Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concern with pup.bitminer


  • Please log in to reply
21 replies to this topic

#1 fmycp09

fmycp09

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 January 2012 - 03:11 PM

Hey BP, I had been infected with those recent Win 7 Security 2012 rogues a couple times. The first time, about a month ago, I just used the Uninstall Guide and it removed it successfully, but a couple weeks ago I was infected again. The second time (and I can't remember whether I saw it the first time; I don't believe I did), I noticed the pup.bitminer virus that seems to be giving people trouble in the list of infected items. It was already unchecked in the remove option, so I left it unchecked since it seemed like they stick around regardless and wished not to cause any trouble while going about removing it with your aid.

From reading of other people's problems with this pup.bitminer [using my desktop], I didn't want to do anything else on my laptop that might complicate the infection, so I proceeded to shut it down and haven't touched it until now while starting with step 6 in the Preparation Guide. I've got a 64-bit version of Windows though, so I skipped step 8. I'm in normal mode, if this helps gauge anything (that I'm able to use Firefox, run executables apparently I guess, etc.) and I haven't had any infection warnings by rogues so it looks like the Win 7 Security 2012, itself, was successfully removed.

Thanks, ahead of time.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Matt at 13:40:10 on 2012-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4014.2378 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager

\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb

\VzCdbSvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ZuneLauncher.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-

4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files

(x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program

Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program

Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files

(x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files

(x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton

Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft

\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup

Scheduler.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash

\FlashUtil10t_Plugin.exe -update plugin
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility

\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack

\Default Manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK -

C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK -

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} -

c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} -

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\14675627972323D27657563747 :

DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\2456C6B696E6E233337313 :

DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\A4566666562737F6E62363 :

DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-

A37A7C278809}\D696C6C656E69657D6F56616C636F6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\F4257495 : DhcpNameServer =

10.50.0.1 10.50.0.2 10.50.0.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program

Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3

consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-

8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files

(x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:

\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:

\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files

(x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files

(x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft

\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility

\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement

Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2bovsosf.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-

7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components

\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components

\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins

\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins

\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:

\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows

\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS

--> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers

\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C

\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [2010-8-31

954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C

\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100917.001\IDSviA64.sys [2010-9-18

463408]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C

\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers

\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C

\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine

\17.9.0.12\ccsvchst.exe [2011-10-11 126400]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

[2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows

\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows

\system32\drivers\risdsne64.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects

2\uCamMonitor.exe [2010-3-24 104960]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO

Content Folder Watcher\VCFw.exe [2009-9-14 642416]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS

\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers

\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows

\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power

Management\SPMService.exe [2010-3-24 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-3-24 1223024]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys

--> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows

\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-3-24 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home

10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-

28 183560]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows

\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:

\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-3-24 135664]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS

\Impcd.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files

(x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI

\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home

10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010

-3-24 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony

Shared\SOHLib\SOHCImp.exe [2010-3-24 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony

Shared\SOHLib\SOHDBSvr.exe [2010-3-24 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony

Shared\SOHLib\SOHDms.exe [2010-3-24 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared

\SOHLib\SOHDs.exe [2010-3-24 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony

Shared\SOHLib\SOHPlMgr.exe [2010-3-24 91432]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

[2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows

\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM

Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-3-24 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files

\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-3-24 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony

Shared\VcmXml\VcmXmlIfHelper64.exe [2010-3-24 110960]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat

\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files

\WMZuneComm.exe [2010-11-11 306416]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files

(x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server

\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-01-03 08:06:04 -------- d-----we C:\Windows\system64
2011-12-31 05:52:37 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender

\Definition Updates\{9542FDF0-A3BA-4F6D-BA0C-81BC11249051}\mpengine.dll
2011-12-15 01:51:35 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 01:51:34 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 01:51:27 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 01:51:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 01:51:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 01:51:14 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-17 15:19:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-17 15:19:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2010-11-11 20:04:20 645872 ----a-w- C:\Program Files\UIX.renderapi.dll
2010-11-11 20:04:20 1526512 ----a-w- C:\Program Files\UIX.dll
2010-11-11 20:04:20 1243888 ----a-w- C:\Program Files\ZuneShell.dll
2010-11-11 20:04:20 1151728 ----a-w- C:\Program Files\ZuneDBApi.dll
2010-11-11 20:04:18 1284848 ----a-w- C:\Program Files\UIXcontrols.dll
2010-11-11 19:59:38 9971440 ----a-w- C:\Program Files\ZuneNativeLib.dll
2010-09-24 17:19:24 182784 ----a-w- C:\Program Files\l3codecp.acm
2010-09-24 16:49:20 626688 ----a-w- C:\Program Files\msvcr90.dll
2010-09-24 16:49:18 856576 ----a-w- C:\Program Files\msvcp90.dll
2010-09-24 16:49:18 245760 ----a-w- C:\Program Files\msvcm90.dll
2007-10-02 20:12:44 1642568 ----a-w- C:\Program Files\msidcrl40.dll
.
============= FINISH: 13:41:20.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 07 January 2012 - 03:25 PM

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 January 2012 - 09:47 PM

Hey Gammo, I ran Combofix as instructed, but another issue has impeded.. every now and then when I've left my laptop on and its screen will shut off after a while (from power settings), when I come back, it won't bring me back to full display. You can see a backlight but it's just a black screen, and I think that's what's happened here. Previous times I'd try closing the laptop and reopening it, but if that didn't work I would just shut it off via power button and turn it back on. Since there's some pretty complicated stuff going on, I don't want to do that; it's been like this for at least 45 minutes now. I'd tried to move the mouse around every once in a while to try to keep the screen active lest this should happen (until I left the room to go make dinner..). Any solutions?

On another note, I found and looked through the guide&tutorial on Combofix on the site and saw that the desktop display might go out but not to cause oneself to worry as it will come back. Now I'm hoping that this is all that's going on, but in anticipation of otherwise, did Combofix happen to create a System Restore point like it mentioned in the tutorial so as not to compromise our progress?

Thanks, and I apologize for the difficulty.

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 08 January 2012 - 08:03 AM

Sorry, I don't follow you completely.

Since when are you having this screen problem? Since you ran ComboFix, or not?

Did ComboFix finish running? If so, please post the resulting log file (located at C:\ComboFix.txt) in your next reply. If not, please try running ComboFix again.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 January 2012 - 01:23 PM

Since I ran it, but I believe my display went out in the middle of the process so I can't see anything but a black screen. I've tried closing the laptop & reopening it but it persists.

I believe Combofix should have finished by now though as its been almost a day since I ran it. Is the log saved somewhere that I can just power off my laptop and turn it on or should I not do this?

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 08 January 2012 - 01:34 PM

Is the log saved somewhere that I can just power off my laptop and turn it on or should I not do this?

You can turn it off and then turn it on again, yes.

The log files should be located at C:\ComboFix.txt. If it isn't, try looking at C:\qoobox\ComboFix.txt. If it's not there either, please rerun ComboFix.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#7 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 January 2012 - 04:30 PM

Hey Gammo, when I turned my laptop back on, Combofix seemed to still be running and was preparing the report log. It took about an hour before this finished but it finally did, pulled up the log in notepad and I copied it. However, I'm unable to open various types of files which I noticed when I couldn't open notepad (or other executables: Firefox/Internet Explorer; pdfs wouldn't open; however jpegs and mp3s seem to work).

The message I get is:

C:\Windows\system32\notepad.exe
Illegal operation attempted on a registry key that has been marked for deletion


When I proceed to click Okay, it states, "The item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?"

Unsure where to go from here.

#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 08 January 2012 - 04:33 PM

Just restart your PC. That fixes it.

After doing that you can open and post the contents of the log file. :thumbup2:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#9 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 January 2012 - 05:52 PM

Awesome, thanks. What exactly happened right there though?

And since it seemed like I had restarted my computer in the middle of the Combofix process, would it have interfered with its performance (i.e. should I run it again and post another log)?



ComboFix 12-01-07.02 - Matt 01/07/2012 16:56:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4014.2296 [GMT -6:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\background.jpg
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 20:19 . 2012-01-08 20:19 5714 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-08 01:34 . 2012-01-08 01:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 05:52 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9542FDF0-A3BA-4F6D-BA0C-81BC11249051}\mpengine.dll
2011-12-15 01:51 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:51 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:51 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:51 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 01:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 01:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-12-02 08:50 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 15:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-17 15:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2010-11-11 20:04 . 2010-11-11 20:04 645872 ----a-w- c:\program files\UIX.renderapi.dll
2010-11-11 20:04 . 2010-11-11 20:04 1526512 ----a-w- c:\program files\UIX.dll
2010-11-11 20:04 . 2010-11-11 20:04 1243888 ----a-w- c:\program files\ZuneShell.dll
2010-11-11 20:04 . 2010-11-11 20:04 1151728 ----a-w- c:\program files\ZuneDBApi.dll
2010-11-11 20:04 . 2010-11-11 20:04 1284848 ----a-w- c:\program files\UIXcontrols.dll
2010-11-11 20:00 . 2010-11-11 20:00 896240 ----a-w- c:\program files\ZuneWmdu.dll
2010-11-11 20:00 . 2010-11-11 20:00 157936 ----a-w- c:\program files\ZuneZMDB.Library.dll
2010-11-11 20:00 . 2010-11-11 20:00 9456 ----a-w- c:\program files\ZuneWmduResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 467696 ----a-w- c:\program files\ZuneWlanCfgSvc.exe
2010-11-11 20:00 . 2010-11-11 20:00 306416 ----a-w- c:\program files\WMZuneComm.exe
2010-11-11 20:00 . 2010-11-11 20:00 27888 ----a-w- c:\program files\WMZuneTCP2UDP.dll
2010-11-11 20:00 . 2010-11-11 20:00 21232 ----a-w- c:\program files\WMZuneDTPTDNS.dll
2010-11-11 20:00 . 2010-11-11 20:00 195312 ----a-w- c:\program files\ZuneZMDB.Mobile.dll
2010-11-11 20:00 . 2010-11-11 20:00 18672 ----a-w- c:\program files\WMZuneCommProxyStub.dll
2010-11-11 20:00 . 2010-11-11 20:00 156912 ----a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-11-11 20:00 . 2010-11-11 20:00 152304 ----a-w- c:\program files\ZuneZMDB.Classic.dll
2010-11-11 20:00 . 2010-11-11 20:00 100080 ----a-w- c:\program files\ZuneTaskbar.dll
2010-11-11 20:00 . 2010-11-11 20:00 507120 ----a-w- c:\program files\ZuneSP.dll
2010-11-11 20:00 . 2010-11-11 20:00 916208 ----a-w- c:\program files\ZuneQP.dll
2010-11-11 20:00 . 2010-11-11 20:00 74480 ----a-w- c:\program files\ZuneShellExt.dll
2010-11-11 20:00 . 2010-11-11 20:00 683760 ----a-w- c:\program files\ZuneSH.dll
2010-11-11 20:00 . 2010-11-11 20:00 514288 ----a-w- c:\program files\ZuneSE.dll
2010-11-11 20:00 . 2010-11-11 20:00 366320 ----a-w- c:\program files\ZuneSrcWrp.dll
2010-11-11 20:00 . 2010-11-11 20:00 16873712 ----a-w- c:\program files\ZuneShellResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 155888 ----a-w- c:\program files\ZuneSA.dll
2010-11-11 20:00 . 2010-11-11 20:00 1521392 ----a-w- c:\program files\ZuneSetup.exe
2010-11-11 20:00 . 2010-11-11 20:00 17648 ----a-w- c:\program files\ZuneShare.exe
2010-11-11 20:00 . 2010-11-11 20:00 1404144 ----a-w- c:\program files\ZuneResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 1240304 ----a-w- c:\program files\ZuneService.dll
2010-11-11 19:59 . 2010-11-11 19:59 9971440 ----a-w- c:\program files\ZuneNativeLib.dll
2010-11-11 19:59 . 2010-11-11 19:59 347888 ----a-w- c:\program files\ZuneNssci.dll
2010-11-11 19:59 . 2010-11-11 19:59 855280 ----a-w- c:\program files\ZuneMBR.dll
2010-11-11 19:59 . 2010-11-11 19:59 8251120 ----a-w- c:\program files\ZuneNss.exe
2010-11-11 19:59 . 2010-11-11 19:59 376560 ----a-w- c:\program files\ZuneEvr.dll
2010-11-11 19:59 . 2010-11-11 19:59 223472 ----a-w- c:\program files\Zune.exe
2010-11-11 19:59 . 2010-11-11 19:59 2109680 ----a-w- c:\program files\ZuneEncEng.dll
2010-11-11 19:59 . 2010-11-11 19:59 20720 ----a-w- c:\program files\ZunePS.dll
2010-11-11 19:59 . 2010-11-11 19:59 1744624 ----a-w- c:\program files\UIXrender.dll
2010-11-11 19:59 . 2010-11-11 19:59 163568 ----a-w- c:\program files\ZuneLauncher.exe
2010-11-11 19:59 . 2010-11-11 19:59 130800 ----a-w- c:\program files\ZunePresenter.dll
2010-11-11 19:59 . 2010-11-11 19:59 1184496 ----a-w- c:\program files\ZuneH264Dec.dll
2010-11-11 19:59 . 2010-11-11 19:59 1161456 ----a-w- c:\program files\ZuneMde.dll
2010-11-11 19:59 . 2010-11-11 19:59 1084144 ----a-w- c:\program files\ZuneMarketplaceResources.dll
2010-11-11 19:59 . 2010-11-11 19:59 72944 ----a-w- c:\program files\ZuneDXVA2.dll
2010-11-11 19:59 . 2010-11-11 19:59 218864 ----a-w- c:\program files\ZuneHost.exe
2010-11-11 19:59 . 2010-11-11 19:59 1464560 ----a-w- c:\program files\ZuneCore.dll
2010-11-11 19:59 . 2010-11-11 19:59 707824 ----a-w- c:\program files\ZUNEMP4SDECD.dll
2010-11-11 19:59 . 2010-11-11 19:59 61680 ----a-w- c:\program files\ZuneCfg.dll
2010-11-11 19:59 . 2010-11-11 19:59 56560 ----a-w- c:\program files\ZuneConfig.exe
2010-11-11 19:59 . 2010-11-11 19:59 38640 ----a-w- c:\program files\ZuneEnc.exe
2010-11-11 19:59 . 2010-11-11 19:59 35568 ----a-w- c:\program files\UIXsup.dll
2010-11-11 19:59 . 2010-11-11 19:59 212208 ----a-w- c:\program files\ZuneDB.dll
2010-11-11 19:59 . 2010-11-11 19:59 129264 ----a-w- c:\program files\ZuneEffects.dll
2010-11-11 19:59 . 2010-11-11 19:59 121072 ----a-w- c:\program files\ZuneAACDec.dll
2010-09-24 17:19 . 2010-09-24 17:19 182784 ----a-w- c:\program files\l3codecp.acm
2010-09-24 16:49 . 2010-09-24 16:49 626688 ----a-w- c:\program files\msvcr90.dll
2010-09-24 16:49 . 2010-09-24 16:49 856576 ----a-w- c:\program files\msvcp90.dll
2010-09-24 16:49 . 2010-09-24 16:49 245760 ----a-w- c:\program files\msvcm90.dll
2007-10-02 20:12 . 2007-10-02 20:12 1642568 ----a-w- c:\program files\msidcrl40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-13 273544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-04 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-04 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-04 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-04 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-04 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\WMZuneComm.exe [2010-11-11 306416]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [2010-08-31 954928]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100917.001\IDSvia64.sys [2010-08-09 463408]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 21:22]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 21:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 8306208]
"Zune Launcher"="c:\program files\ZuneLauncher.exe" [2010-11-11 163568]
"combofix"="c:\combofix\CF20637.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2bovsosf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2012-01-08 15:15:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 21:15
.
Pre-Run: 225,902,374,912 bytes free
Post-Run: 225,564,856,320 bytes free
.
- - End Of File - - CEBB7DCCF36563253E56CBFE74177ED6

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 09 January 2012 - 07:52 AM

That looks a lot better! :thumbup2:

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#11 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 09 January 2012 - 02:26 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT_VAIO [administrator]

1/9/2012 1:19:15 PM
mbam-log-2012-01-09 (13-19-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182100
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 09 January 2012 - 04:33 PM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#13 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 15 January 2012 - 04:50 PM

Hey Gammo, I haven't been very active on my laptop over the past few days but yesterday I noticed that it seemed to be running a lot of my cpu even when I had nothing opened. I also started getting redirects from google results and so I ran Malwarebytes Anti-Malware to see if it could locate the source.

Last night I did a quick scan and found a handful of files associated with this "SMAD" virus. Removal required restarting so I allowed it to do so. I didn't do anything after it restarted and just shut it down and went to bed. This morning I was still getting redirects and so I decided to do a full scan.. and lo and behold there was the PUP.BitMiner bastard again. I checked on it and removed it, but [and really to my expectation] after the computer restarted, I seem to still be getting redirects.


some info: I use firefox pretty much exclusively; now I didn't heed to the advice of uninstalling uTorrent because I figured if I just didn't use it or have it open, I could be fine, but maybe that was the source of reinfection. On the same day of your last message, I did uninstall ComboFix and downloaded/ran the OTC as instructed (mentioning this just to get us back to speed) and my laptop seemed fine for some time.

So where do I start? :\

#14 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:17 AM

Posted 15 January 2012 - 04:59 PM

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





If aswMBR asks you whether you want to download the latest avast virus definitions, choose Yes
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image






Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#15 fmycp09

fmycp09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 16 January 2012 - 02:23 AM

I'll post the logs in the order your instructions listed the programs to run (also the order I ran them)


ComboFix 12-01-15.01 - Matt 01/15/2012 18:46:54.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4014.2542 [GMT -6:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 01:14 . 2012-01-16 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 00:57 . 2012-01-15 00:57 -------- d-----w- c:\users\Matt\AppData\Local\SanctionedMedia
2012-01-10 22:41 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:41 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 22:41 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 22:41 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-10 22:41 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 22:41 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 22:41 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 22:41 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-12-31 05:52 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9542FDF0-A3BA-4F6D-BA0C-81BC11249051}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-12-02 08:50 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 18:45 . 2011-12-10 18:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-10 18:45 . 2011-12-10 18:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-10 18:45 . 2011-12-10 18:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-10 18:45 . 2011-12-10 18:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-10 18:45 . 2011-12-10 18:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-10 18:45 . 2011-12-10 18:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-10 18:45 . 2011-12-10 18:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-10 18:45 . 2011-12-10 18:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-10 18:45 . 2011-12-10 18:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-10 18:45 . 2011-12-10 18:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-10 18:45 . 2011-12-10 18:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-10 18:45 . 2011-12-10 18:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-10 18:45 . 2011-12-10 18:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-10 18:45 . 2011-12-10 18:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-10 18:45 . 2011-12-10 18:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-10 18:45 . 2011-12-10 18:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 18:45 . 2011-12-10 18:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-10 18:45 . 2011-12-10 18:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 18:45 . 2011-12-10 18:45 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 18:45 . 2011-12-10 18:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 18:45 . 2011-12-10 18:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 18:45 . 2011-12-10 18:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 18:45 . 2011-12-10 18:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 18:45 . 2011-12-10 18:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 18:45 . 2011-12-10 18:45 448512 ----a-w- c:\windows\system32\html.iec
2011-12-10 18:45 . 2011-12-10 18:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 18:45 . 2011-12-10 18:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 18:45 . 2011-12-10 18:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 18:45 . 2011-12-10 18:45 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 18:45 . 2011-12-10 18:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 18:45 . 2011-12-10 18:45 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 18:45 . 2011-12-10 18:45 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 18:45 . 2011-12-10 18:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 18:45 . 2011-12-10 18:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-24 04:52 . 2011-12-15 01:51 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-15 01:51 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 01:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 08:54 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 08:54 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 08:54 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 08:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 08:54 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 08:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 08:54 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 08:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 01:51 43520 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-11 20:04 . 2010-11-11 20:04 645872 ----a-w- c:\program files\UIX.renderapi.dll
2010-11-11 20:04 . 2010-11-11 20:04 1526512 ----a-w- c:\program files\UIX.dll
2010-11-11 20:04 . 2010-11-11 20:04 1243888 ----a-w- c:\program files\ZuneShell.dll
2010-11-11 20:04 . 2010-11-11 20:04 1151728 ----a-w- c:\program files\ZuneDBApi.dll
2010-11-11 20:04 . 2010-11-11 20:04 1284848 ----a-w- c:\program files\UIXcontrols.dll
2010-11-11 20:00 . 2010-11-11 20:00 896240 ----a-w- c:\program files\ZuneWmdu.dll
2010-11-11 20:00 . 2010-11-11 20:00 157936 ----a-w- c:\program files\ZuneZMDB.Library.dll
2010-11-11 20:00 . 2010-11-11 20:00 9456 ----a-w- c:\program files\ZuneWmduResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 467696 ----a-w- c:\program files\ZuneWlanCfgSvc.exe
2010-11-11 20:00 . 2010-11-11 20:00 306416 ----a-w- c:\program files\WMZuneComm.exe
2010-11-11 20:00 . 2010-11-11 20:00 27888 ----a-w- c:\program files\WMZuneTCP2UDP.dll
2010-11-11 20:00 . 2010-11-11 20:00 21232 ----a-w- c:\program files\WMZuneDTPTDNS.dll
2010-11-11 20:00 . 2010-11-11 20:00 195312 ----a-w- c:\program files\ZuneZMDB.Mobile.dll
2010-11-11 20:00 . 2010-11-11 20:00 18672 ----a-w- c:\program files\WMZuneCommProxyStub.dll
2010-11-11 20:00 . 2010-11-11 20:00 156912 ----a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-11-11 20:00 . 2010-11-11 20:00 152304 ----a-w- c:\program files\ZuneZMDB.Classic.dll
2010-11-11 20:00 . 2010-11-11 20:00 100080 ----a-w- c:\program files\ZuneTaskbar.dll
2010-11-11 20:00 . 2010-11-11 20:00 507120 ----a-w- c:\program files\ZuneSP.dll
2010-11-11 20:00 . 2010-11-11 20:00 916208 ----a-w- c:\program files\ZuneQP.dll
2010-11-11 20:00 . 2010-11-11 20:00 74480 ----a-w- c:\program files\ZuneShellExt.dll
2010-11-11 20:00 . 2010-11-11 20:00 683760 ----a-w- c:\program files\ZuneSH.dll
2010-11-11 20:00 . 2010-11-11 20:00 514288 ----a-w- c:\program files\ZuneSE.dll
2010-11-11 20:00 . 2010-11-11 20:00 366320 ----a-w- c:\program files\ZuneSrcWrp.dll
2010-11-11 20:00 . 2010-11-11 20:00 16873712 ----a-w- c:\program files\ZuneShellResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 155888 ----a-w- c:\program files\ZuneSA.dll
2010-11-11 20:00 . 2010-11-11 20:00 1521392 ----a-w- c:\program files\ZuneSetup.exe
2010-11-11 20:00 . 2010-11-11 20:00 17648 ----a-w- c:\program files\ZuneShare.exe
2010-11-11 20:00 . 2010-11-11 20:00 1404144 ----a-w- c:\program files\ZuneResources.dll
2010-11-11 20:00 . 2010-11-11 20:00 1240304 ----a-w- c:\program files\ZuneService.dll
2010-11-11 19:59 . 2010-11-11 19:59 9971440 ----a-w- c:\program files\ZuneNativeLib.dll
2010-11-11 19:59 . 2010-11-11 19:59 347888 ----a-w- c:\program files\ZuneNssci.dll
2010-11-11 19:59 . 2010-11-11 19:59 855280 ----a-w- c:\program files\ZuneMBR.dll
2010-11-11 19:59 . 2010-11-11 19:59 8251120 ----a-w- c:\program files\ZuneNss.exe
2010-11-11 19:59 . 2010-11-11 19:59 376560 ----a-w- c:\program files\ZuneEvr.dll
2010-11-11 19:59 . 2010-11-11 19:59 223472 ----a-w- c:\program files\Zune.exe
2010-11-11 19:59 . 2010-11-11 19:59 2109680 ----a-w- c:\program files\ZuneEncEng.dll
2010-11-11 19:59 . 2010-11-11 19:59 20720 ----a-w- c:\program files\ZunePS.dll
2010-11-11 19:59 . 2010-11-11 19:59 1744624 ----a-w- c:\program files\UIXrender.dll
2010-11-11 19:59 . 2010-11-11 19:59 163568 ----a-w- c:\program files\ZuneLauncher.exe
2010-11-11 19:59 . 2010-11-11 19:59 130800 ----a-w- c:\program files\ZunePresenter.dll
2010-11-11 19:59 . 2010-11-11 19:59 1184496 ----a-w- c:\program files\ZuneH264Dec.dll
2010-11-11 19:59 . 2010-11-11 19:59 1161456 ----a-w- c:\program files\ZuneMde.dll
2010-11-11 19:59 . 2010-11-11 19:59 1084144 ----a-w- c:\program files\ZuneMarketplaceResources.dll
2010-11-11 19:59 . 2010-11-11 19:59 72944 ----a-w- c:\program files\ZuneDXVA2.dll
2010-11-11 19:59 . 2010-11-11 19:59 218864 ----a-w- c:\program files\ZuneHost.exe
2010-11-11 19:59 . 2010-11-11 19:59 1464560 ----a-w- c:\program files\ZuneCore.dll
2010-11-11 19:59 . 2010-11-11 19:59 707824 ----a-w- c:\program files\ZUNEMP4SDECD.dll
2010-11-11 19:59 . 2010-11-11 19:59 61680 ----a-w- c:\program files\ZuneCfg.dll
2010-11-11 19:59 . 2010-11-11 19:59 56560 ----a-w- c:\program files\ZuneConfig.exe
2010-11-11 19:59 . 2010-11-11 19:59 38640 ----a-w- c:\program files\ZuneEnc.exe
2010-11-11 19:59 . 2010-11-11 19:59 35568 ----a-w- c:\program files\UIXsup.dll
2010-11-11 19:59 . 2010-11-11 19:59 212208 ----a-w- c:\program files\ZuneDB.dll
2010-11-11 19:59 . 2010-11-11 19:59 129264 ----a-w- c:\program files\ZuneEffects.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-13 273544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-04 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-04 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-04 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-04 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-04 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\WMZuneComm.exe [2010-11-11 306416]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [2010-08-31 954928]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100917.001\IDSvia64.sys [2010-08-09 463408]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 21:22]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 21:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 8306208]
"Zune Launcher"="c:\program files\ZuneLauncher.exe" [2010-11-11 163568]
"combofix"="c:\combofix\CF5817.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2bovsosf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2012-01-15 22:31:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 04:30
ComboFix2.txt 2012-01-08 21:16
.
Pre-Run: 235,084,300,288 bytes free
Post-Run: 235,205,574,656 bytes free
.
- - End Of File - - AF628D2F07171A89E625F5AB925AE1EF







23:38:38.0645 2496 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
23:38:39.0207 2496 ============================================================
23:38:39.0207 2496 Current date / time: 2012/01/15 23:38:39.0207
23:38:39.0207 2496 SystemInfo:
23:38:39.0207 2496
23:38:39.0207 2496 OS Version: 6.1.7601 ServicePack: 1.0
23:38:39.0207 2496 Product type: Workstation
23:38:39.0207 2496 ComputerName: MATT_VAIO
23:38:39.0207 2496 UserName: Matt
23:38:39.0207 2496 Windows directory: C:\Windows
23:38:39.0207 2496 System windows directory: C:\Windows
23:38:39.0207 2496 Running under WOW64
23:38:39.0207 2496 Processor architecture: Intel x64
23:38:39.0207 2496 Number of processors: 4
23:38:39.0207 2496 Page size: 0x1000
23:38:39.0207 2496 Boot type: Normal boot
23:38:39.0207 2496 ============================================================
23:38:39.0846 2496 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:38:39.0924 2496 Initialize success
23:39:10.0282 3300 ============================================================
23:39:10.0282 3300 Scan started
23:39:10.0282 3300 Mode: Manual; SigCheck; TDLFS;
23:39:10.0282 3300 ============================================================
23:39:10.0609 3300 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:39:10.0781 3300 1394ohci - ok
23:39:10.0890 3300 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:39:10.0937 3300 ACPI - ok
23:39:11.0031 3300 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:39:11.0140 3300 AcpiPmi - ok
23:39:11.0265 3300 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:39:11.0296 3300 adp94xx - ok
23:39:11.0405 3300 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:39:11.0436 3300 adpahci - ok
23:39:11.0561 3300 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:39:11.0577 3300 adpu320 - ok
23:39:11.0701 3300 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:39:11.0795 3300 AFD - ok
23:39:11.0889 3300 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:39:11.0920 3300 agp440 - ok
23:39:12.0013 3300 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:39:12.0045 3300 aliide - ok
23:39:12.0138 3300 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:39:12.0154 3300 amdide - ok
23:39:12.0247 3300 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:39:12.0341 3300 AmdK8 - ok
23:39:12.0435 3300 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:39:12.0497 3300 AmdPPM - ok
23:39:12.0606 3300 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:39:12.0637 3300 amdsata - ok
23:39:12.0731 3300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:39:12.0747 3300 amdsbs - ok
23:39:12.0840 3300 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:39:12.0871 3300 amdxata - ok
23:39:12.0981 3300 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:39:13.0183 3300 AppID - ok
23:39:13.0293 3300 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:39:13.0324 3300 arc - ok
23:39:13.0417 3300 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:39:13.0449 3300 arcsas - ok
23:39:13.0527 3300 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
23:39:13.0558 3300 ArcSoftKsUFilter - ok
23:39:13.0651 3300 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:39:13.0823 3300 AsyncMac - ok
23:39:13.0917 3300 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:39:13.0948 3300 atapi - ok
23:39:14.0057 3300 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
23:39:14.0166 3300 athr - ok
23:39:14.0291 3300 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:39:14.0400 3300 b06bdrv - ok
23:39:14.0494 3300 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:39:14.0572 3300 b57nd60a - ok
23:39:14.0743 3300 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:39:14.0837 3300 Beep - ok
23:39:15.0055 3300 BHDrvx64 (ddae7b27bdbb3da1276784753138b9c2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys
23:39:15.0087 3300 BHDrvx64 - ok
23:39:15.0211 3300 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:39:15.0258 3300 blbdrive - ok
23:39:15.0367 3300 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:39:15.0430 3300 bowser - ok
23:39:15.0523 3300 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:39:15.0601 3300 BrFiltLo - ok
23:39:15.0695 3300 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:39:15.0726 3300 BrFiltUp - ok
23:39:15.0867 3300 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:39:15.0945 3300 BridgeMP - ok
23:39:16.0054 3300 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:39:16.0116 3300 Brserid - ok
23:39:16.0210 3300 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:39:16.0241 3300 BrSerWdm - ok
23:39:16.0335 3300 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:39:16.0381 3300 BrUsbMdm - ok
23:39:16.0475 3300 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:39:16.0522 3300 BrUsbSer - ok
23:39:16.0662 3300 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:39:16.0740 3300 BthEnum - ok
23:39:16.0834 3300 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:39:16.0896 3300 BTHMODEM - ok
23:39:16.0990 3300 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:39:17.0068 3300 BthPan - ok
23:39:17.0208 3300 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:39:17.0271 3300 BTHPORT - ok
23:39:17.0411 3300 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:39:17.0442 3300 BTHUSB - ok
23:39:17.0551 3300 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
23:39:17.0583 3300 btusbflt - ok
23:39:17.0661 3300 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
23:39:17.0692 3300 btwaudio - ok
23:39:17.0785 3300 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
23:39:17.0801 3300 btwavdt - ok
23:39:17.0895 3300 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:39:17.0910 3300 btwl2cap - ok
23:39:18.0004 3300 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
23:39:18.0019 3300 btwrchid - ok
23:39:18.0066 3300 catchme - ok
23:39:18.0207 3300 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
23:39:18.0253 3300 ccHP - ok
23:39:18.0347 3300 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:39:18.0441 3300 cdfs - ok
23:39:18.0550 3300 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:39:18.0612 3300 cdrom - ok
23:39:18.0721 3300 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:39:18.0768 3300 circlass - ok
23:39:18.0862 3300 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:39:18.0909 3300 CLFS - ok
23:39:19.0065 3300 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:39:19.0096 3300 CmBatt - ok
23:39:19.0205 3300 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:39:19.0236 3300 cmdide - ok
23:39:19.0345 3300 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:39:19.0392 3300 CNG - ok
23:39:19.0486 3300 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:39:19.0517 3300 Compbatt - ok
23:39:19.0611 3300 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:39:19.0673 3300 CompositeBus - ok
23:39:19.0767 3300 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:39:19.0798 3300 crcdisk - ok
23:39:19.0907 3300 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:39:19.0985 3300 CSC - ok
23:39:20.0110 3300 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:39:20.0188 3300 DfsC - ok
23:39:20.0281 3300 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:39:20.0359 3300 discache - ok
23:39:20.0453 3300 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:39:20.0484 3300 Disk - ok
23:39:20.0578 3300 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:39:20.0625 3300 drmkaud - ok
23:39:20.0734 3300 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:39:20.0781 3300 DXGKrnl - ok
23:39:20.0937 3300 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:39:21.0046 3300 ebdrv - ok
23:39:21.0139 3300 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:39:21.0171 3300 eeCtrl - ok
23:39:21.0280 3300 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:39:21.0311 3300 elxstor - ok
23:39:21.0420 3300 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:39:21.0483 3300 ErrDev - ok
23:39:21.0576 3300 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:39:21.0654 3300 exfat - ok
23:39:21.0732 3300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:39:21.0826 3300 fastfat - ok
23:39:21.0919 3300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:39:21.0966 3300 fdc - ok
23:39:22.0060 3300 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:39:22.0091 3300 FileInfo - ok
23:39:22.0169 3300 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:39:22.0247 3300 Filetrace - ok
23:39:22.0341 3300 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:39:22.0372 3300 flpydisk - ok
23:39:22.0481 3300 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:39:22.0512 3300 FltMgr - ok
23:39:22.0606 3300 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:39:22.0621 3300 FsDepends - ok
23:39:22.0715 3300 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:39:22.0731 3300 Fs_Rec - ok
23:39:22.0840 3300 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:39:22.0871 3300 fvevol - ok
23:39:22.0965 3300 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:39:22.0996 3300 gagp30kx - ok
23:39:23.0136 3300 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:39:23.0199 3300 hcw85cir - ok
23:39:23.0339 3300 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:39:23.0386 3300 HdAudAddService - ok
23:39:23.0479 3300 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:39:23.0526 3300 HDAudBus - ok
23:39:23.0620 3300 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:39:23.0667 3300 HidBatt - ok
23:39:23.0760 3300 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:39:23.0823 3300 HidBth - ok
23:39:23.0916 3300 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:39:23.0963 3300 HidIr - ok
23:39:24.0088 3300 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:39:24.0119 3300 HidUsb - ok
23:39:24.0244 3300 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:39:24.0275 3300 HpSAMD - ok
23:39:24.0384 3300 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:39:24.0478 3300 HTTP - ok
23:39:24.0571 3300 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:39:24.0603 3300 hwpolicy - ok
23:39:24.0681 3300 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:39:24.0727 3300 i8042prt - ok
23:39:24.0837 3300 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys
23:39:24.0868 3300 iaStor - ok
23:39:25.0008 3300 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:39:25.0039 3300 iaStorV - ok
23:39:25.0180 3300 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100917.001\IDSvia64.sys
23:39:25.0211 3300 IDSVia64 - ok
23:39:25.0305 3300 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:39:25.0320 3300 iirsp - ok
23:39:25.0414 3300 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
23:39:25.0476 3300 Impcd - ok
23:39:25.0695 3300 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
23:39:25.0773 3300 IntcAzAudAddService - ok
23:39:25.0882 3300 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:39:25.0913 3300 intelide - ok
23:39:25.0991 3300 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:39:26.0038 3300 intelppm - ok
23:39:26.0131 3300 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:39:26.0209 3300 IpFilterDriver - ok
23:39:26.0319 3300 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:39:26.0350 3300 IPMIDRV - ok
23:39:26.0459 3300 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:39:26.0537 3300 IPNAT - ok
23:39:26.0615 3300 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:39:26.0693 3300 IRENUM - ok
23:39:26.0787 3300 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:39:26.0818 3300 isapnp - ok
23:39:26.0927 3300 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:39:26.0974 3300 iScsiPrt - ok
23:39:27.0083 3300 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:39:27.0099 3300 kbdclass - ok
23:39:27.0208 3300 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:39:27.0255 3300 kbdhid - ok
23:39:27.0411 3300 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:39:27.0426 3300 KSecDD - ok
23:39:27.0613 3300 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:39:27.0660 3300 KSecPkg - ok
23:39:27.0785 3300 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:39:27.0863 3300 ksthunk - ok
23:39:27.0988 3300 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:39:28.0066 3300 lltdio - ok
23:39:28.0191 3300 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:39:28.0222 3300 LSI_FC - ok
23:39:28.0331 3300 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:39:28.0347 3300 LSI_SAS - ok
23:39:28.0472 3300 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:39:28.0503 3300 LSI_SAS2 - ok
23:39:28.0596 3300 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:39:28.0628 3300 LSI_SCSI - ok
23:39:28.0721 3300 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:39:28.0815 3300 luafv - ok
23:39:28.0924 3300 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:39:28.0955 3300 megasas - ok
23:39:29.0033 3300 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:39:29.0080 3300 MegaSR - ok
23:39:29.0205 3300 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:39:29.0298 3300 Modem - ok
23:39:29.0376 3300 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:39:29.0439 3300 monitor - ok
23:39:29.0548 3300 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:39:29.0564 3300 mouclass - ok
23:39:29.0657 3300 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
23:39:29.0704 3300 mouhid - ok
23:39:29.0813 3300 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:39:29.0844 3300 mountmgr - ok
23:39:29.0938 3300 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:39:29.0969 3300 mpio - ok
23:39:30.0047 3300 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:39:30.0125 3300 mpsdrv - ok
23:39:30.0234 3300 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:39:30.0328 3300 MRxDAV - ok
23:39:30.0437 3300 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:30.0484 3300 mrxsmb - ok
23:39:30.0593 3300 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:30.0640 3300 mrxsmb10 - ok
23:39:30.0749 3300 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:30.0780 3300 mrxsmb20 - ok
23:39:30.0890 3300 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:39:30.0905 3300 msahci - ok
23:39:31.0014 3300 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:39:31.0046 3300 msdsm - ok
23:39:31.0170 3300 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:39:31.0233 3300 Msfs - ok
23:39:31.0311 3300 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:39:31.0404 3300 mshidkmdf - ok
23:39:31.0498 3300 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:39:31.0529 3300 msisadrv - ok
23:39:31.0623 3300 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:39:31.0701 3300 MSKSSRV - ok
23:39:31.0779 3300 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:31.0841 3300 MSPCLOCK - ok
23:39:31.0935 3300 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:39:32.0013 3300 MSPQM - ok
23:39:32.0122 3300 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:39:32.0153 3300 MsRPC - ok
23:39:32.0262 3300 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:39:32.0294 3300 mssmbios - ok
23:39:32.0387 3300 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:39:32.0465 3300 MSTEE - ok
23:39:32.0543 3300 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:39:32.0574 3300 MTConfig - ok
23:39:32.0668 3300 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:39:32.0699 3300 Mup - ok
23:39:32.0793 3300 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:39:32.0855 3300 NativeWifiP - ok
23:39:32.0964 3300 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100920.033\ENG64.SYS
23:39:32.0980 3300 NAVENG - ok
23:39:33.0105 3300 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100920.033\EX64.SYS
23:39:33.0167 3300 NAVEX15 - ok
23:39:33.0292 3300 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:39:33.0354 3300 NDIS - ok
23:39:33.0432 3300 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:39:33.0510 3300 NdisCap - ok
23:39:33.0588 3300 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:33.0682 3300 NdisTapi - ok
23:39:33.0791 3300 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:33.0885 3300 Ndisuio - ok
23:39:33.0994 3300 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:34.0072 3300 NdisWan - ok
23:39:34.0181 3300 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:39:34.0244 3300 NDProxy - ok
23:39:34.0337 3300 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:39:34.0415 3300 NetBIOS - ok
23:39:34.0540 3300 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:39:34.0634 3300 NetBT - ok
23:39:34.0758 3300 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:39:34.0790 3300 nfrd960 - ok
23:39:34.0883 3300 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:39:34.0946 3300 Npfs - ok
23:39:35.0039 3300 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:39:35.0102 3300 nsiproxy - ok
23:39:35.0226 3300 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:39:35.0289 3300 Ntfs - ok
23:39:35.0367 3300 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:39:35.0445 3300 Null - ok
23:39:35.0538 3300 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
23:39:35.0554 3300 NVHDA - ok
23:39:35.0882 3300 nvlddmkm (9d1b69708732b57d1dbc0f648692a04b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:39:36.0100 3300 nvlddmkm - ok
23:39:36.0240 3300 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:39:36.0272 3300 nvraid - ok
23:39:36.0365 3300 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:39:36.0396 3300 nvstor - ok
23:39:36.0521 3300 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:39:36.0552 3300 nv_agp - ok
23:39:36.0708 3300 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:39:36.0740 3300 ohci1394 - ok
23:39:36.0849 3300 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:39:36.0880 3300 Parport - ok
23:39:36.0989 3300 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:39:37.0020 3300 partmgr - ok
23:39:37.0130 3300 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:39:37.0161 3300 pci - ok
23:39:37.0254 3300 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:39:37.0286 3300 pciide - ok
23:39:37.0379 3300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:39:37.0410 3300 pcmcia - ok
23:39:37.0504 3300 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:39:37.0535 3300 pcw - ok
23:39:37.0644 3300 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:39:37.0722 3300 PEAUTH - ok
23:39:37.0878 3300 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:39:37.0972 3300 PptpMiniport - ok
23:39:38.0050 3300 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:39:38.0097 3300 Processor - ok
23:39:38.0222 3300 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:39:38.0300 3300 Psched - ok
23:39:38.0378 3300 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
23:39:38.0409 3300 PxHlpa64 - ok
23:39:38.0534 3300 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:39:38.0612 3300 ql2300 - ok
23:39:38.0705 3300 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:39:38.0736 3300 ql40xx - ok
23:39:38.0830 3300 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:39:38.0892 3300 QWAVEdrv - ok
23:39:38.0970 3300 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:39:39.0048 3300 RasAcd - ok
23:39:39.0142 3300 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:39:39.0204 3300 RasAgileVpn - ok
23:39:39.0329 3300 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:39.0407 3300 Rasl2tp - ok
23:39:39.0501 3300 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:39.0579 3300 RasPppoe - ok
23:39:39.0657 3300 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:39:39.0735 3300 RasSstp - ok
23:39:39.0844 3300 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:39:39.0922 3300 rdbss - ok
23:39:40.0016 3300 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:39:40.0047 3300 rdpbus - ok
23:39:40.0140 3300 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:40.0218 3300 RDPCDD - ok
23:39:40.0312 3300 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:39:40.0359 3300 RDPDR - ok
23:39:40.0452 3300 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:39:40.0530 3300 RDPENCDD - ok
23:39:40.0624 3300 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:39:40.0686 3300 RDPREFMP - ok
23:39:40.0796 3300 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:39:40.0858 3300 RDPWD - ok
23:39:40.0967 3300 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:39:40.0998 3300 rdyboost - ok
23:39:41.0123 3300 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:39:41.0170 3300 RFCOMM - ok
23:39:41.0264 3300 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
23:39:41.0295 3300 rimspci - ok
23:39:41.0420 3300 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:39:41.0498 3300 RimUsb - ok
23:39:41.0576 3300 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
23:39:41.0638 3300 risdsnpe - ok
23:39:41.0763 3300 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:39:41.0841 3300 rspndr - ok
23:39:41.0966 3300 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:39:42.0028 3300 s3cap - ok
23:39:42.0168 3300 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:39:42.0200 3300 sbp2port - ok
23:39:42.0324 3300 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:39:42.0418 3300 scfilter - ok
23:39:42.0558 3300 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:39:42.0590 3300 sdbus - ok
23:39:42.0730 3300 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:39:42.0792 3300 secdrv - ok
23:39:42.0917 3300 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:39:42.0964 3300 Serenum - ok
23:39:43.0058 3300 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:39:43.0089 3300 Serial - ok
23:39:43.0198 3300 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:39:43.0245 3300 sermouse - ok
23:39:43.0385 3300 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
23:39:43.0448 3300 SFEP - ok
23:39:43.0557 3300 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:39:43.0604 3300 sffdisk - ok
23:39:43.0713 3300 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:39:43.0760 3300 sffp_mmc - ok
23:39:43.0853 3300 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:39:43.0916 3300 sffp_sd - ok
23:39:44.0009 3300 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:39:44.0056 3300 sfloppy - ok
23:39:44.0196 3300 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:39:44.0212 3300 SiSRaid2 - ok
23:39:44.0306 3300 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:39:44.0337 3300 SiSRaid4 - ok
23:39:44.0430 3300 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:39:44.0508 3300 Smb - ok
23:39:44.0680 3300 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:39:44.0696 3300 spldr - ok
23:39:44.0898 3300 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
23:39:44.0930 3300 SRTSP - ok
23:39:45.0101 3300 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
23:39:45.0117 3300 SRTSPX - ok
23:39:45.0226 3300 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:39:45.0304 3300 srv - ok
23:39:45.0429 3300 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:39:45.0476 3300 srv2 - ok
23:39:45.0585 3300 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:39:45.0632 3300 srvnet - ok
23:39:45.0772 3300 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:39:45.0788 3300 stexstor - ok
23:39:45.0928 3300 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:39:45.0959 3300 storflt - ok
23:39:46.0053 3300 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:39:46.0068 3300 storvsc - ok
23:39:46.0178 3300 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:39:46.0209 3300 swenum - ok
23:39:46.0380 3300 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
23:39:46.0412 3300 SymDS - ok
23:39:46.0536 3300 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
23:39:46.0568 3300 SymEFA - ok
23:39:46.0677 3300 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:39:46.0708 3300 SymEvent - ok
23:39:46.0864 3300 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
23:39:46.0880 3300 SymIRON - ok
23:39:47.0020 3300 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
23:39:47.0051 3300 SYMTDIv - ok
23:39:47.0145 3300 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
23:39:47.0160 3300 SynTP - ok
23:39:47.0348 3300 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:39:47.0426 3300 Tcpip - ok
23:39:47.0550 3300 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:39:47.0613 3300 TCPIP6 - ok
23:39:47.0738 3300 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:39:47.0816 3300 tcpipreg - ok
23:39:47.0909 3300 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:39:47.0987 3300 TDPIPE - ok
23:39:48.0081 3300 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:39:48.0174 3300 TDTCP - ok
23:39:48.0284 3300 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:39:48.0346 3300 tdx - ok
23:39:48.0440 3300 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:39:48.0471 3300 TermDD - ok
23:39:48.0596 3300 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:48.0674 3300 tssecsrv - ok
23:39:48.0798 3300 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:39:48.0845 3300 TsUsbFlt - ok
23:39:48.0970 3300 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:39:49.0048 3300 tunnel - ok
23:39:49.0142 3300 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:39:49.0173 3300 uagp35 - ok
23:39:49.0282 3300 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:39:49.0344 3300 udfs - ok
23:39:49.0469 3300 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:39:49.0500 3300 uliagpkx - ok
23:39:49.0610 3300 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:39:49.0656 3300 umbus - ok
23:39:49.0750 3300 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:39:49.0781 3300 UmPass - ok
23:39:49.0906 3300 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:49.0937 3300 usbccgp - ok
23:39:50.0031 3300 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:39:50.0093 3300 usbcir - ok
23:39:50.0187 3300 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:39:50.0218 3300 usbehci - ok
23:39:50.0327 3300 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:39:50.0374 3300 usbhub - ok
23:39:50.0468 3300 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:39:50.0514 3300 usbohci - ok
23:39:50.0624 3300 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:39:50.0670 3300 usbprint - ok
23:39:50.0780 3300 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:39:50.0842 3300 usbscan - ok
23:39:50.0936 3300 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:50.0998 3300 USBSTOR - ok
23:39:51.0107 3300 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:39:51.0138 3300 usbuhci - ok
23:39:51.0279 3300 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:39:51.0326 3300 usbvideo - ok
23:39:51.0466 3300 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:39:51.0482 3300 vdrvroot - ok
23:39:51.0575 3300 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:51.0606 3300 vga - ok
23:39:51.0700 3300 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:39:51.0762 3300 VgaSave - ok
23:39:51.0872 3300 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:39:51.0903 3300 vhdmp - ok
23:39:51.0996 3300 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:39:52.0028 3300 viaide - ok
23:39:52.0137 3300 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:39:52.0168 3300 vmbus - ok
23:39:52.0277 3300 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:39:52.0340 3300 VMBusHID - ok
23:39:52.0449 3300 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:39:52.0480 3300 volmgr - ok
23:39:52.0589 3300 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:39:52.0620 3300 volmgrx - ok
23:39:52.0745 3300 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:39:52.0776 3300 volsnap - ok
23:39:52.0870 3300 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:39:52.0901 3300 vsmraid - ok
23:39:53.0026 3300 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:39:53.0073 3300 vwifibus - ok
23:39:53.0166 3300 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:39:53.0213 3300 vwififlt - ok
23:39:53.0338 3300 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:39:53.0369 3300 vwifimp - ok
23:39:53.0478 3300 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:39:53.0510 3300 WacomPen - ok
23:39:53.0650 3300 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:53.0744 3300 WANARP - ok
23:39:53.0759 3300 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:53.0806 3300 Wanarpv6 - ok
23:39:53.0931 3300 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:39:53.0962 3300 Wd - ok
23:39:54.0087 3300 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:39:54.0118 3300 Wdf01000 - ok
23:39:54.0243 3300 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:39:54.0305 3300 WfpLwf - ok
23:39:54.0383 3300 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:39:54.0399 3300 WIMMount - ok
23:39:54.0570 3300 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:39:54.0617 3300 WinUsb - ok
23:39:54.0758 3300 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:39:54.0804 3300 WmiAcpi - ok
23:39:54.0945 3300 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:39:55.0023 3300 ws2ifsl - ok
23:39:55.0194 3300 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:39:55.0272 3300 WudfPf - ok
23:39:55.0397 3300 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:55.0475 3300 WUDFRd - ok
23:39:55.0600 3300 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
23:39:55.0678 3300 yukonw7 - ok
23:39:55.0756 3300 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:39:56.0676 3300 \Device\Harddisk0\DR0 - ok
23:39:56.0708 3300 Boot (0x1200) (ef0c1afc6b2c02c384dafb84a34db97e) \Device\Harddisk0\DR0\Partition0
23:39:56.0708 3300 \Device\Harddisk0\DR0\Partition0 - ok
23:39:56.0723 3300 Boot (0x1200) (02a3fe5250270ca5795586281e968fe4) \Device\Harddisk0\DR0\Partition1
23:39:56.0723 3300 \Device\Harddisk0\DR0\Partition1 - ok
23:39:56.0723 3300 ============================================================
23:39:56.0723 3300 Scan finished
23:39:56.0723 3300 ============================================================
23:39:56.0739 3456 Detected object count: 0
23:39:56.0739 3456 Actual detected object count: 0
23:41:48.0577 5828 Deinitialize success







aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-15 23:57:51
-----------------------------
23:57:51.242 OS Version: Windows x64 6.1.7601 Service Pack 1
23:57:51.242 Number of processors: 4 586 0x2502
23:57:51.242 ComputerName: MATT_VAIO UserName: Matt
23:57:52.926 Initialize success
00:00:42.802 AVAST engine defs: 12011501
00:04:59.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:04:59.314 Disk 0 Vendor: TOSHIBA_ FG50 Size: 476940MB BusType: 3
00:04:59.314 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
00:04:59.314 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
00:04:59.314 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
00:04:59.329 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
00:04:59.345 Disk 0 MBR read successfully
00:04:59.345 Disk 0 MBR scan
00:04:59.360 Disk 0 Windows 7 default MBR code
00:04:59.360 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8967 MB offset 2048
00:04:59.376 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18366464
00:04:59.392 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467871 MB offset 18571264
00:04:59.407 Service scanning
00:05:00.811 Modules scanning
00:05:00.811 Disk 0 trace - called modules:
00:05:00.858 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:05:00.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005526060]
00:05:00.889 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80039337e0]
00:05:00.889 5 ACPI.sys[fffff88000d597a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004732050]
00:05:01.903 AVAST engine scan C:\Windows
00:05:05.398 AVAST engine scan C:\Windows\system32
00:07:04.753 AVAST engine scan C:\Windows\system32\drivers
00:07:21.617 AVAST engine scan C:\Users\Matt
00:09:20.255 AVAST engine scan C:\ProgramData
00:11:00.813 Scan finished successfully
00:15:36.855 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
00:15:36.855 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-16 01:06:56
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a2770e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fd6244
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a2770e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fd6244 (not active ControlSet)

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users