Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 'System Fix' and it will not die!


  • This topic is locked This topic is locked
22 replies to this topic

#1 Mischief Brew

Mischief Brew

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 November 2011 - 10:52 AM

My computer was recently infected with that nasty 'System Fix' scareware program and I've been able to restore computer functions and apparently remove it but I can tell it's still in here somewhere. Malwarebytes isn't catching any problems but I frequently get pop-ups from Internet Explorer saying 'a program has corrupted your default provider setting for Internet Explorer...etc'. I also sometimes get re-directs when using the internet but TDSSKiller will either A, not run despite renaming it or B, not detect anything if it runs. The final straw (kind of amusing in retrospect) was that Windows Media Player opened by itself and began playing Evangelical Sermons at about 12 am last night, which is a sign of a virus if I've ever seen one (I disconnected my internet and it stopped so it must have been streaming from somewhere).

I've tried to get rid of this but clearly it is too stubborn for me to handle. I've attached logs and any help would be very appreciated, thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 03 December 2011 - 09:18 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 04 December 2011 - 10:57 AM

Ah, sorry about jumping the gun on removing this nasty thing but I didn't think it would be this persistent. And I understand any congestion the site may be having, I'm just happy this service exists!

As for problems, nothing new is occurring other than what I have mentioned in my earlier post: Redirects when conducting Google searches; frequent error messages from Internet Explorer about a program corrupting my default search engine and resetting it; and TDSS killer has been either not running or not catching anything. The random Evangelical Sermons have stopped though, so there's that!

Thank you for your help! Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_21
Run by Bryan at 10:45:21 on 2011-12-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2133 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 129.49.7.170
TCP: Interfaces\{396C12D6-B356-4440-B13C-4728B44C595B} : DhcpNameServer = 129.49.7.170
TCP: Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B} : DhcpNameServer = 10.245.255.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bryan\Application Data\Mozilla\Firefox\Profiles\v0oo9hco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-05-2010&tb_mrud=14-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64889
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-22 366152]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-5-9 167424]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-6-5 2440632]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-23 411496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-8-5 24652]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-5-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-5-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-5-9 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-5-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-5-9 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-1-29 1164656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S4 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 21504]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-28 16:05:20 -------- dc----w- C:\Program Files\iPod
2011-11-28 16:05:16 -------- dc----w- C:\Program Files\iTunes
2011-11-28 16:05:16 -------- dc----w- C:\Program Files (x86)\iTunes
2011-11-27 16:45:36 -------- dc----w- C:\_Quarantine
2011-11-27 15:35:36 -------- dc----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-11-26 17:21:34 -------- d-----w- C:\Users\Bryan\AppData\Local\Secunia PSI
2011-11-26 17:21:19 -------- dc----w- C:\Program Files (x86)\Secunia
2011-11-26 07:06:38 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-26 02:47:26 -------- dc----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-23 04:08:11 -------- dc----w- C:\Program Files (x86)\GOG.com
2011-11-08 23:54:05 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 23:54:02 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-08 23:54:02 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-08 23:54:00 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 23:54:00 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 23:54:00 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
.
==================== Find3M ====================
.
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-09 18:17:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec
2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:52:48.15 ===============


And


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2009 3:50:11 AM
System Uptime: 12/4/2011 10:13:28 AM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | N/A | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 124.114 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1003: 11/25/2011 10:47:09 PM - Removed Windows Resource Kit Tools - SubInAcl.exe
RP1005: 11/26/2011 10:27:47 AM - Windows Update
RP1006: 11/26/2011 12:28:12 PM - Windows Update
RP1007: 11/26/2011 12:44:42 PM - Restore Operation
RP1008: 11/26/2011 2:07:48 PM - Windows Update
RP1009: 11/27/2011 4:42:02 PM - Installed DirectX
RP1010: 11/27/2011 4:47:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP1012: 11/28/2011 10:47:24 AM - Windows Update
RP1014: 11/30/2011 10:14:09 AM - Windows Update
RP1016: 12/1/2011 10:16:10 AM - Windows Update
RP1018: 12/2/2011 10:36:46 AM - Windows Update
RP1020: 12/3/2011 10:00:23 AM - Windows Update
RP1022: 12/4/2011 10:25:39 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Age of Empires III
Alliance
AllianceUpgrader
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Command and Conquer 3: Tiberium Wars
Company of Heroes
Compatibility Pack for the 2007 Office system
D3DX10
DivX Plus Web Player
EasyBits GO
Empire: Total War
Java Auto Updater
Junk Mail filter update
Keynote Connector
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft XNA Framework Redistributable 2.0
Microsoft XNA Framework Redistributable 4.0
Mount&Blade Warband
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
PowerISO
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Segoe UI
Sins of a Solar Empire
Skype Toolbars
Skype™ 4.2
Star Wars: Empire at War Gold
Steam
System Requirements Lab
System Requirements Lab for Intel
Terraria
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VAIO Update 5
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/4/2011 10:48:39 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/4/2011 10:31:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2416473).
12/4/2011 10:31:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Family Update (KB959209) x64.
12/4/2011 10:24:42 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
12/4/2011 10:23:19 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/4/2011 10:18:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall
12/4/2011 10:17:57 AM, Error: Service Control Manager [7022] - The Intel® Sample Collector service hung on starting.
12/4/2011 10:16:31 AM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
12/4/2011 10:15:16 AM, Error: netbt [4321] - The name "JACK :0" could not be registered on the interface with IP address 172.24.25.27. The computer with the IP address 129.49.2.138 did not allow the name to be claimed by this computer.
12/4/2011 10:14:01 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/3/2011 9:56:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Power Management service to connect.
12/3/2011 9:56:33 AM, Error: Service Control Manager [7000] - The VAIO Power Management service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/2/2011 8:45:21 PM, Error: netbt [4321] - The name "JACK :0" could not be registered on the interface with IP address 172.24.25.27. The computer with the IP address 129.49.2.238 did not allow the name to be claimed by this computer.
12/2/2011 12:51:33 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
12/2/2011 10:58:42 AM, Error: netbt [4321] - The name "JACK :20" could not be registered on the interface with IP address 172.24.25.27. The computer with the IP address 129.49.2.138 did not allow the name to be claimed by this computer.
12/2/2011 10:34:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/1/2011 11:52:29 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{396C12D6-B356-4440-B13C-4728B44C595B} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 04 December 2011 - 12:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 04 December 2011 - 06:42 PM

Ran Combofix, here's the log it generated:

ComboFix 11-12-04.04 - Bryan 12/04/2011 17:23:58.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2333 [GMT -5:00]
Running from: c:\users\Bryan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bryan\AppData\Roaming\2EB0.C6C
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 23:05 . 2011-12-04 23:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-04 23:05 . 2011-12-04 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 23:45 . 2011-11-28 23:45 -------- d-----w- c:\users\Bryan\AppData\Roaming\go
2011-11-28 16:05 . 2011-11-28 16:05 -------- dc----w- c:\program files\iPod
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files\iTunes
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files (x86)\iTunes
2011-11-27 16:45 . 2011-11-27 16:45 -------- dc----w- C:\_Quarantine
2011-11-27 15:35 . 2011-11-27 15:35 -------- dc----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-26 17:21 . 2011-11-26 17:21 -------- d-----w- c:\users\Bryan\AppData\Local\Secunia PSI
2011-11-26 17:21 . 2011-11-26 17:21 -------- dc----w- c:\program files (x86)\Secunia
2011-11-26 07:06 . 2011-11-26 07:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 02:47 . 2011-11-26 02:47 -------- dc----w- c:\program files (x86)\Common Files\PC Tools
2011-11-23 04:08 . 2011-11-23 04:08 -------- dc----w- c:\program files (x86)\GOG.com
2011-11-08 23:54 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-08 23:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-09 18:17 . 2011-05-14 13:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25 . 2011-10-12 15:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-12 15:02 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-12 15:02 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-12 15:02 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-12 15:02 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-12 15:02 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-12 15:02 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 15:02 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 15:02 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-12 15:02 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-12 15:02 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-12 15:02 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-12 15:02 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-12 15:02 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-12 15:02 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-04-14 2054448]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-06-05 115560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-09 1164656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R4 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 411496]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94866045
*Deregistered* - 94866045
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{5B8CDF0D-4BDA-4A6F-9C8B-C6198DE20803}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 129.49.7.170
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\v0oo9hco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-05-2010&tb_mrud=14-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64889
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-76251590.sys
SafeBoot-Symantec Antvirus
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-AOL Uninstaller - c:\program files (x86)\Common Files\AOL\uninstaller.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files (x86)\DivX\DivXWebPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,86,08,be,8b,dd,c3,94,62,c2,62,fb,a6,54,7f,cd,c1,fa,50,96,0a,a8,ba,
53,a2,70,ca,0d,4e,ea,21,40,28,e8,87,ad,41,99,48,32,72,0c,d0,c7,5b,7a,42,30,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,2a,36,d2,e2,e0,c9,7c,a9,38,8b,1b,7e,e0,2a,a8,4f,63,fb,8b,c3,
02,8c,10,b6,72,df,1a,86,77,c2,9c,59,d0,92,74,e2,f7,51,f7,9a,da,93,53,1e,f0,\
"rkeysecu"=hex:61,20,ff,bc,69,eb,35,90,c5,86,96,19,66,2e,39,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-04 18:34:55
ComboFix-quarantined-files.txt 2011-12-04 23:34
.
Pre-Run: 123,953,881,088 bytes free
Post-Run: 125,238,239,232 bytes free
.
- - End Of File - - 525B65311F739C7CC07EB32F3B0A97DF

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 04 December 2011 - 09:24 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\v0oo9hco.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64889
FF - prefs.js: network.proxy.type - 4


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 December 2011 - 10:50 AM

So I ran the script as you said to do and my computer seems to be in much better shape. I'm not getting that error message from IE anymore but I still get occasional redirects when conducting searches. Other than that I can't see any other issues. Thank you for your help thus far!

Here's the Combofix report:



ComboFix 11-12-04.04 - Bryan 12/04/2011 23:08:11.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1909 [GMT -5:00]
Running from: c:\users\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Bryan\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 04:48 . 2011-12-05 04:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-05 04:48 . 2011-12-05 04:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-05 04:48 . 2011-12-05 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 23:45 . 2011-11-28 23:45 -------- d-----w- c:\users\Bryan\AppData\Roaming\go
2011-11-28 16:05 . 2011-11-28 16:05 -------- dc----w- c:\program files\iPod
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files\iTunes
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files (x86)\iTunes
2011-11-27 16:45 . 2011-11-27 16:45 -------- dc----w- C:\_Quarantine
2011-11-27 15:35 . 2011-11-27 15:35 -------- dc----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-26 17:21 . 2011-11-26 17:21 -------- d-----w- c:\users\Bryan\AppData\Local\Secunia PSI
2011-11-26 17:21 . 2011-11-26 17:21 -------- dc----w- c:\program files (x86)\Secunia
2011-11-26 07:06 . 2011-11-26 07:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 02:47 . 2011-11-26 02:47 -------- dc----w- c:\program files (x86)\Common Files\PC Tools
2011-11-23 04:08 . 2011-11-23 04:08 -------- dc----w- c:\program files (x86)\GOG.com
2011-11-08 23:54 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-08 23:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-09 18:17 . 2011-05-14 13:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25 . 2011-10-12 15:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-12 15:02 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-12 15:02 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-12 15:02 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-12 15:02 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-12 15:02 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-12 15:02 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 15:02 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 15:02 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-12 15:02 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-12 15:02 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-12 15:02 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-12 15:02 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-12 15:02 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-12 15:02 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-04_23.07.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-12-05 02:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-12-04 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-05 02:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-04 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-05 02:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-04 15:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 00:51 . 2011-12-05 03:51 210544 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-04-14 2054448]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-06-05 115560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-09 1164656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R4 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 411496]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94866045
*Deregistered* - 94866045
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{5B8CDF0D-4BDA-4A6F-9C8B-C6198DE20803}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 129.49.7.170
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\v0oo9hco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-05-2010&tb_mrud=14-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,86,08,be,8b,dd,c3,94,62,c2,62,fb,a6,54,7f,cd,c1,fa,50,96,0a,a8,ba,
53,a2,70,ca,0d,4e,ea,21,40,28,e8,87,ad,41,99,48,32,72,0c,d0,c7,5b,7a,42,30,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,2a,36,d2,e2,e0,c9,7c,a9,38,8b,1b,7e,e0,2a,a8,4f,63,fb,8b,c3,
02,8c,10,b6,72,df,1a,86,77,c2,9c,59,d0,92,74,e2,f7,51,f7,9a,da,93,53,1e,f0,\
"rkeysecu"=hex:61,20,ff,bc,69,eb,35,90,c5,86,96,19,66,2e,39,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-05 00:08:52
ComboFix-quarantined-files.txt 2011-12-05 05:08
ComboFix2.txt 2011-12-04 23:35
.
Pre-Run: 125,230,632,960 bytes free
Post-Run: 125,307,793,408 bytes free
.
- - End Of File - - 7EC9309EFA62EF8F4B3822A9B53E37EE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 05 December 2011 - 03:02 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 December 2011 - 07:58 PM

Okay, I ran TDSSKiller and it didn't find anything as has been the case, so here's the log it generated:

19:03:00.0279 6296 1.0.0.0 Nov 19 2011 15:54:30
19:03:00.0281 6296 Updater subsystem init failed!
19:03:00.0282 6296 ============================================================
19:03:00.0282 6296 Current date / time: 2011/12/05 19:03:00.0282
19:03:00.0282 6296 SystemInfo:
19:03:00.0283 6296
19:03:00.0283 6296 OS Version: 6.0.6002 ServicePack: 2.0
19:03:00.0283 6296 Product type: Workstation
19:03:00.0283 6296 ComputerName: JACK
19:03:00.0283 6296 UserName: Bryan
19:03:00.0283 6296 Windows directory: C:\Windows
19:03:00.0283 6296 System windows directory: C:\Windows
19:03:00.0283 6296 Running under WOW64
19:03:00.0283 6296 Processor architecture: Intel x64
19:03:00.0283 6296 Number of processors: 2
19:03:00.0283 6296 Page size: 0x1000
19:03:00.0283 6296 Boot type: Normal boot
19:03:00.0283 6296 ============================================================
19:03:01.0152 6296 Initialize success
19:03:04.0176 3656 ============================================================
19:03:04.0176 3656 Scan started
19:03:04.0176 3656 Mode: Manual;
19:03:04.0176 3656 ============================================================
19:03:05.0660 3656 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:03:05.0670 3656 ACPI - ok
19:03:05.0852 3656 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:03:05.0901 3656 adp94xx - ok
19:03:06.0066 3656 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:03:06.0108 3656 adpahci - ok
19:03:06.0138 3656 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:03:06.0167 3656 adpu160m - ok
19:03:06.0190 3656 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:03:06.0222 3656 adpu320 - ok
19:03:06.0388 3656 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:03:06.0398 3656 AFD - ok
19:03:06.0548 3656 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:03:06.0581 3656 agp440 - ok
19:03:06.0649 3656 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:03:06.0676 3656 aic78xx - ok
19:03:06.0826 3656 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:03:06.0850 3656 aliide - ok
19:03:06.0869 3656 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:03:06.0894 3656 amdide - ok
19:03:06.0947 3656 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:03:06.0979 3656 AmdK8 - ok
19:03:07.0129 3656 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:03:07.0132 3656 ApfiltrService - ok
19:03:07.0335 3656 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:03:07.0363 3656 arc - ok
19:03:07.0517 3656 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:03:07.0544 3656 arcsas - ok
19:03:07.0600 3656 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:03:07.0601 3656 ArcSoftKsUFilter - ok
19:03:07.0813 3656 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:07.0836 3656 AsyncMac - ok
19:03:07.0918 3656 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
19:03:07.0944 3656 atapi - ok
19:03:08.0104 3656 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
19:03:08.0156 3656 athr - ok
19:03:08.0476 3656 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:08.0719 3656 atikmdag - ok
19:03:08.0909 3656 Beep - ok
19:03:08.0987 3656 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:03:09.0013 3656 blbdrive - ok
19:03:09.0136 3656 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:03:09.0139 3656 bowser - ok
19:03:09.0217 3656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:03:09.0242 3656 BrFiltLo - ok
19:03:09.0369 3656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:03:09.0391 3656 BrFiltUp - ok
19:03:09.0565 3656 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:03:09.0596 3656 Brserid - ok
19:03:09.0625 3656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:03:09.0656 3656 BrSerWdm - ok
19:03:09.0669 3656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:03:09.0691 3656 BrUsbMdm - ok
19:03:09.0704 3656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:03:09.0726 3656 BrUsbSer - ok
19:03:09.0871 3656 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
19:03:09.0895 3656 BthEnum - ok
19:03:09.0947 3656 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:03:09.0975 3656 BTHMODEM - ok
19:03:09.0990 3656 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
19:03:10.0029 3656 BthPan - ok
19:03:10.0204 3656 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
19:03:10.0230 3656 BTHPORT - ok
19:03:10.0367 3656 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
19:03:10.0396 3656 BTHUSB - ok
19:03:10.0457 3656 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
19:03:10.0494 3656 btwaudio - ok
19:03:10.0625 3656 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
19:03:10.0662 3656 btwavdt - ok
19:03:10.0730 3656 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:03:10.0759 3656 btwl2cap - ok
19:03:10.0900 3656 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
19:03:10.0922 3656 btwrchid - ok
19:03:11.0014 3656 catchme - ok
19:03:11.0193 3656 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:03:11.0230 3656 CAXHWAZL - ok
19:03:11.0416 3656 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:03:11.0419 3656 cdfs - ok
19:03:11.0512 3656 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:03:11.0515 3656 cdrom - ok
19:03:11.0663 3656 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:03:11.0690 3656 circlass - ok
19:03:11.0773 3656 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:03:11.0781 3656 CLFS - ok
19:03:11.0985 3656 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:11.0986 3656 CmBatt - ok
19:03:12.0025 3656 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:03:12.0047 3656 cmdide - ok
19:03:12.0218 3656 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
19:03:12.0219 3656 COH_Mon - ok
19:03:12.0262 3656 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:03:12.0263 3656 Compbatt - ok
19:03:12.0343 3656 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:03:12.0344 3656 cpudrv64 - ok
19:03:12.0451 3656 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:03:12.0452 3656 crcdisk - ok
19:03:12.0551 3656 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:03:12.0554 3656 DfsC - ok
19:03:12.0744 3656 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:03:12.0748 3656 disk - ok
19:03:12.0801 3656 DMICall - ok
19:03:12.0983 3656 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:03:13.0004 3656 drmkaud - ok
19:03:13.0106 3656 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:03:13.0125 3656 DXGKrnl - ok
19:03:13.0247 3656 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:03:13.0278 3656 E1G60 - ok
19:03:13.0384 3656 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:03:13.0389 3656 Ecache - ok
19:03:13.0530 3656 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:03:13.0545 3656 eeCtrl - ok
19:03:13.0701 3656 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:03:13.0734 3656 elxstor - ok
19:03:13.0890 3656 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:03:13.0894 3656 EraserUtilRebootDrv - ok
19:03:14.0020 3656 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:03:14.0043 3656 ErrDev - ok
19:03:14.0122 3656 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:03:14.0167 3656 exfat - ok
19:03:14.0288 3656 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:03:14.0335 3656 fastfat - ok
19:03:14.0498 3656 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:03:14.0526 3656 fdc - ok
19:03:14.0581 3656 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:03:14.0584 3656 FileInfo - ok
19:03:14.0702 3656 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:03:14.0731 3656 Filetrace - ok
19:03:14.0758 3656 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:14.0780 3656 flpydisk - ok
19:03:14.0821 3656 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:03:14.0828 3656 FltMgr - ok
19:03:14.0984 3656 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:03:14.0985 3656 Fs_Rec - ok
19:03:15.0020 3656 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:03:15.0044 3656 gagp30kx - ok
19:03:15.0171 3656 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:15.0172 3656 GEARAspiWDM - ok
19:03:15.0259 3656 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:03:15.0289 3656 HdAudAddService - ok
19:03:15.0448 3656 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:15.0469 3656 HDAudBus - ok
19:03:15.0591 3656 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:03:15.0614 3656 HidBth - ok
19:03:15.0635 3656 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:03:15.0663 3656 HidIr - ok
19:03:15.0744 3656 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
19:03:15.0745 3656 HidUsb - ok
19:03:15.0874 3656 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:03:15.0898 3656 HpCISSs - ok
19:03:15.0958 3656 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:03:15.0992 3656 HSFHWAZL - ok
19:03:16.0158 3656 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:03:18.0123 3656 HSF_DPV - ok
19:03:18.0274 3656 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:03:18.0288 3656 HTTP - ok
19:03:18.0408 3656 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:03:18.0432 3656 i2omp - ok
19:03:18.0492 3656 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:18.0493 3656 i8042prt - ok
19:03:18.0660 3656 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
19:03:18.0665 3656 iaStor - ok
19:03:18.0796 3656 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:03:18.0829 3656 iaStorV - ok
19:03:19.0259 3656 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:03:19.0519 3656 igfx - ok
19:03:19.0640 3656 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:03:19.0668 3656 iirsp - ok
19:03:19.0811 3656 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
19:03:19.0838 3656 IntcAzAudAddService - ok
19:03:19.0998 3656 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
19:03:20.0000 3656 IntcHdmiAddService - ok
19:03:20.0062 3656 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:03:20.0086 3656 intelide - ok
19:03:20.0205 3656 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:03:20.0207 3656 intelppm - ok
19:03:20.0297 3656 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:20.0332 3656 IpFilterDriver - ok
19:03:20.0431 3656 IpInIp - ok
19:03:20.0491 3656 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:03:20.0526 3656 IPMIDRV - ok
19:03:20.0648 3656 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:03:20.0689 3656 IPNAT - ok
19:03:20.0851 3656 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:03:20.0876 3656 IRENUM - ok
19:03:20.0924 3656 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:03:20.0950 3656 isapnp - ok
19:03:21.0108 3656 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:03:21.0114 3656 iScsiPrt - ok
19:03:21.0154 3656 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:03:21.0180 3656 iteatapi - ok
19:03:21.0321 3656 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:03:21.0348 3656 iteraid - ok
19:03:21.0420 3656 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:21.0421 3656 kbdclass - ok
19:03:21.0533 3656 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:21.0559 3656 kbdhid - ok
19:03:21.0638 3656 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:03:21.0650 3656 KSecDD - ok
19:03:21.0742 3656 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:03:21.0743 3656 ksthunk - ok
19:03:21.0917 3656 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:03:21.0919 3656 LHidFilt - ok
19:03:22.0002 3656 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:03:22.0005 3656 lltdio - ok
19:03:22.0124 3656 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:03:22.0125 3656 LMouFilt - ok
19:03:22.0174 3656 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:03:22.0208 3656 LSI_FC - ok
19:03:22.0324 3656 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:03:22.0355 3656 LSI_SAS - ok
19:03:22.0392 3656 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:03:22.0425 3656 LSI_SCSI - ok
19:03:22.0449 3656 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:03:22.0453 3656 luafv - ok
19:03:22.0608 3656 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:03:22.0609 3656 MBAMProtector - ok
19:03:22.0774 3656 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:03:22.0775 3656 mdmxsdk - ok
19:03:22.0933 3656 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:03:22.0961 3656 megasas - ok
19:03:23.0012 3656 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:03:23.0063 3656 MegaSR - ok
19:03:23.0177 3656 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:03:23.0179 3656 Modem - ok
19:03:23.0216 3656 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:03:23.0219 3656 monitor - ok
19:03:23.0333 3656 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:03:23.0334 3656 mouclass - ok
19:03:23.0426 3656 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:03:23.0427 3656 mouhid - ok
19:03:23.0463 3656 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:03:23.0466 3656 MountMgr - ok
19:03:23.0591 3656 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:03:23.0617 3656 mpio - ok
19:03:23.0671 3656 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:03:23.0674 3656 mpsdrv - ok
19:03:23.0782 3656 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:03:23.0810 3656 Mraid35x - ok
19:03:23.0866 3656 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:03:23.0870 3656 MRxDAV - ok
19:03:23.0964 3656 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:23.0968 3656 mrxsmb - ok
19:03:24.0030 3656 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:24.0037 3656 mrxsmb10 - ok
19:03:24.0149 3656 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:24.0152 3656 mrxsmb20 - ok
19:03:24.0195 3656 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:03:24.0222 3656 msahci - ok
19:03:24.0313 3656 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:03:24.0356 3656 msdsm - ok
19:03:24.0402 3656 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:03:24.0404 3656 Msfs - ok
19:03:24.0534 3656 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:03:24.0536 3656 msisadrv - ok
19:03:24.0575 3656 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:03:24.0595 3656 MSKSSRV - ok
19:03:24.0727 3656 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:24.0748 3656 MSPCLOCK - ok
19:03:24.0791 3656 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:03:24.0811 3656 MSPQM - ok
19:03:24.0930 3656 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:03:24.0938 3656 MsRPC - ok
19:03:25.0063 3656 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:25.0065 3656 mssmbios - ok
19:03:25.0103 3656 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:03:25.0123 3656 MSTEE - ok
19:03:25.0230 3656 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:03:25.0233 3656 Mup - ok
19:03:25.0329 3656 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:03:25.0334 3656 NativeWifiP - ok
19:03:25.0426 3656 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111204.007\ENG64.SYS
19:03:25.0430 3656 NAVENG - ok
19:03:25.0528 3656 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111204.007\EX64.SYS
19:03:25.0570 3656 NAVEX15 - ok
19:03:25.0759 3656 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:03:25.0775 3656 NDIS - ok
19:03:25.0896 3656 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:25.0897 3656 NdisTapi - ok
19:03:25.0937 3656 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:25.0938 3656 Ndisuio - ok
19:03:26.0066 3656 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:26.0068 3656 NdisWan - ok
19:03:26.0111 3656 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:03:26.0112 3656 NDProxy - ok
19:03:26.0230 3656 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:03:26.0234 3656 NetBIOS - ok
19:03:26.0289 3656 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:03:26.0295 3656 netbt - ok
19:03:26.0629 3656 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
19:03:26.0750 3656 NETw5v64 - ok
19:03:26.0879 3656 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:03:26.0934 3656 nfrd960 - ok
19:03:27.0088 3656 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:03:27.0090 3656 Npfs - ok
19:03:27.0157 3656 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:03:27.0158 3656 nsiproxy - ok
19:03:27.0300 3656 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:03:27.0331 3656 Ntfs - ok
19:03:27.0445 3656 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:03:27.0446 3656 Null - ok
19:03:27.0501 3656 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:03:27.0540 3656 nvraid - ok
19:03:27.0658 3656 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:03:27.0688 3656 nvstor - ok
19:03:27.0715 3656 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:03:27.0760 3656 nv_agp - ok
19:03:27.0773 3656 NwlnkFlt - ok
19:03:27.0788 3656 NwlnkFwd - ok
19:03:27.0829 3656 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:03:27.0832 3656 ohci1394 - ok
19:03:27.0986 3656 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:03:28.0016 3656 Parport - ok
19:03:28.0065 3656 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:03:28.0069 3656 partmgr - ok
19:03:28.0231 3656 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:03:28.0238 3656 pci - ok
19:03:28.0286 3656 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:03:28.0309 3656 pciide - ok
19:03:28.0430 3656 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:03:28.0467 3656 pcmcia - ok
19:03:28.0520 3656 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:03:28.0535 3656 PEAUTH - ok
19:03:28.0743 3656 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:03:28.0745 3656 PptpMiniport - ok
19:03:28.0789 3656 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:03:28.0819 3656 Processor - ok
19:03:28.0942 3656 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:03:28.0945 3656 PSched - ok
19:03:29.0096 3656 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
19:03:29.0098 3656 PxHlpa64 - ok
19:03:29.0182 3656 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:03:29.0237 3656 ql2300 - ok
19:03:29.0355 3656 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:03:29.0380 3656 ql40xx - ok
19:03:29.0421 3656 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:03:29.0447 3656 QWAVEdrv - ok
19:03:29.0551 3656 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:03:29.0552 3656 RasAcd - ok
19:03:29.0740 3656 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:29.0742 3656 Rasl2tp - ok
19:03:29.0864 3656 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:29.0865 3656 RasPppoe - ok
19:03:29.0929 3656 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:03:29.0930 3656 RasSstp - ok
19:03:30.0050 3656 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:03:30.0057 3656 rdbss - ok
19:03:30.0168 3656 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:30.0169 3656 RDPCDD - ok
19:03:30.0241 3656 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:03:30.0282 3656 rdpdr - ok
19:03:30.0391 3656 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:03:30.0392 3656 RDPENCDD - ok
19:03:30.0475 3656 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:03:30.0511 3656 RDPWD - ok
19:03:30.0652 3656 regi - ok
19:03:30.0764 3656 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
19:03:30.0810 3656 RFCOMM - ok
19:03:30.0911 3656 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
19:03:30.0912 3656 rimsptsk - ok
19:03:30.0956 3656 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
19:03:30.0957 3656 risdptsk - ok
19:03:31.0070 3656 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:03:31.0073 3656 rspndr - ok
19:03:31.0180 3656 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
19:03:31.0208 3656 RTHDMIAzAudService - ok
19:03:31.0364 3656 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:03:31.0391 3656 sbp2port - ok
19:03:31.0460 3656 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
19:03:31.0464 3656 SCDEmu - ok
19:03:31.0565 3656 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
19:03:31.0601 3656 sdbus - ok
19:03:31.0683 3656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:03:31.0684 3656 secdrv - ok
19:03:31.0799 3656 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:03:31.0827 3656 Serenum - ok
19:03:31.0856 3656 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:03:31.0896 3656 Serial - ok
19:03:31.0909 3656 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:03:31.0933 3656 sermouse - ok
19:03:32.0096 3656 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
19:03:32.0097 3656 SFEP - ok
19:03:32.0163 3656 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:03:32.0187 3656 sffdisk - ok
19:03:32.0280 3656 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:03:32.0304 3656 sffp_mmc - ok
19:03:32.0333 3656 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:03:32.0358 3656 sffp_sd - ok
19:03:32.0405 3656 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:32.0427 3656 sfloppy - ok
19:03:32.0567 3656 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:03:32.0595 3656 SiSRaid2 - ok
19:03:32.0634 3656 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:03:32.0669 3656 SiSRaid4 - ok
19:03:32.0723 3656 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:03:32.0727 3656 Smb - ok
19:03:32.0907 3656 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:03:32.0908 3656 spldr - ok
19:03:32.0989 3656 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS
19:03:32.0995 3656 SRTSP - ok
19:03:33.0098 3656 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS
19:03:33.0153 3656 SRTSPL - ok
19:03:33.0200 3656 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS
19:03:33.0201 3656 SRTSPX - ok
19:03:33.0307 3656 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:03:33.0318 3656 srv - ok
19:03:33.0449 3656 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:03:33.0454 3656 srv2 - ok
19:03:33.0509 3656 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:03:33.0514 3656 srvnet - ok
19:03:33.0658 3656 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:03:33.0659 3656 swenum - ok
19:03:33.0705 3656 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:03:33.0733 3656 Symc8xx - ok
19:03:33.0784 3656 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:33.0789 3656 SymEvent - ok
19:03:33.0906 3656 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:03:33.0936 3656 Sym_hi - ok
19:03:33.0957 3656 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:03:33.0987 3656 Sym_u3 - ok
19:03:34.0077 3656 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:03:34.0108 3656 Tcpip - ok
19:03:34.0277 3656 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:03:34.0290 3656 Tcpip6 - ok
19:03:34.0428 3656 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:03:34.0431 3656 tcpipreg - ok
19:03:34.0481 3656 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:03:34.0510 3656 TDPIPE - ok
19:03:34.0637 3656 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:03:34.0660 3656 TDTCP - ok
19:03:34.0723 3656 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:03:34.0727 3656 tdx - ok
19:03:34.0853 3656 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:03:34.0855 3656 TermDD - ok
19:03:34.0943 3656 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:34.0971 3656 tssecsrv - ok
19:03:35.0131 3656 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:03:35.0160 3656 tunnel - ok
19:03:35.0227 3656 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:03:35.0264 3656 uagp35 - ok
19:03:35.0380 3656 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:03:35.0418 3656 udfs - ok
19:03:35.0552 3656 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:03:35.0587 3656 uliagpkx - ok
19:03:35.0663 3656 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:03:35.0721 3656 uliahci - ok
19:03:35.0849 3656 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:03:35.0882 3656 UlSata - ok
19:03:35.0916 3656 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:03:35.0948 3656 ulsata2 - ok
19:03:36.0063 3656 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:03:36.0065 3656 umbus - ok
19:03:36.0244 3656 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:03:36.0274 3656 USBAAPL64 - ok
19:03:36.0372 3656 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:03:36.0399 3656 usbaudio - ok
19:03:36.0533 3656 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:36.0535 3656 usbccgp - ok
19:03:36.0594 3656 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:03:36.0630 3656 usbcir - ok
19:03:36.0762 3656 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:03:36.0763 3656 usbehci - ok
19:03:36.0830 3656 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:03:36.0834 3656 usbhub - ok
19:03:36.0931 3656 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:03:36.0956 3656 usbohci - ok
19:03:37.0015 3656 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:03:37.0040 3656 usbprint - ok
19:03:37.0157 3656 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:37.0184 3656 USBSTOR - ok
19:03:37.0252 3656 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:03:37.0253 3656 usbuhci - ok
19:03:37.0390 3656 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:03:37.0392 3656 usbvideo - ok
19:03:37.0491 3656 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:37.0520 3656 vga - ok
19:03:37.0622 3656 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:03:37.0623 3656 VgaSave - ok
19:03:37.0655 3656 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:03:37.0679 3656 viaide - ok
19:03:37.0717 3656 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:03:37.0720 3656 volmgr - ok
19:03:37.0783 3656 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:03:37.0792 3656 volmgrx - ok
19:03:37.0929 3656 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:03:37.0936 3656 volsnap - ok
19:03:38.0082 3656 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:03:38.0129 3656 vsmraid - ok
19:03:38.0177 3656 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:03:38.0202 3656 WacomPen - ok
19:03:38.0323 3656 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:38.0326 3656 Wanarp - ok
19:03:38.0333 3656 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:38.0334 3656 Wanarpv6 - ok
19:03:38.0463 3656 wanatw - ok
19:03:38.0515 3656 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:03:38.0537 3656 Wd - ok
19:03:38.0686 3656 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:03:38.0706 3656 Wdf01000 - ok
19:03:38.0862 3656 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:03:38.0889 3656 WimFltr - ok
19:03:38.0987 3656 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:03:39.0025 3656 winachsf - ok
19:03:39.0222 3656 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:03:39.0244 3656 WmiAcpi - ok
19:03:39.0289 3656 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:03:39.0316 3656 ws2ifsl - ok
19:03:39.0369 3656 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:39.0373 3656 WUDFRd - ok
19:03:39.0530 3656 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
19:03:39.0531 3656 XAudio - ok
19:03:39.0621 3656 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
19:03:39.0631 3656 yukonx64 - ok
19:03:39.0657 3656 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:03:39.0675 3656 \Device\Harddisk0\DR0 - ok
19:03:39.0680 3656 Boot (0x1200) (a3984737ab927ee436f577b0f3ceb406) \Device\Harddisk0\DR0\Partition0
19:03:39.0681 3656 \Device\Harddisk0\DR0\Partition0 - ok
19:03:39.0683 3656 ============================================================
19:03:39.0683 3656 Scan finished
19:03:39.0683 3656 ============================================================
19:03:39.0776 4136 Detected object count: 0
19:03:39.0776 4136 Actual detected object count: 0
19:52:54.0768 4460 ============================================================
19:52:54.0769 4460 Scan started
19:52:54.0769 4460 Mode: Manual;
19:52:54.0769 4460 ============================================================
19:52:58.0097 4460 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:52:58.0167 4460 ACPI - ok
19:52:58.0672 4460 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:52:58.0678 4460 adp94xx - ok
19:52:59.0026 4460 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:52:59.0029 4460 adpahci - ok
19:52:59.0362 4460 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:52:59.0364 4460 adpu160m - ok
19:52:59.0757 4460 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:52:59.0759 4460 adpu320 - ok
19:53:00.0160 4460 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:53:00.0265 4460 AFD - ok
19:53:00.0730 4460 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:53:00.0731 4460 agp440 - ok
19:53:01.0086 4460 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:53:01.0088 4460 aic78xx - ok
19:53:01.0331 4460 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:53:01.0331 4460 aliide - ok
19:53:01.0576 4460 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:53:01.0577 4460 amdide - ok
19:53:01.0936 4460 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:53:01.0937 4460 AmdK8 - ok
19:53:02.0401 4460 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:53:02.0461 4460 ApfiltrService - ok
19:53:02.0918 4460 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:53:02.0919 4460 arc - ok
19:53:03.0418 4460 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:53:03.0419 4460 arcsas - ok
19:53:03.0768 4460 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:53:03.0768 4460 ArcSoftKsUFilter - ok
19:53:04.0170 4460 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:53:04.0170 4460 AsyncMac - ok
19:53:04.0575 4460 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
19:53:04.0575 4460 atapi - ok
19:53:05.0266 4460 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
19:53:05.0278 4460 athr - ok
19:53:06.0699 4460 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:53:06.0749 4460 atikmdag - ok
19:53:07.0043 4460 Beep - ok
19:53:07.0288 4460 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:53:07.0289 4460 blbdrive - ok
19:53:07.0804 4460 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:53:07.0824 4460 bowser - ok
19:53:08.0252 4460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:53:08.0252 4460 BrFiltLo - ok
19:53:08.0559 4460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:53:08.0560 4460 BrFiltUp - ok
19:53:09.0044 4460 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:53:09.0045 4460 Brserid - ok
19:53:09.0512 4460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:53:09.0513 4460 BrSerWdm - ok
19:53:10.0190 4460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:53:10.0191 4460 BrUsbMdm - ok
19:53:10.0658 4460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:53:10.0658 4460 BrUsbSer - ok
19:53:11.0116 4460 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
19:53:11.0117 4460 BthEnum - ok
19:53:11.0629 4460 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:53:11.0630 4460 BTHMODEM - ok
19:53:12.0179 4460 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
19:53:12.0181 4460 BthPan - ok
19:53:12.0838 4460 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
19:53:12.0845 4460 BTHPORT - ok
19:53:13.0479 4460 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
19:53:13.0480 4460 BTHUSB - ok
19:53:14.0036 4460 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
19:53:14.0037 4460 btwaudio - ok
19:53:14.0472 4460 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
19:53:14.0473 4460 btwavdt - ok
19:53:14.0987 4460 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:53:14.0988 4460 btwl2cap - ok
19:53:15.0556 4460 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
19:53:15.0557 4460 btwrchid - ok
19:53:15.0968 4460 catchme - ok
19:53:16.0621 4460 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:53:16.0624 4460 CAXHWAZL - ok
19:53:17.0195 4460 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:53:17.0274 4460 cdfs - ok
19:53:17.0813 4460 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:53:18.0013 4460 cdrom - ok
19:53:18.0475 4460 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:53:18.0476 4460 circlass - ok
19:53:18.0785 4460 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:53:18.0886 4460 CLFS - ok
19:53:19.0530 4460 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:53:19.0531 4460 CmBatt - ok
19:53:19.0881 4460 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:53:19.0882 4460 cmdide - ok
19:53:20.0330 4460 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
19:53:20.0342 4460 COH_Mon - ok
19:53:20.0929 4460 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:53:20.0930 4460 Compbatt - ok
19:53:21.0287 4460 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:53:21.0309 4460 cpudrv64 - ok
19:53:21.0584 4460 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:53:21.0585 4460 crcdisk - ok
19:53:21.0940 4460 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:53:21.0946 4460 DfsC - ok
19:53:22.0277 4460 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:53:22.0321 4460 disk - ok
19:53:22.0742 4460 DMICall - ok
19:53:22.0995 4460 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:53:22.0996 4460 drmkaud - ok
19:53:23.0589 4460 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:53:23.0921 4460 DXGKrnl - ok
19:53:24.0292 4460 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:53:24.0294 4460 E1G60 - ok
19:53:24.0807 4460 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:53:24.0879 4460 Ecache - ok
19:53:25.0184 4460 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:53:25.0293 4460 eeCtrl - ok
19:53:25.0746 4460 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:53:25.0750 4460 elxstor - ok
19:53:26.0057 4460 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:53:26.0080 4460 EraserUtilRebootDrv - ok
19:53:26.0543 4460 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:53:26.0544 4460 ErrDev - ok
19:53:26.0822 4460 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:53:26.0824 4460 exfat - ok
19:53:27.0177 4460 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:53:27.0179 4460 fastfat - ok
19:53:27.0498 4460 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:53:27.0499 4460 fdc - ok
19:53:28.0014 4460 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:53:28.0126 4460 FileInfo - ok
19:53:28.0591 4460 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:53:28.0592 4460 Filetrace - ok
19:53:28.0892 4460 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:53:28.0893 4460 flpydisk - ok
19:53:29.0303 4460 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:53:29.0389 4460 FltMgr - ok
19:53:29.0696 4460 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:53:29.0697 4460 Fs_Rec - ok
19:53:30.0031 4460 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:53:30.0032 4460 gagp30kx - ok
19:53:30.0404 4460 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:53:30.0439 4460 GEARAspiWDM - ok
19:53:30.0637 4460 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:53:30.0640 4460 HdAudAddService - ok
19:53:30.0982 4460 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:53:31.0046 4460 HDAudBus - ok
19:53:31.0480 4460 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:53:31.0481 4460 HidBth - ok
19:53:31.0849 4460 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:53:31.0849 4460 HidIr - ok
19:53:32.0333 4460 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
19:53:32.0334 4460 HidUsb - ok
19:53:32.0763 4460 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:53:32.0764 4460 HpCISSs - ok
19:53:33.0170 4460 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:53:33.0173 4460 HSFHWAZL - ok
19:53:34.0414 4460 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:53:34.0429 4460 HSF_DPV - ok
19:53:35.0108 4460 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:53:35.0499 4460 HTTP - ok
19:53:36.0019 4460 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:53:36.0020 4460 i2omp - ok
19:53:36.0458 4460 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:53:36.0494 4460 i8042prt - ok
19:53:36.0925 4460 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
19:53:37.0055 4460 iaStor - ok
19:53:37.0674 4460 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:53:37.0677 4460 iaStorV - ok
19:53:39.0760 4460 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:53:40.0222 4460 igfx - ok
19:53:40.0406 4460 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:53:40.0407 4460 iirsp - ok
19:53:40.0927 4460 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
19:53:41.0361 4460 IntcAzAudAddService - ok
19:53:41.0809 4460 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
19:53:41.0862 4460 IntcHdmiAddService - ok
19:53:42.0140 4460 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:53:42.0141 4460 intelide - ok
19:53:42.0216 4460 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:53:42.0217 4460 intelppm - ok
19:53:42.0397 4460 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:53:42.0398 4460 IpFilterDriver - ok
19:53:42.0426 4460 IpInIp - ok
19:53:42.0569 4460 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:53:42.0570 4460 IPMIDRV - ok
19:53:42.0590 4460 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:53:42.0591 4460 IPNAT - ok
19:53:42.0609 4460 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:53:42.0610 4460 IRENUM - ok
19:53:42.0626 4460 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:53:42.0627 4460 isapnp - ok
19:53:42.0775 4460 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:53:42.0781 4460 iScsiPrt - ok
19:53:42.0898 4460 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:53:42.0899 4460 iteatapi - ok
19:53:42.0914 4460 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:53:42.0915 4460 iteraid - ok
19:53:42.0964 4460 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:53:42.0983 4460 kbdclass - ok
19:53:43.0033 4460 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:53:43.0034 4460 kbdhid - ok
19:53:43.0323 4460 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:53:43.0427 4460 KSecDD - ok
19:53:43.0919 4460 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:53:43.0920 4460 ksthunk - ok
19:53:44.0184 4460 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:53:44.0185 4460 LHidFilt - ok
19:53:44.0457 4460 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:53:44.0460 4460 lltdio - ok
19:53:44.0857 4460 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:53:44.0859 4460 LMouFilt - ok
19:53:45.0218 4460 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:53:45.0220 4460 LSI_FC - ok
19:53:45.0769 4460 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:53:45.0770 4460 LSI_SAS - ok
19:53:46.0362 4460 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:53:46.0363 4460 LSI_SCSI - ok
19:53:46.0571 4460 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:53:46.0573 4460 luafv - ok
19:53:46.0707 4460 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:53:46.0708 4460 MBAMProtector - ok
19:53:46.0840 4460 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:53:46.0841 4460 mdmxsdk - ok
19:53:47.0044 4460 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:53:47.0045 4460 megasas - ok
19:53:47.0223 4460 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:53:47.0228 4460 MegaSR - ok
19:53:47.0656 4460 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:53:47.0657 4460 Modem - ok
19:53:47.0838 4460 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:53:47.0839 4460 monitor - ok
19:53:48.0066 4460 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:53:48.0067 4460 mouclass - ok
19:53:48.0426 4460 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:53:48.0427 4460 mouhid - ok
19:53:48.0629 4460 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:53:48.0630 4460 MountMgr - ok
19:53:48.0679 4460 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:53:48.0681 4460 mpio - ok
19:53:48.0848 4460 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:53:48.0850 4460 mpsdrv - ok
19:53:49.0049 4460 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:53:49.0050 4460 Mraid35x - ok
19:53:49.0177 4460 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:53:49.0179 4460 MRxDAV - ok
19:53:49.0564 4460 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:53:49.0566 4460 mrxsmb - ok
19:53:49.0860 4460 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:53:49.0862 4460 mrxsmb10 - ok
19:53:50.0248 4460 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:53:50.0250 4460 mrxsmb20 - ok
19:53:50.0562 4460 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:53:50.0563 4460 msahci - ok
19:53:50.0735 4460 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:53:50.0737 4460 msdsm - ok
19:53:50.0780 4460 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:53:50.0781 4460 Msfs - ok
19:53:50.0834 4460 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:53:50.0835 4460 msisadrv - ok
19:53:51.0285 4460 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:53:51.0286 4460 MSKSSRV - ok
19:53:51.0482 4460 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:53:51.0483 4460 MSPCLOCK - ok
19:53:51.0601 4460 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:53:51.0602 4460 MSPQM - ok
19:53:51.0957 4460 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:53:51.0960 4460 MsRPC - ok
19:53:52.0318 4460 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:53:52.0319 4460 mssmbios - ok
19:53:52.0635 4460 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:53:52.0636 4460 MSTEE - ok
19:53:52.0730 4460 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:53:52.0731 4460 Mup - ok
19:53:53.0027 4460 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:53:53.0029 4460 NativeWifiP - ok
19:53:53.0248 4460 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111204.007\ENG64.SYS
19:53:53.0250 4460 NAVENG - ok
19:53:53.0851 4460 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111204.007\EX64.SYS
19:53:54.0405 4460 NAVEX15 - ok
19:53:54.0937 4460 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:53:54.0944 4460 NDIS - ok
19:53:55.0262 4460 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:53:55.0263 4460 NdisTapi - ok
19:53:55.0614 4460 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:53:55.0615 4460 Ndisuio - ok
19:53:55.0899 4460 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:53:55.0901 4460 NdisWan - ok
19:53:56.0144 4460 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:53:56.0145 4460 NDProxy - ok
19:53:56.0374 4460 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:53:56.0375 4460 NetBIOS - ok
19:53:56.0733 4460 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:53:56.0736 4460 netbt - ok
19:53:57.0636 4460 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
19:53:58.0318 4460 NETw5v64 - ok
19:53:58.0501 4460 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:53:58.0503 4460 nfrd960 - ok
19:53:58.0587 4460 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:53:58.0588 4460 Npfs - ok
19:53:58.0623 4460 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:53:58.0624 4460 nsiproxy - ok
19:53:58.0811 4460 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:53:58.0825 4460 Ntfs - ok
19:53:59.0012 4460 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:53:59.0013 4460 Null - ok
19:53:59.0067 4460 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:53:59.0068 4460 nvraid - ok
19:53:59.0084 4460 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:53:59.0086 4460 nvstor - ok
19:53:59.0209 4460 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:53:59.0211 4460 nv_agp - ok
19:53:59.0226 4460 NwlnkFlt - ok
19:53:59.0251 4460 NwlnkFwd - ok
19:53:59.0295 4460 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:53:59.0297 4460 ohci1394 - ok
19:53:59.0453 4460 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:53:59.0454 4460 Parport - ok
19:53:59.0531 4460 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:53:59.0533 4460 partmgr - ok
19:53:59.0664 4460 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:53:59.0667 4460 pci - ok
19:53:59.0730 4460 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:53:59.0731 4460 pciide - ok
19:53:59.0841 4460 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:53:59.0843 4460 pcmcia - ok
19:53:59.0919 4460 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:53:59.0926 4460 PEAUTH - ok
19:54:00.0098 4460 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:54:00.0100 4460 PptpMiniport - ok
19:54:00.0177 4460 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:54:00.0178 4460 Processor - ok
19:54:00.0319 4460 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:54:00.0320 4460 PSched - ok
19:54:00.0395 4460 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
19:54:00.0396 4460 PxHlpa64 - ok
19:54:00.0530 4460 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:54:00.0542 4460 ql2300 - ok
19:54:00.0677 4460 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:54:00.0681 4460 ql40xx - ok
19:54:00.0776 4460 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:54:00.0777 4460 QWAVEdrv - ok
19:54:00.0973 4460 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:54:00.0974 4460 RasAcd - ok
19:54:01.0195 4460 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:01.0196 4460 Rasl2tp - ok
19:54:01.0473 4460 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:01.0474 4460 RasPppoe - ok
19:54:01.0673 4460 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:54:01.0674 4460 RasSstp - ok
19:54:01.0903 4460 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:54:01.0906 4460 rdbss - ok
19:54:02.0046 4460 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:02.0047 4460 RDPCDD - ok
19:54:02.0118 4460 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:54:02.0121 4460 rdpdr - ok
19:54:02.0332 4460 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:54:02.0332 4460 RDPENCDD - ok
19:54:02.0542 4460 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:54:02.0544 4460 RDPWD - ok
19:54:02.0707 4460 regi - ok
19:54:02.0774 4460 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
19:54:02.0777 4460 RFCOMM - ok
19:54:02.0977 4460 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
19:54:02.0981 4460 rimsptsk - ok
19:54:03.0266 4460 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
19:54:03.0293 4460 risdptsk - ok
19:54:03.0573 4460 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:54:03.0574 4460 rspndr - ok
19:54:03.0757 4460 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
19:54:03.0759 4460 RTHDMIAzAudService - ok
19:54:04.0008 4460 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:54:04.0010 4460 sbp2port - ok
19:54:04.0182 4460 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
19:54:04.0183 4460 SCDEmu - ok
19:54:04.0420 4460 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
19:54:04.0422 4460 sdbus - ok
19:54:04.0615 4460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:54:04.0617 4460 secdrv - ok
19:54:04.0832 4460 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:54:04.0833 4460 Serenum - ok
19:54:04.0898 4460 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:54:04.0899 4460 Serial - ok
19:54:04.0913 4460 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:54:04.0914 4460 sermouse - ok
19:54:04.0962 4460 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
19:54:05.0010 4460 SFEP - ok
19:54:05.0318 4460 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:54:05.0319 4460 sffdisk - ok
19:54:05.0434 4460 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:54:05.0435 4460 sffp_mmc - ok
19:54:05.0458 4460 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:54:05.0459 4460 sffp_sd - ok
19:54:05.0527 4460 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:05.0528 4460 sfloppy - ok
19:54:05.0655 4460 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:54:05.0657 4460 SiSRaid2 - ok
19:54:05.0741 4460 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:54:05.0742 4460 SiSRaid4 - ok
19:54:05.0834 4460 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:54:05.0836 4460 Smb - ok
19:54:06.0028 4460 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:54:06.0029 4460 spldr - ok
19:54:06.0232 4460 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS
19:54:06.0237 4460 SRTSP - ok
19:54:06.0420 4460 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS
19:54:06.0425 4460 SRTSPL - ok
19:54:06.0444 4460 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS
19:54:06.0444 4460 SRTSPX - ok
19:54:06.0576 4460 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:54:06.0581 4460 srv - ok
19:54:06.0717 4460 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:54:06.0720 4460 srv2 - ok
19:54:07.0220 4460 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:54:07.0221 4460 srvnet - ok
19:54:07.0380 4460 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:54:07.0381 4460 swenum - ok
19:54:07.0548 4460 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:54:07.0549 4460 Symc8xx - ok
19:54:07.0672 4460 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:54:07.0674 4460 SymEvent - ok
19:54:07.0861 4460 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:54:07.0862 4460 Sym_hi - ok
19:54:07.0995 4460 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:54:07.0997 4460 Sym_u3 - ok
19:54:08.0366 4460 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:54:08.0379 4460 Tcpip - ok
19:54:08.0610 4460 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:54:08.0624 4460 Tcpip6 - ok
19:54:09.0027 4460 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:54:09.0028 4460 tcpipreg - ok
19:54:09.0124 4460 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:54:09.0125 4460 TDPIPE - ok
19:54:09.0258 4460 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:54:09.0259 4460 TDTCP - ok
19:54:09.0511 4460 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:54:09.0513 4460 tdx - ok
19:54:09.0652 4460 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:54:09.0654 4460 TermDD - ok
19:54:09.0753 4460 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:09.0754 4460 tssecsrv - ok
19:54:09.0806 4460 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:54:09.0807 4460 tunnel - ok
19:54:09.0937 4460 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:54:09.0939 4460 uagp35 - ok
19:54:10.0012 4460 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:54:10.0016 4460 udfs - ok
19:54:10.0229 4460 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:54:10.0230 4460 uliagpkx - ok
19:54:10.0626 4460 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:54:10.0629 4460 uliahci - ok
19:54:11.0039 4460 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:54:11.0041 4460 UlSata - ok
19:54:11.0406 4460 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:54:11.0408 4460 ulsata2 - ok
19:54:11.0874 4460 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:54:11.0875 4460 umbus - ok
19:54:12.0232 4460 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:54:12.0234 4460 USBAAPL64 - ok
19:54:12.0527 4460 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:54:12.0529 4460 usbaudio - ok
19:54:12.0666 4460 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:12.0669 4460 usbccgp - ok
19:54:12.0870 4460 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:54:12.0872 4460 usbcir - ok
19:54:13.0015 4460 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:54:13.0018 4460 usbehci - ok
19:54:13.0118 4460 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:54:13.0125 4460 usbhub - ok
19:54:13.0308 4460 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:54:13.0309 4460 usbohci - ok
19:54:13.0536 4460 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:54:13.0537 4460 usbprint - ok
19:54:13.0845 4460 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:13.0846 4460 USBSTOR - ok
19:54:14.0029 4460 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:54:14.0030 4460 usbuhci - ok
19:54:14.0289 4460 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:54:14.0294 4460 usbvideo - ok
19:54:14.0557 4460 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:14.0558 4460 vga - ok
19:54:14.0921 4460 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:54:14.0922 4460 VgaSave - ok
19:54:15.0236 4460 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:54:15.0237 4460 viaide - ok
19:54:15.0538 4460 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:54:15.0553 4460 volmgr - ok
19:54:15.0860 4460 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:54:15.0872 4460 volmgrx - ok
19:54:16.0203 4460 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:54:16.0212 4460 volsnap - ok
19:54:16.0383 4460 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:54:16.0385 4460 vsmraid - ok
19:54:16.0598 4460 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:54:16.0599 4460 WacomPen - ok
19:54:16.0833 4460 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:16.0838 4460 Wanarp - ok
19:54:16.0843 4460 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:16.0845 4460 Wanarpv6 - ok
19:54:17.0151 4460 wanatw - ok
19:54:17.0558 4460 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:54:17.0559 4460 Wd - ok
19:54:18.0189 4460 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:54:18.0219 4460 Wdf01000 - ok
19:54:18.0591 4460 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:54:18.0593 4460 WimFltr - ok
19:54:18.0963 4460 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:54:18.0970 4460 winachsf - ok
19:54:19.0276 4460 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:54:19.0277 4460 WmiAcpi - ok
19:54:19.0589 4460 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:54:19.0590 4460 ws2ifsl - ok
19:54:20.0168 4460 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:20.0223 4460 WUDFRd - ok
19:54:20.0440 4460 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
19:54:20.0441 4460 XAudio - ok
19:54:20.0687 4460 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
19:54:20.0834 4460 yukonx64 - ok
19:54:21.0166 4460 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:54:21.0274 4460 \Device\Harddisk0\DR0 - ok
19:54:21.0282 4460 Boot (0x1200) (a3984737ab927ee436f577b0f3ceb406) \Device\Harddisk0\DR0\Partition0
19:54:21.0283 4460 \Device\Harddisk0\DR0\Partition0 - ok
19:54:21.0288 4460 ============================================================
19:54:21.0288 4460 Scan finished
19:54:21.0288 4460 ============================================================
19:54:21.0303 5944 Detected object count: 0
19:54:21.0303 5944 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 06 December 2011 - 01:20 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 December 2011 - 11:18 AM

Hey, I tried running aswMBR but it isn't running. I get the warning and try to open it but nothing comes up, kind of like the issue I had with TDSSKIller. Renaming it hasn't worked either.

Also, I'm sorry this has been such a pain in the neck! Your help is really appreciated.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 06 December 2011 - 12:42 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 December 2011 - 06:32 PM

Okay so I ran the program and it says it got something and repaired it. And then I was able to run aswMBR and get the log for you.

Also, while aswMBR was running Symantec was able to quarantine a trojan, so that's awesome.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 18:02:17
-----------------------------
18:02:17.865 OS Version: Windows x64 6.0.6002 Service Pack 2
18:02:17.865 Number of processors: 2 586 0x170A
18:02:17.865 ComputerName: JACK UserName:
18:02:19.628 Initialize success
18:07:08.264 AVAST engine defs: 11120602
18:07:27.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:07:27.093 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:07:27.109 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005e
18:07:27.109 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
18:07:27.109 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005f
18:07:27.124 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
18:07:27.140 Disk 0 MBR read successfully
18:07:27.156 Disk 0 MBR scan
18:07:27.156 Disk 0 Windows VISTA default MBR code
18:07:27.171 Service scanning
18:07:41.414 Modules scanning
18:07:41.414 Disk 0 trace - called modules:
18:07:41.445 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
18:07:41.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a34790]
18:07:41.960 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa8004c06b30]
18:07:41.976 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0b050]
18:07:47.405 AVAST engine scan C:\Windows
18:07:58.311 AVAST engine scan C:\Windows\system32
18:12:00.028 AVAST engine scan C:\Windows\system32\drivers
18:12:34.225 AVAST engine scan C:\Users\Bryan
18:24:36.965 AVAST engine scan C:\ProgramData
18:30:26.830 Scan finished successfully
18:31:14.052 Disk 0 MBR has been saved successfully to "C:\Users\Bryan\Desktop\MBR.dat"
18:31:14.067 The log file has been saved successfully to "C:\Users\Bryan\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 07 December 2011 - 07:30 AM

Hello


I need to know how the computer is doing now?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mischief Brew

Mischief Brew
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 07 December 2011 - 11:27 AM

So I ran combofix and generated the log here. But from what I can tell, things look cleared up. I know that might not be the case but I'm keeping my fingers crossed.



ComboFix 11-12-04.04 - Bryan 12/07/2011 10:58:02.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2076 [GMT -5:00]
Running from: c:\users\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Bryan\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Bryan\AppData\Local\Windows Server
c:\users\Bryan\AppData\Roaming\Adobe\plugs
c:\users\Bryan\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 16:14 . 2011-12-07 16:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-07 16:14 . 2011-12-07 16:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-07 16:14 . 2011-12-07 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 22:55 . 2011-12-06 22:55 -------- d-----w- c:\users\Bryan\AppData\Roaming\FixTDSS
2011-11-28 23:45 . 2011-11-28 23:45 -------- d-----w- c:\users\Bryan\AppData\Roaming\go
2011-11-28 16:05 . 2011-11-28 16:05 -------- dc----w- c:\program files\iPod
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files\iTunes
2011-11-28 16:05 . 2011-11-28 16:06 -------- dc----w- c:\program files (x86)\iTunes
2011-11-27 16:45 . 2011-11-27 16:45 -------- dc----w- C:\_Quarantine
2011-11-27 15:35 . 2011-11-27 15:35 -------- dc----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-26 17:21 . 2011-11-26 17:21 -------- d-----w- c:\users\Bryan\AppData\Local\Secunia PSI
2011-11-26 17:21 . 2011-11-26 17:21 -------- dc----w- c:\program files (x86)\Secunia
2011-11-26 07:06 . 2011-11-26 07:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 02:47 . 2011-11-26 02:47 -------- dc----w- c:\program files (x86)\Common Files\PC Tools
2011-11-23 04:08 . 2011-11-23 04:08 -------- dc----w- c:\program files (x86)\GOG.com
2011-11-08 23:54 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-08 23:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-08 23:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-09 18:17 . 2011-05-14 13:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25 . 2011-10-12 15:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-12 15:02 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-12 15:02 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-12 15:02 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-12 15:02 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-12 15:02 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-12 15:02 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 15:02 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 15:02 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-12 15:02 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-12 15:02 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-12 15:02 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-12 15:02 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-12 15:02 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 15:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-04_23.07.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-12-04 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-07 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-12-04 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-07 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-04 15:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-07 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-12-07 15:10 76708 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-12-07 15:10 85026 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-05 16:08 . 2011-12-04 21:53 28474 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2059574784-2247313448-822834552-1000_UserData.bin
+ 2009-08-05 16:08 . 2011-12-07 15:10 28474 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2059574784-2247313448-822834552-1000_UserData.bin
- 2009-05-10 01:31 . 2011-12-04 15:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 01:31 . 2011-12-07 15:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 01:31 . 2011-12-07 15:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 01:31 . 2011-12-04 15:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 01:31 . 2011-12-04 15:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-10 01:31 . 2011-12-07 15:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-25 15:58 . 2011-12-04 15:54 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-25 15:58 . 2011-12-06 15:39 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-30 01:30 . 2011-12-06 15:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-30 01:30 . 2011-12-04 21:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-30 01:30 . 2011-12-06 15:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-30 01:30 . 2011-12-04 21:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-30 01:30 . 2011-12-06 15:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-30 01:30 . 2011-12-04 21:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-05 18:21 . 2011-12-04 21:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-05 18:21 . 2011-12-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-05 18:21 . 2011-12-07 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-05 18:21 . 2011-12-04 21:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-04 21:49 . 2011-12-04 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-07 15:06 . 2011-12-07 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-07 15:06 . 2011-12-07 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-04 21:49 . 2011-12-04 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-06 00:51 . 2011-12-06 22:52 212100 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-11-29 06:17 679274 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-12-06 04:16 679274 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-29 06:17 135012 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-12-06 04:16 135012 c:\windows\system32\perfc009.dat
- 2010-04-28 06:09 . 2011-12-04 21:46 351216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-28 06:09 . 2011-12-07 06:38 351216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-14 08:29 . 2011-12-07 06:38 1918552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2059574784-2247313448-822834552-1000-12288.dat
- 2010-05-14 08:29 . 2011-12-04 21:46 1918552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2059574784-2247313448-822834552-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-04-14 2054448]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-06-05 115560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-09 1164656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R4 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 411496]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\User_Feed_Synchronization-{5B8CDF0D-4BDA-4A6F-9C8B-C6198DE20803}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 129.49.7.170
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\v0oo9hco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=14-05-2010&tb_mrud=14-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d5,d2,8f,6c,3f,61,44,a0,98,d9,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,86,08,be,8b,dd,c3,94,62,c2,62,fb,a6,54,7f,cd,c1,fa,50,96,0a,a8,ba,
53,a2,70,ca,0d,4e,ea,21,40,28,e8,87,ad,41,99,48,32,72,0c,d0,c7,5b,7a,42,30,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-2059574784-2247313448-822834552-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,2a,36,d2,e2,e0,c9,7c,a9,38,8b,1b,7e,e0,2a,a8,4f,63,fb,8b,c3,
02,8c,10,b6,72,df,1a,86,77,c2,9c,59,d0,92,74,e2,f7,51,f7,9a,da,93,53,1e,f0,\
"rkeysecu"=hex:61,20,ff,bc,69,eb,35,90,c5,86,96,19,66,2e,39,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-07 11:19:45
ComboFix-quarantined-files.txt 2011-12-07 16:19
ComboFix2.txt 2011-12-05 05:09
ComboFix3.txt 2011-12-04 23:35
.
Pre-Run: 166,884,593,664 bytes free
Post-Run: 166,182,158,336 bytes free
.
- - End Of File - - C3F831FB199C8E28BAE6CD2108E826DE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users