok

15:01:34.0780 6124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:01:34.0781 6124 Msfs - ok

15:01:34.0799 6124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:01:34.0800 6124 mshidkmdf - ok

15:01:34.0841 6124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:01:34.0841 6124 msisadrv - ok

15:01:34.0890 6124 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:01:34.0906 6124 MSiSCSI - ok

15:01:34.0911 6124 msiserver - ok

15:01:34.0933 6124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:01:34.0934 6124 MSKSSRV - ok

15:01:34.0944 6124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:01:34.0945 6124 MSPCLOCK - ok

15:01:34.0957 6124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:01:34.0958 6124 MSPQM - ok

15:01:35.0014 6124 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:01:35.0019 6124 MsRPC - ok

15:01:35.0044 6124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:01:35.0045 6124 mssmbios - ok

15:01:35.0139 6124 MSSQL$DDNI - ok

15:01:35.0232 6124 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

15:01:35.0234 6124 MSSQLServerADHelper100 - ok

15:01:35.0247 6124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:01:35.0248 6124 MSTEE - ok

15:01:35.0297 6124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

15:01:35.0298 6124 MTConfig - ok

15:01:35.0314 6124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:01:35.0315 6124 Mup - ok

15:01:35.0390 6124 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:01:35.0404 6124 napagent - ok

15:01:35.0430 6124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:01:35.0438 6124 NativeWifiP - ok

15:01:35.0599 6124 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe

15:01:35.0609 6124 NAUpdate - ok

15:01:35.0659 6124 NBVol (daca803a8d732fe5eeaa024ec342f81d) C:\Windows\system32\DRIVERS\NBVol.sys

15:01:35.0660 6124 NBVol - ok

15:01:35.0672 6124 NBVolUp (6208f622e9e35860dfb0753dff56f0c0) C:\Windows\system32\DRIVERS\NBVolUp.sys

15:01:35.0673 6124 NBVolUp - ok

15:01:35.0755 6124 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:01:35.0768 6124 NDIS - ok

15:01:35.0783 6124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:01:35.0784 6124 NdisCap - ok

15:01:35.0804 6124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:01:35.0805 6124 NdisTapi - ok

15:01:35.0852 6124 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:01:35.0853 6124 Ndisuio - ok

15:01:35.0908 6124 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:01:35.0923 6124 NdisWan - ok

15:01:35.0969 6124 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:01:35.0970 6124 NDProxy - ok

15:01:35.0988 6124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:01:35.0989 6124 NetBIOS - ok

15:01:36.0058 6124 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:01:36.0062 6124 NetBT - ok

15:01:36.0110 6124 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:01:36.0112 6124 Netlogon - ok

15:01:36.0182 6124 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:01:36.0190 6124 Netman - ok

15:01:36.0229 6124 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:01:36.0244 6124 netprofm - ok

15:01:36.0345 6124 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:01:36.0348 6124 NetTcpPortSharing - ok

15:01:36.0403 6124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

15:01:36.0404 6124 nfrd960 - ok

15:01:36.0467 6124 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:01:36.0469 6124 NisDrv - ok

15:01:36.0592 6124 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

15:01:36.0602 6124 NisSrv - ok

15:01:36.0661 6124 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:01:36.0670 6124 NlaSvc - ok

15:01:36.0722 6124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:01:36.0723 6124 Npfs - ok

15:01:36.0768 6124 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:01:36.0770 6124 nsi - ok

15:01:36.0786 6124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:01:36.0786 6124 nsiproxy - ok

15:01:36.0937 6124 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:01:36.0968 6124 Ntfs - ok

15:01:37.0080 6124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:01:37.0080 6124 Null - ok

15:01:37.0127 6124 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:01:37.0130 6124 nvraid - ok

15:01:37.0185 6124 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:01:37.0201 6124 nvstor - ok

15:01:37.0256 6124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:01:37.0259 6124 nv_agp - ok

15:01:37.0376 6124 Oasis2Service (7991761529b37d5561a83ef2e93e4e45) C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

15:01:37.0378 6124 Oasis2Service - ok

15:01:37.0506 6124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:01:37.0520 6124 odserv - ok

15:01:37.0570 6124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:01:37.0572 6124 ohci1394 - ok

15:01:37.0633 6124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:01:37.0636 6124 ose - ok

15:01:37.0715 6124 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:01:37.0720 6124 p2pimsvc - ok

15:01:37.0793 6124 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:01:37.0808 6124 p2psvc - ok

15:01:37.0852 6124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

15:01:37.0854 6124 Parport - ok

15:01:37.0915 6124 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:01:37.0916 6124 partmgr - ok

15:01:37.0944 6124 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:01:37.0957 6124 PcaSvc - ok

15:01:38.0010 6124 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:01:38.0012 6124 pci - ok

15:01:38.0059 6124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:01:38.0060 6124 pciide - ok

15:01:38.0116 6124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

15:01:38.0129 6124 pcmcia - ok

15:01:38.0184 6124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:01:38.0185 6124 pcw - ok

15:01:38.0235 6124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:01:38.0254 6124 PEAUTH - ok

15:01:38.0748 6124 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:01:38.0750 6124 PerfHost - ok

15:01:38.0969 6124 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:01:39.0002 6124 pla - ok

15:01:39.0075 6124 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:01:39.0091 6124 PlugPlay - ok

15:01:39.0244 6124 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

15:01:39.0262 6124 PMBDeviceInfoProvider - ok

15:01:39.0320 6124 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:01:39.0322 6124 PNRPAutoReg - ok

15:01:39.0361 6124 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:01:39.0364 6124 PNRPsvc - ok

15:01:39.0433 6124 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:01:39.0445 6124 PolicyAgent - ok

15:01:39.0499 6124 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:01:39.0502 6124 Power - ok

15:01:39.0577 6124 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:01:39.0579 6124 PptpMiniport - ok

15:01:39.0628 6124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

15:01:39.0629 6124 Processor - ok

15:01:39.0685 6124 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

15:01:39.0697 6124 ProfSvc - ok

15:01:39.0746 6124 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:01:39.0747 6124 ProtectedStorage - ok

15:01:39.0809 6124 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:01:39.0810 6124 Psched - ok

15:01:39.0899 6124 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

15:01:39.0913 6124 PSI_SVC_2 - ok

15:01:39.0978 6124 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys

15:01:39.0979 6124 PTSimBus - ok

15:01:40.0028 6124 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys

15:01:40.0029 6124 PTSimHid - ok

15:01:40.0076 6124 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys

15:01:40.0077 6124 PxHlpa64 - ok

15:01:40.0206 6124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

15:01:40.0235 6124 ql2300 - ok

15:01:40.0346 6124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

15:01:40.0352 6124 ql40xx - ok

15:01:40.0421 6124 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:01:40.0425 6124 QWAVE - ok

15:01:40.0473 6124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:01:40.0475 6124 QWAVEdrv - ok

15:01:40.0497 6124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:01:40.0498 6124 RasAcd - ok

15:01:40.0523 6124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:01:40.0524 6124 RasAgileVpn - ok

15:01:40.0535 6124 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:01:40.0543 6124 RasAuto - ok

15:01:40.0601 6124 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:01:40.0604 6124 Rasl2tp - ok

15:01:40.0665 6124 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:01:40.0674 6124 RasMan - ok

15:01:40.0702 6124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:01:40.0704 6124 RasPppoe - ok

15:01:40.0725 6124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:01:40.0726 6124 RasSstp - ok

15:01:40.0784 6124 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:01:40.0794 6124 rdbss - ok

15:01:40.0808 6124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

15:01:40.0810 6124 rdpbus - ok

15:01:40.0824 6124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:01:40.0824 6124 RDPCDD - ok

15:01:40.0845 6124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:01:40.0846 6124 RDPENCDD - ok

15:01:40.0864 6124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:01:40.0864 6124 RDPREFMP - ok

15:01:40.0928 6124 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

15:01:40.0941 6124 RDPWD - ok

15:01:40.0998 6124 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:01:41.0001 6124 rdyboost - ok

15:01:41.0056 6124 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

15:01:41.0057 6124 regi - ok

15:01:41.0116 6124 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:01:41.0119 6124 RemoteAccess - ok

15:01:41.0169 6124 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:01:41.0184 6124 RemoteRegistry - ok

15:01:41.0206 6124 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

15:01:41.0221 6124 RFCOMM - ok

15:01:41.0270 6124 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\drivers\rimssn64.sys

15:01:41.0272 6124 rimsptsk - ok

15:01:41.0327 6124 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\drivers\risdsn64.sys

15:01:41.0328 6124 risdptsk - ok

15:01:41.0425 6124 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

15:01:41.0433 6124 Roxio UPnP Renderer 10 - ok

15:01:41.0470 6124 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

15:01:41.0476 6124 Roxio Upnp Server 10 - ok

15:01:41.0497 6124 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:01:41.0499 6124 RpcEptMapper - ok

15:01:41.0549 6124 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:01:41.0551 6124 RpcLocator - ok

15:01:41.0626 6124 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:01:41.0630 6124 RpcSs - ok

15:01:41.0703 6124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:01:41.0704 6124 rspndr - ok

15:01:41.0797 6124 RtkAudioService (01e6a1e53e39a0b1e2b6ae62bf52e8ec) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

15:01:41.0811 6124 RtkAudioService - ok

15:01:41.0937 6124 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\Sony\VAIO Care\collsvc.exe

15:01:41.0953 6124 SampleCollector - ok

15:01:42.0003 6124 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:01:42.0004 6124 SamSs - ok

15:01:42.0061 6124 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:01:42.0063 6124 sbp2port - ok

15:01:42.0277 6124 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

15:01:42.0317 6124 SBSDWSCService - ok

15:01:42.0376 6124 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:01:42.0389 6124 SCardSvr - ok

15:01:42.0467 6124 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:01:42.0468 6124 scfilter - ok

15:01:42.0577 6124 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:01:42.0594 6124 Schedule - ok

15:01:42.0656 6124 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:01:42.0657 6124 SCPolicySvc - ok

15:01:42.0710 6124 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

15:01:42.0712 6124 sdbus - ok

15:01:42.0768 6124 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:01:42.0783 6124 SDRSVC - ok

15:01:42.0822 6124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:01:42.0823 6124 secdrv - ok

15:01:42.0866 6124 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:01:42.0868 6124 seclogon - ok

15:01:42.0907 6124 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

15:01:42.0910 6124 SENS - ok

15:01:42.0919 6124 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:01:42.0921 6124 SensrSvc - ok

15:01:42.0948 6124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:01:42.0949 6124 Serenum - ok

15:01:42.0972 6124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

15:01:42.0974 6124 Serial - ok

15:01:43.0015 6124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

15:01:43.0016 6124 sermouse - ok

15:01:43.0108 6124 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:01:43.0115 6124 SessionEnv - ok

15:01:43.0163 6124 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

15:01:43.0164 6124 SFEP - ok

15:01:43.0215 6124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:01:43.0216 6124 sffdisk - ok

15:01:43.0231 6124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:01:43.0232 6124 sffp_mmc - ok

15:01:43.0245 6124 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:01:43.0246 6124 sffp_sd - ok

15:01:43.0297 6124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:01:43.0298 6124 sfloppy - ok

15:01:43.0405 6124 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:01:43.0422 6124 SharedAccess - ok

15:01:43.0488 6124 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:01:43.0506 6124 ShellHWDetection - ok

15:01:43.0564 6124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

15:01:43.0565 6124 SiSRaid2 - ok

15:01:43.0611 6124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

15:01:43.0613 6124 SiSRaid4 - ok

15:01:43.0733 6124 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

15:01:43.0735 6124 SkypeUpdate - ok

15:01:43.0786 6124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:01:43.0788 6124 Smb - ok

15:01:43.0848 6124 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:01:43.0850 6124 SNMPTRAP - ok

15:01:43.0954 6124 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

15:01:43.0956 6124 SOHCImp - ok

15:01:43.0997 6124 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

15:01:44.0012 6124 SOHDms - ok

15:01:44.0033 6124 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

15:01:44.0034 6124 SOHDs - ok

15:01:44.0123 6124 SpfService (b8047e776e50fc2384801083a77900e0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

15:01:44.0127 6124 SpfService - ok

15:01:44.0140 6124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:01:44.0141 6124 spldr - ok

15:01:44.0219 6124 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:01:44.0228 6124 Spooler - ok

15:01:44.0476 6124 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:01:44.0544 6124 sppsvc - ok

15:01:44.0691 6124 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:01:44.0693 6124 sppuinotify - ok

15:01:44.0829 6124 SQLAgent$DDNI (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE

15:01:44.0837 6124 SQLAgent$DDNI - ok

15:01:44.0942 6124 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

15:01:44.0953 6124 SQLBrowser - ok

15:01:45.0069 6124 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

15:01:45.0085 6124 SQLWriter - ok

15:01:45.0172 6124 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:01:45.0186 6124 srv - ok

15:01:45.0263 6124 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:01:45.0279 6124 srv2 - ok

15:01:45.0345 6124 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:01:45.0354 6124 SrvHsfHDA - ok

15:01:45.0480 6124 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:01:45.0509 6124 SrvHsfV92 - ok

15:01:45.0673 6124 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:01:45.0685 6124 SrvHsfWinac - ok

15:01:45.0741 6124 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:01:45.0757 6124 srvnet - ok

15:01:45.0813 6124 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys

15:01:45.0816 6124 ssadbus - ok

15:01:45.0830 6124 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys

15:01:45.0831 6124 ssadmdfl - ok

15:01:45.0858 6124 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys

15:01:45.0874 6124 ssadmdm - ok

15:01:45.0927 6124 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys

15:01:45.0930 6124 sscdbus - ok

15:01:45.0949 6124 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys

15:01:45.0950 6124 sscdmdfl - ok

15:01:45.0999 6124 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys

15:01:46.0014 6124 sscdmdm - ok

15:01:46.0083 6124 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:01:46.0097 6124 SSDPSRV - ok

15:01:46.0122 6124 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:01:46.0125 6124 SstpSvc - ok

15:01:46.0195 6124 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys

15:01:46.0209 6124 ssudmdm - ok

15:01:46.0264 6124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

15:01:46.0265 6124 stexstor - ok

15:01:46.0345 6124 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:01:46.0376 6124 stisvc - ok

15:01:46.0414 6124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:01:46.0414 6124 swenum - ok

15:01:46.0639 6124 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

15:01:46.0642 6124 SwitchBoard - ok

15:01:46.0687 6124 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:01:46.0700 6124 swprv - ok

15:01:46.0848 6124 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:01:46.0878 6124 SysMain - ok

15:01:47.0034 6124 Tablet2k - ok

15:01:47.0103 6124 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:01:47.0106 6124 TabletInputService - ok

15:01:47.0176 6124 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:01:47.0185 6124 TapiSrv - ok

15:01:47.0236 6124 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:01:47.0238 6124 TBS - ok

15:01:47.0281 6124 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys

15:01:47.0282 6124 TClass2k - ok

15:01:47.0452 6124 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

15:01:47.0482 6124 Tcpip - ok

15:01:47.0675 6124 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

15:01:47.0686 6124 TCPIP6 - ok

15:01:47.0791 6124 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:01:47.0793 6124 tcpipreg - ok

15:01:47.0847 6124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:01:47.0848 6124 TDPIPE - ok

15:01:47.0902 6124 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:01:47.0904 6124 TDTCP - ok

15:01:47.0957 6124 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:01:47.0959 6124 tdx - ok

15:01:48.0016 6124 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:01:48.0017 6124 TermDD - ok

15:01:48.0113 6124 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:01:48.0129 6124 TermService - ok

15:01:48.0180 6124 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:01:48.0182 6124 Themes - ok

15:01:48.0242 6124 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:01:48.0243 6124 THREADORDER - ok

15:01:48.0280 6124 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:01:48.0287 6124 TrkWks - ok

15:01:48.0369 6124 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:01:48.0382 6124 TrustedInstaller - ok

15:01:48.0440 6124 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:01:48.0441 6124 tssecsrv - ok

15:01:48.0497 6124 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:01:48.0499 6124 TsUsbFlt - ok

15:01:48.0555 6124 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:01:48.0557 6124 tunnel - ok

15:01:48.0733 6124 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files (x86)\TightVNC\tvnserver.exe

15:01:48.0738 6124 tvnserver - ok

15:01:48.0793 6124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

15:01:48.0795 6124 uagp35 - ok

15:01:48.0883 6124 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

15:01:48.0885 6124 uCamMonitor - ok

15:01:48.0934 6124 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys

15:01:48.0935 6124 UCTblHid - ok

15:01:49.0005 6124 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:01:49.0013 6124 udfs - ok

15:01:49.0078 6124 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:01:49.0081 6124 UI0Detect - ok

15:01:49.0135 6124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:01:49.0137 6124 uliagpkx - ok

15:01:49.0185 6124 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:01:49.0187 6124 umbus - ok

15:01:49.0233 6124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

15:01:49.0234 6124 UmPass - ok

15:01:49.0266 6124 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:01:49.0274 6124 upnphost - ok

15:01:49.0326 6124 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

15:01:49.0328 6124 USBAAPL64 - ok

15:01:49.0382 6124 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:01:49.0384 6124 usbccgp - ok

15:01:49.0445 6124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:01:49.0447 6124 usbcir - ok

15:01:49.0466 6124 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

15:01:49.0467 6124 usbehci - ok

15:01:49.0499 6124 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:01:49.0506 6124 usbhub - ok

15:01:49.0531 6124 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:01:49.0532 6124 usbohci - ok

15:01:49.0574 6124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

15:01:49.0575 6124 usbprint - ok

15:01:49.0593 6124 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:01:49.0595 6124 USBSTOR - ok

15:01:49.0618 6124 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

15:01:49.0619 6124 usbuhci - ok

15:01:49.0678 6124 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

15:01:49.0692 6124 usbvideo - ok

15:01:49.0749 6124 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:01:49.0751 6124 UxSms - ok

15:01:49.0856 6124 VAIO Entertainment TV Device Arbitration Service (8e68e4aa2d7abbf7c9159d9d2a38ae0f) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

15:01:49.0858 6124 VAIO Entertainment TV Device Arbitration Service - ok

15:01:49.0991 6124 VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

15:01:49.0994 6124 VAIO Event Service - ok

15:01:50.0162 6124 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

15:01:50.0170 6124 VAIO Power Management - ok

15:01:50.0220 6124 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:01:50.0221 6124 VaultSvc - ok

15:01:50.0365 6124 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

15:01:50.0375 6124 VCFw - ok

15:01:50.0488 6124 VcmIAlzMgr (f0672b2368e859284a4c44ae2cca4c72) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

15:01:50.0492 6124 VcmIAlzMgr - ok

15:01:50.0607 6124 VcmINSMgr (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

15:01:50.0613 6124 VcmINSMgr - ok

15:01:50.0719 6124 VcmXmlIfHelper (c8e3ba694cc5eacec4c01660ace40d56) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

15:01:50.0722 6124 VcmXmlIfHelper - ok

15:01:50.0871 6124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:01:50.0871 6124 vdrvroot - ok

15:01:50.0945 6124 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:01:50.0966 6124 vds - ok

15:01:51.0030 6124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:01:51.0031 6124 vga - ok

15:01:51.0052 6124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:01:51.0053 6124 VgaSave - ok

15:01:51.0116 6124 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:01:51.0131 6124 vhdmp - ok

15:01:51.0181 6124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:01:51.0182 6124 viaide - ok

15:01:51.0294 6124 VMAuthdService (0fc29adb3f634ed3e535a76395b470b5) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

15:01:51.0295 6124 VMAuthdService - ok

15:01:51.0365 6124 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

15:01:51.0366 6124 vmci - ok

15:01:51.0417 6124 vmkbd (76306d9523bc16baf01f1b71e3e174a9) C:\Windows\system32\drivers\VMkbd.sys

15:01:51.0417 6124 vmkbd - ok

15:01:51.0436 6124 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

15:01:51.0437 6124 VMnetAdapter - ok

15:01:51.0446 6124 VMnetDHCP - ok

15:01:51.0468 6124 VMnetuserif (ff9e2b3acd52c84eb50ca467c1952eb5) C:\Windows\system32\drivers\vmnetuserif.sys

15:01:51.0469 6124 VMnetuserif - ok

15:01:51.0630 6124 VMUSBArbService (b5bb4513c3206d1d4f8a0f276ae424fa) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

15:01:51.0646 6124 VMUSBArbService - ok

15:01:51.0676 6124 VMware NAT Service - ok

15:01:51.0802 6124 vmware-converter-agent (1667a75412777d38d297d8079c1aebd6) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe

15:01:51.0819 6124 vmware-converter-agent - ok

15:01:51.0880 6124 vmware-converter-server (99f249cfc4bcc4137efc916a3a760e02) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

15:01:51.0895 6124 vmware-converter-server - ok

15:01:51.0962 6124 vmx86 (e4b35c0c0be5d37da157304230c7a4c1) C:\Windows\system32\drivers\vmx86.sys

15:01:51.0962 6124 vmx86 - ok

15:01:52.0014 6124 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:01:52.0015 6124 volmgr - ok

15:01:52.0081 6124 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:01:52.0086 6124 volmgrx - ok

15:01:52.0143 6124 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:01:52.0147 6124 volsnap - ok

15:01:52.0203 6124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

15:01:52.0219 6124 vsmraid - ok

15:01:52.0350 6124 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:01:52.0398 6124 VSS - ok

15:01:52.0511 6124 vstor2-mntapi10 (e755434912834b96b77a58867acaf279) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys

15:01:52.0511 6124 vstor2-mntapi10 - ok

15:01:52.0708 6124 VUAgent (e55a44d8f9f713d5f5d5bbaef2ba0a34) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

15:01:52.0735 6124 VUAgent - ok

15:01:52.0882 6124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:01:52.0883 6124 vwifibus - ok

15:01:52.0901 6124 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:01:52.0903 6124 vwififlt - ok

15:01:52.0922 6124 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:01:52.0923 6124 vwifimp - ok

15:01:52.0983 6124 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:01:52.0990 6124 W32Time - ok

15:01:53.0039 6124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

15:01:53.0040 6124 WacomPen - ok

15:01:53.0078 6124 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:01:53.0080 6124 WANARP - ok

15:01:53.0088 6124 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:01:53.0090 6124 Wanarpv6 - ok

15:01:53.0212 6124 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:01:53.0244 6124 WatAdminSvc - ok

15:01:53.0385 6124 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:01:53.0415 6124 wbengine - ok

15:01:53.0558 6124 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:01:53.0571 6124 WbioSrvc - ok

15:01:53.0635 6124 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:01:53.0642 6124 wcncsvc - ok

15:01:53.0666 6124 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:01:53.0668 6124 WcsPlugInService - ok

15:01:53.0722 6124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

15:01:53.0723 6124 Wd - ok

15:01:53.0800 6124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:01:53.0809 6124 Wdf01000 - ok

15:01:53.0829 6124 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:01:53.0832 6124 WdiServiceHost - ok

15:01:53.0840 6124 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:01:53.0843 6124 WdiSystemHost - ok

15:01:53.0908 6124 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:01:53.0919 6124 WebClient - ok

15:01:53.0979 6124 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:01:53.0991 6124 Wecsvc - ok

15:01:54.0009 6124 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:01:54.0012 6124 wercplsupport - ok

15:01:54.0033 6124 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:01:54.0036 6124 WerSvc - ok

15:01:54.0053 6124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:01:54.0054 6124 WfpLwf - ok

15:01:54.0077 6124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:01:54.0078 6124 WIMMount - ok

15:01:54.0137 6124 WinDefend - ok

15:01:54.0152 6124 WinHttpAutoProxySvc - ok

15:01:54.0237 6124 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:01:54.0259 6124 Winmgmt - ok

15:01:54.0426 6124 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:01:54.0455 6124 WinRM - ok

15:01:54.0635 6124 WinTabService (935471ec43505cb23da16600562ee19a) C:\Windows\System32\Drivers\WTSRV.EXE

15:01:54.0637 6124 WinTabService - ok

15:01:54.0698 6124 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:01:54.0699 6124 WinUsb - ok

15:01:54.0810 6124 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:01:54.0827 6124 Wlansvc - ok

15:01:55.0064 6124 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:01:55.0104 6124 wlidsvc - ok

15:01:55.0242 6124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:01:55.0243 6124 WmiAcpi - ok

15:01:55.0343 6124 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:01:55.0356 6124 wmiApSrv - ok

15:01:55.0391 6124 WMPNetworkSvc - ok

15:01:55.0438 6124 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:01:55.0440 6124 WPCSvc - ok

15:01:55.0502 6124 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:01:55.0505 6124 WPDBusEnum - ok

15:01:55.0563 6124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:01:55.0564 6124 ws2ifsl - ok

15:01:55.0623 6124 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

15:01:55.0626 6124 wscsvc - ok

15:01:55.0636 6124 WSearch - ok

15:01:55.0817 6124 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

15:01:55.0861 6124 wuauserv - ok

15:01:56.0011 6124 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:01:56.0013 6124 WudfPf - ok

15:01:56.0062 6124 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:01:56.0077 6124 WUDFRd - ok

15:01:56.0127 6124 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:01:56.0130 6124 wudfsvc - ok

15:01:56.0185 6124 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:01:56.0198 6124 WwanSvc - ok

15:01:56.0270 6124 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

15:01:56.0275 6124 yukonw7 - ok

15:01:56.0317 6124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:01:56.0519 6124 \Device\Harddisk0\DR0 - ok

15:01:56.0523 6124 Boot (0x1200) (631932ff26a83dda42366d6ab2084517) \Device\Harddisk0\DR0\Partition0

15:01:56.0524 6124 \Device\Harddisk0\DR0\Partition0 - ok

15:01:56.0533 6124 Boot (0x1200) (1eb86ea66713a00d3a82360972bb03e9) \Device\Harddisk0\DR0\Partition1

15:01:56.0534 6124 \Device\Harddisk0\DR0\Partition1 - ok

15:01:56.0535 6124 ============================================================

15:01:56.0535 6124 Scan finished

15:01:56.0535 6124 ============================================================

15:01:56.0548 3388 Detected object count: 0

15:01:56.0548 3388 Actual detected object count: 0

Here is the BSOD and report. I ran it twice and it did the same each time.

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: 24

BCP1: 00000000001904FB

BCP2: FFFFF88007E64958

BCP3: FFFFF88007E641B0

BCP4: FFFFF800039B89BC

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\052912-31668-01.dmp

C:\Users\Jon\AppData\Local\Temp\WER-120947-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

Also, this file is on the C:\ root folder, that I haven't noticed. It's marked around the time I ran the avast utility. Not sure if it's relevant or not.

aaw7boot.txt

================================================================================

Boot Cleaner

================================================================================

[~] Cleaning started at 2011-12-02 04:59

[~] Preparing to execute queued commands

[~] Deleting file: C:\Users\Caren\AppData\Local\Temp\GLF4A72\VCTSVRInstaller.exe

[~] Deleting file: C:\$Recycle.Bin\S-1-5-21-2182866875-2756829414-3922554204-1007\$RL3URZE.zip

[~] Deleting file: C:\root\rageagainstthecage-arm5.bin

[~] Deleting file: C:\Users\Jon\Desktop\root\rageagainstthecage-arm5.bin

[~] Deleting file: C:\Users\Jon\Downloads\one.click.root.exploitv2.4.0.zip

[~] Deleting file: C:\Users\Jon\Downloads\one.click.root.exploitv2.5.2.zip

[~] Deleting file: C:\Users\Jon\Downloads\one.click.root.exploitv2.5.5.zip

[~] Finished processing queued commands

================================================================================

Boot Cleaner

================================================================================

[~] Cleaning started at 2011-12-02 07:36

================================================================================

Boot Cleaner

================================================================================

[~] Cleaning started at 2011-12-02 07:57

================================================================================

Boot Cleaner

================================================================================

[~] Cleaning started at 2011-12-15 08:24

================================================================================

Boot Cleaner

================================================================================

[~] Cleaning started at 2011-12-17 22:34

..................................................Clipped for length. The remaining file repeats "Boot Cleaner" with different time stamps

post-112649-0-17515900-1338319768.jpg

Share this post


Link to post
Share on other sites

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Share this post


Link to post
Share on other sites

Thanks Gringo,

I don't notice any ill effects on the computer. Appears to be functioning as it should. No apparent signs of malware infections.

No errors or issues with combo fix.

Here is the log from the combo fix:

ComboFix 12-05-29.01 - Jon 05/29/2012 22:57:06.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2258 [GMT -4:00]

Running from: c:\users\Jon\Desktop\ComboFix.exe

Command switches used :: c:\users\Jon\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jon\AppData\Local\Temp\swtlib-64\swt-win32-3703.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))

.

.

2012-05-30 03:05 . 2012-05-30 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-30 03:05 . 2012-05-30 03:05 -------- d-----w- c:\users\Caren\AppData\Local\temp

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\programdata\Malwarebytes

2012-05-27 03:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-27 03:15 . 2012-05-27 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-27 03:04 . 2012-05-27 03:32 -------- d-----w- c:\programdata\F4D55F3B000026FD005B954BB4EB2367

2012-05-26 20:32 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{527A8771-BD72-4E50-AB5C-37A091DA2AC8}\mpengine.dll

2012-05-20 07:00 . 2012-05-20 07:00 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-20 07:00 . 2012-05-20 07:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-18 21:00 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-14 20:18 . 2012-05-16 16:01 -------- d-----w- c:\program files (x86)\PEN TABLET

2012-05-10 02:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 02:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 02:09 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 02:09 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:09 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:09 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 02:09 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 01:43 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 01:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 01:43 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 01:43 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 01:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 00:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-01 07:01 . 2012-05-01 07:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 03:14 . 2012-04-13 01:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 03:14 . 2011-12-06 20:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 03:14 . 2012-04-13 02:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-20 07:16 . 2012-04-20 07:13 1536 ----a-w- c:\windows\SysWow64\bcevent.dll

2012-03-21 00:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-01 06:46 . 2012-04-11 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 07:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-29_17.33.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-09 20:02 . 2012-05-29 17:46 65050 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-29 19:22 45844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-03 03:53 . 2012-05-29 19:22 18330 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2182866875-2756829414-3922554204-1007_UserData.bin

+ 2009-11-25 14:47 . 2012-05-29 20:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-11-25 14:47 . 2012-05-29 17:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-11-25 14:47 . 2012-05-29 17:10 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-11-25 14:47 . 2012-05-29 20:37 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 17:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 20:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-05-29 17:31 . 2012-05-29 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-29 17:42 . 2012-05-29 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-29 17:42 . 2012-05-29 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-29 17:31 . 2012-05-29 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-05-29 19:19 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-29 17:31 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-30 00:48 . 2012-05-29 20:02 292092 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-27 05:27 694574 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-30 01:07 694574 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-30 01:07 132954 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-27 05:27 132954 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-29 17:31 536576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-29 17:41 536576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-05-29 17:31 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 19:19 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 19:19 11403264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 17:31 11403264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\Jon\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]

"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-12-09 1143288]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"WTClient"="WTClient.exe" [2009-08-20 32768]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

android-notifier-desktop.lnk - c:\program files\Android Notifier Desktop\android-notifier-desktop.exe [2010-10-6 608524]

Quick'n Easy FTP Server.lnk - c:\ftp server\FTPServer.exe [2012-2-22 363520]

Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-19 2447360]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

DUC 3.0.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]

Event Reminder.lnk - c:\program files (x86)\Broderbund\PrintMaster\PMremind.exe [2012-3-27 331776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-11-05 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\SysWOW64\drivers\bmdrvr.sys [2009-04-18 34864]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-01 17152]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Apache2.2;Apache2.2;c:\server\apache\bin\httpd.exe [2011-09-09 20549]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-18 2152688]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-24 46080]

R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-06-16 1465016]

S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-28 262144]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]

S2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2009-04-18 428592]

S2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2009-04-18 428592]

S2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys [2009-04-18 32816]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:14]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:55]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:55]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1005Core.job

- c:\users\Caren\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 22:23]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1005UA.job

- c:\users\Caren\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 22:23]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1007Core.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 22:23]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182866875-2756829414-3922554204-1007UA.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 22:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 66.76.227.40

FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\tzv1l51b.default\

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-29 23:07:28

ComboFix-quarantined-files.txt 2012-05-30 03:07

ComboFix2.txt 2012-05-29 17:39

.

Pre-Run: 117,739,970,560 bytes free

Post-Run: 118,451,134,464 bytes free

.

- - End Of File - - A15A6DD63A7CA36EF2D83DA74150D8BC

Share this post


Link to post
Share on other sites

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove

    • Adobe Reader 9.3.4
      Java 6 Update 29

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Share this post


Link to post
Share on other sites

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.