Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe = High CPU Usage


  • This topic is locked This topic is locked
32 replies to this topic

#1 m22chan

m22chan

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 14 February 2012 - 02:03 PM

Hi and thanks in advance.

First time posting with a problem. As an introductory point, I'd say my knowledge of computers is moderate to low (yes this is subjective) so please bear with me if I misunderstand any instruction which is given to me by the administrators.

I created a thread in the Windows 7 forum requesting assistance earlier this afternoon, and was kindly asked by one of the administrators to move my thread here - which I am now doing. Below I will re-post my original cry for help:

Earlier this morning I noticed that my laptop fan would periodically get very noisy. This started happening after I ran an unsecured exe off a website that purported to allow me to run Microsoft Office without a valid registration. Yes, this was incredibly stupid. I realize I never should have done this, and am now paying the proverbial price.

The exe appeared to do nothing, but soon after I started noticing the fan noise from my laptop increase, and checked the task manager. Some process called "ping.exe" was varying in CPU usage between 10% and 90%, which was causing my fan to automatically speed up. The process also constantly uses up a lot of ram. I tried to run AVG and Malwarebytes to fix the problem, but neither have seemed to address the problem. i.e. Ping.exe still runs after I restart my computer, and occasionally still acts as a huge CPU and memory hog.

If this is normal, I apologize for the inconvenience of starting this topic. On the other hand, if Ping.exe is a known form of security threat, then I would very much appreciate any assistance in removing it.

In preparation, I have followed all the steps listed here -> http://www.bleepingcomputer.com/forums/topic34773.html. The only things which I did not do were step 5 (I get an error message when I try to enable the Windows firewall), and step 8 (since I believe that I am on a 64-bit OS).

Below you will find my DDS.txt:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Matt at 13:51:16 on 2012-02-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3767.1349 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VAIOME~1.LNK - C:\Program Files (x86)\DDNi\Oasis\Delay.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 130.63.10.18 130.63.9.18
TCP: Interfaces\{D47349F9-C8B3-4E03-B12A-F7D8663292BC} : DhcpNameServer = 130.63.10.18 130.63.9.18
TCP: Interfaces\{D47349F9-C8B3-4E03-B12A-F7D8663292BC}\5496666656C6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-16 252416]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-1-16 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-16 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-1-16 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 135664]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-1-16 332272]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-1-16 1250160]
.
=============== Created Last 30 ================
.
2012-02-14 18:02:41 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2012-02-14 18:02:33 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-14 18:02:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-14 18:02:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-14 17:34:46 -------- d--h--w- C:\$AVG
2012-02-14 17:11:40 -------- d-----w- C:\Users\Matt\AppData\Roaming\AVG2012
2012-02-14 16:52:13 -------- d--h--w- C:\ProgramData\Common Files
2012-02-14 16:52:02 -------- d-----w- C:\ProgramData\AVG2012
2012-02-14 16:51:33 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-14 16:49:16 -------- d-----w- C:\ProgramData\MFAData
2012-02-14 16:03:34 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-14 16:02:26 -------- d-----we C:\Windows\system64
2012-02-14 15:38:09 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-14 15:33:42 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-02-07 18:43:53 -------- d-----w- C:\Users\Matt\AppData\Local\Broadcom
2012-01-28 03:13:26 -------- d-----w- C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2012-01-27 20:00:52 -------- d-----w- C:\Users\Matt\AppData\Local\Research In Motion
2012-01-27 20:00:51 -------- d-----w- C:\Users\Matt\AppData\Roaming\Research In Motion
2012-01-27 20:00:09 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-01-27 19:59:58 -------- d-----w- C:\ProgramData\Research In Motion
2012-01-27 19:59:54 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-01-27 19:59:54 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-01-17 04:44:45 -------- d-----w- C:\pv
2012-01-17 04:20:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-01-17 04:02:05 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-01-17 04:01:31 -------- d-----w- C:\Users\Matt\AppData\Roaming\uTorrent
2012-01-16 21:06:14 -------- d-----r- C:\Users\Matt\Dropbox
2012-01-16 21:04:06 -------- d-----w- C:\Users\Matt\AppData\Roaming\Dropbox
2012-01-16 14:53:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-01-16 14:53:10 -------- d-----w- C:\Users\Matt\AppData\Local\Microsoft Help
2012-01-16 14:42:33 -------- d-----w- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
2012-01-16 14:42:29 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-01-16 08:50:19 -------- d-----w- C:\Stuff
2012-01-16 08:21:07 -------- d-----w- C:\Matthew
2012-01-16 07:50:13 -------- d-----w- C:\Users\Matt\AppData\Local\Google
2012-01-16 07:45:47 -------- d-----w- C:\Users\Matt\AppData\Local\Adobe
2012-01-16 07:38:50 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6458D1EA-E037-4034-A83D-28936C48C0E0}\mpengine.dll
2012-01-16 07:38:49 270720 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-16 07:25:03 -------- d-----w- C:\Users\Matt\AppData\Roaming\Intel Corporation
2012-01-16 07:24:56 -------- d-----w- C:\Users\Matt\AppData\Roaming\Intel
2012-01-16 07:12:17 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-01-16 07:12:17 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-01-16 07:11:36 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-16 07:11:23 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-01-16 07:10:59 -------- d-----w- C:\Windows\PCHEALTH
2012-01-16 07:10:54 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc9d95761ccd41d\Silverlight.2.0.exe
2012-01-16 07:10:47 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f852bc4f1ccd41d\DSETUP.dll
2012-01-16 07:10:47 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f852bc4f1ccd41d\DXSETUP.exe
2012-01-16 07:10:47 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f852bc4f1ccd41d\dsetup32.dll
2012-01-16 07:10:27 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2DE4.tmp
2012-01-16 07:10:22 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-01-16 07:02:02 -------- d-----w- C:\VAIO Sample Contents
2012-01-16 06:51:58 98304 ----a-w- C:\Windows\SysWow64\SonyVideoProcessor.dll
2012-01-16 06:51:58 94720 ----a-w- C:\Windows\System32\SonyVideoProcessor.dll
2012-01-16 06:35:56 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-16 06:35:55 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2012-01-16 06:30:15 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2012-01-16 06:30:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-01-16 06:30:15 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-01-16 06:30:14 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2012-01-16 06:30:13 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2012-01-16 06:30:13 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2012-01-16 06:30:11 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-16 06:30:11 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-01-16 06:30:11 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-16 06:30:11 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-01-16 06:30:11 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-16 06:28:26 -------- d-----w- C:\ProgramData\Evernote
2012-01-16 06:25:26 -------- d-----w- C:\Documentation
2012-01-16 06:25:26 -------- d-----w- C:\_FS_SWRINFO
2012-01-16 06:23:50 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-01-16 06:23:48 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-01-16 06:18:10 -------- d-----w- C:\Program Files (x86)\Sony
2012-01-16 06:17:06 -------- d-----r- C:\Program Files (x86)\Skype
2012-01-16 06:14:41 -------- d---a-w- C:\Nobu_Icon
2012-01-16 06:13:21 -------- d-----w- C:\ProgramData\Norton
2012-01-16 06:13:07 -------- d-----w- C:\ProgramData\NortonInstaller
2012-01-16 06:09:22 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-16 06:07:28 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-16 06:05:23 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-01-16 06:05:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-01-16 06:03:19 -------- d-----w- C:\ProgramData\Partner
2012-01-16 06:02:40 -------- d-----w- C:\Windows\Sonysys
2012-01-16 06:00:12 -------- d-----w- C:\Program Files (x86)\AccuWeather.com Cirrus
2012-01-16 05:57:57 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2012-01-16 05:57:57 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2012-01-16 05:57:23 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-16 05:57:23 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-16 05:57:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-16 05:57:23 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-16 05:57:23 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-16 05:57:23 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-16 05:57:23 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-16 05:53:38 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2012-01-16 05:50:37 -------- d-----w- C:\Program Files (x86)\Cisco
2012-01-16 05:50:28 -------- d-----w- C:\Program Files\Synaptics
2012-01-16 05:48:34 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-01-16 05:48:32 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-01-16 05:45:29 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-01-16 05:45:29 342056 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-01-16 05:45:29 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-01-16 05:45:29 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-01-16 05:45:29 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-01-16 05:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-16 05:42:19 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-16 05:40:21 -------- d-----w- C:\ProgramData\DDNi
2012-01-16 05:40:21 -------- d-----w- C:\Program Files (x86)\DDNi
2012-01-16 05:40:19 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-01-16 05:40:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-01-16 05:40:14 -------- dc-h--w- C:\ProgramData\{2BD4D073-FF7E-46C6-B916-02F1AF376300}
2012-01-16 05:36:03 -------- d-----w- C:\Program Files\Sony
2012-01-16 05:33:58 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
.
==================== Find3M ====================
.
2012-01-16 05:34:03 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-01-16 05:33:58 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-01-16 05:33:58 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-01-16 05:33:50 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-01-16 05:33:48 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-01-16 05:33:45 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
============= FINISH: 13:51:39.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 16 February 2012 - 11:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 February 2012 - 01:04 PM

Hi, and thank-you for the response. I didn't expect somebody to get in touch so quickly.

I haven't followed any of the procedures you outlined in your post today because I have an update to make which may substantially change the procedure that you recommend. Last night the problem progressed to the point where I was unable to boot into Windows. The laptop would complete the post, but where you would normally see the Windows sign-on screen, I would just get a black screen with a cursor instead.

As this is my one and only accessible computer, I had no ability to continue this diagnostic process unless I somehow got Windows up and running again. I made the decision to restore my system to factory default settings using the Sony Vaio recovery tool included in the secured partition on the harddrive.

After using that tool, I am now able to boot back into Windows (which is how I am sending this response now). I'm not sure if the recovery tool would have killed the problem or not. Certainly, I no longer see the process "ping.exe", and I no longer hear my fan winding up to address 100% CPU cycle usage.

In your opinion, is there anything else I should do to ensure that there isn't a rootkit on my computer that could have survived the recovery? If you feel that I am safe, then please go ahead and consider this ticket closed. If not, then what steps do I need to take?

Thanks,
Matt

Edited by m22chan, 16 February 2012 - 01:06 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 16 February 2012 - 01:40 PM

Hello mat

let me give it a once over anyway - go ahead and run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 February 2012 - 01:52 PM

Hi Gringo, the log from combofix is pasted below. I ran into no problems downloading and running combofix, and the computer seems to be running fine, from what I can see. However, I'm quite afraid of malicious software which might be latent, and which might cause me serious problems later on.


ComboFix 12-02-16.02 - Matt 16/02/2012 13:44:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3767.1753 [GMT -5:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 18:47 . 2012-02-16 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 06:46 . 2012-02-16 06:46 -------- d-----w- c:\program files (x86)\uTorrent
2012-02-15 09:14 . 2012-02-15 09:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E96AEBE-DD39-4C7B-A699-125E25B7D038}\offreg.dll
2012-02-15 07:45 . 2012-02-15 07:45 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-15 07:45 . 2012-02-15 07:45 -------- d-----w- c:\windows\system32\Wat
2012-02-15 07:43 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-15 07:43 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-15 07:40 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-15 07:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-15 05:30 . 2012-02-16 05:32 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 05:30 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-15 05:30 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-15 05:30 . 2012-02-15 05:30 -------- d-----w- c:\programdata\Avira
2012-02-15 05:30 . 2012-02-15 05:30 -------- d-----w- c:\program files (x86)\Avira
2012-02-15 05:07 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-02-15 05:07 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-02-15 05:07 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-02-15 05:07 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-02-15 05:07 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-15 05:07 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-15 05:07 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-15 05:05 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-02-15 05:00 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-15 05:00 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-15 04:34 . 2012-02-15 04:34 -------- d-----w- c:\program files (x86)\VideoLAN
2012-02-15 04:23 . 2012-02-15 05:54 -------- d-----w- c:\windows\AutoKMS
2012-02-15 04:14 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-15 04:14 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-15 04:14 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-15 04:14 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-15 04:14 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-15 04:14 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-15 04:14 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-15 04:14 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-15 04:14 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-15 04:14 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-15 04:03 . 2012-02-15 04:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-15 04:03 . 2012-02-15 04:09 -------- d-----w- c:\programdata\Microsoft Help
2012-02-15 04:02 . 2012-02-15 04:02 -------- d-----r- C:\MSOCache
2012-02-15 03:56 . 2012-02-15 03:56 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-15 03:54 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E96AEBE-DD39-4C7B-A699-125E25B7D038}\mpengine.dll
2012-02-15 03:54 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 03:36 . 2012-02-15 03:36 -------- d-----w- C:\Stuff
2012-02-15 03:36 . 2012-02-15 03:36 -------- d-----w- C:\Matthew
2012-02-15 03:07 . 2012-02-15 03:07 -------- d-----w- c:\users\Public\Symantec
2012-02-15 03:06 . 2012-02-15 03:06 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2012-02-15 03:06 . 2012-02-15 04:43 -------- d-----w- c:\users\Matt
2012-02-15 02:59 . 2012-02-16 02:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-02-15 02:58 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-15 02:58 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\windows\PCHEALTH
2012-02-15 02:56 . 2012-02-15 02:56 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-15 02:35 . 2010-01-14 22:02 98304 ----a-w- c:\windows\SysWow64\SonyVideoProcessor.dll
2012-02-15 02:35 . 2010-01-14 22:02 94720 ----a-w- c:\windows\system32\SonyVideoProcessor.dll
2012-02-15 02:19 . 2012-02-15 02:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-15 02:19 . 2007-07-19 23:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-02-15 02:12 . 2005-04-27 21:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-02-15 02:12 . 2003-03-19 03:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2012-02-15 02:12 . 2003-02-21 09:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-15 02:12 . 1995-07-31 18:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2012-02-15 02:12 . 2009-05-26 19:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2012-02-15 02:12 . 2008-09-04 22:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2012-02-15 02:12 . 2012-02-15 02:48 -------- d-----w- c:\program files (x86)\ArcSoft
2012-02-15 02:12 . 2012-02-15 02:12 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-02-15 02:10 . 2012-02-15 02:10 -------- d-----w- c:\programdata\Evernote
2012-02-15 02:07 . 2012-02-15 02:07 -------- d-----w- C:\Documentation
2012-02-15 02:07 . 2012-02-15 02:07 -------- d-----w- C:\_FS_SWRINFO
2012-02-15 02:06 . 2008-09-24 23:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-02-15 02:06 . 2008-09-24 23:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-02-15 02:04 . 2012-02-15 02:58 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-15 02:00 . 2012-02-15 03:34 -------- d-----w- c:\program files (x86)\Sony
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----r- c:\program files (x86)\Skype
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----w- c:\programdata\Skype
2012-02-15 01:58 . 2012-02-15 01:58 -------- d---a-w- c:\program files\Shutterfly
2012-02-15 01:56 . 2012-02-15 01:56 -------- d---a-w- C:\Nobu_Icon
2012-02-15 01:55 . 2012-02-15 03:16 -------- d-----w- c:\programdata\Norton
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 01:51 . 2012-02-15 01:51 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files (x86)\Java
2012-02-15 01:51 . 2012-02-15 01:51 455680 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files\Java
2012-02-15 01:49 . 2012-02-15 16:40 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-02-15 01:49 . 2012-02-15 01:49 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-02-15 01:47 . 2012-02-15 05:53 -------- d-----w- c:\programdata\Partner
2012-02-15 01:46 . 2012-02-15 05:53 -------- d-----w- c:\program files\Google
2012-02-15 01:46 . 2012-02-15 05:53 -------- d-----w- c:\program files (x86)\Google
2012-02-15 01:46 . 2012-02-15 02:51 -------- d-----w- c:\windows\Sonysys
2012-02-15 01:44 . 2012-02-15 01:44 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-15 01:42 . 2012-02-15 03:13 -------- d-----w- c:\program files (x86)\AccuWeather.com Cirrus
2012-02-15 01:40 . 2012-02-15 01:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-15 01:40 . 2012-02-15 03:29 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2012-02-15 01:40 . 2012-02-15 03:29 -------- d-----w- c:\program files\Common Files\Sony Shared
2012-02-15 01:35 . 2010-06-19 07:05 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files (x86)\Cisco
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\programdata\Intel
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files\Intel
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files\Synaptics
2012-02-15 01:30 . 2012-02-15 01:30 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-02-15 01:30 . 2009-09-17 17:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-02-15 01:28 . 2012-02-15 01:28 -------- d-----w- c:\program files\WIDCOMM
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\program files (x86)\DDNi
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\programdata\DDNi
2012-02-15 01:23 . 2012-02-15 02:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-15 01:23 . 2012-02-15 01:23 -------- dc-h--w- c:\programdata\{2BD4D073-FF7E-46C6-B916-02F1AF376300}
2012-02-15 01:19 . 2012-02-15 03:08 -------- d-----w- c:\program files\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 01:17 . 2012-02-15 01:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-02-15 01:17 . 2012-02-15 01:17 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-02-15 01:17 . 2012-02-15 01:17 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
VAIO Messenger.lnk - c:\program files (x86)\DDNi\Oasis\Delay.exe [2010-6-30 14176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902679062-2139006972-4100439617-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-15 03:51]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902679062-2139006972-4100439617-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-15 03:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-27 10135584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 130.63.9.18 130.63.10.18
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-16 13:48:44
ComboFix-quarantined-files.txt 2012-02-16 18:48
.
Pre-Run: 575,915,552,768 bytes free
Post-Run: 576,098,410,496 bytes free
.
- - End Of File - - F316C2782715DBE1EE52654095B4A07D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 16 February 2012 - 02:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 February 2012 - 02:10 PM

TDSSKiller log below - aswMBR log to follow:


14:09:06.0170 2148 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:09:06.0388 2148 ============================================================
14:09:06.0388 2148 Current date / time: 2012/02/16 14:09:06.0388
14:09:06.0388 2148 SystemInfo:
14:09:06.0388 2148
14:09:06.0388 2148 OS Version: 6.1.7600 ServicePack: 0.0
14:09:06.0388 2148 Product type: Workstation
14:09:06.0388 2148 ComputerName: MATT-VAIO
14:09:06.0388 2148 UserName: Matt
14:09:06.0388 2148 Windows directory: C:\Windows
14:09:06.0388 2148 System windows directory: C:\Windows
14:09:06.0388 2148 Running under WOW64
14:09:06.0388 2148 Processor architecture: Intel x64
14:09:06.0388 2148 Number of processors: 4
14:09:06.0388 2148 Page size: 0x1000
14:09:06.0388 2148 Boot type: Normal boot
14:09:06.0388 2148 ============================================================
14:09:06.0700 2148 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:06.0700 2148 Drive \Device\Harddisk1\DR1 - Size: 0x79120E00 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:09:06.0716 2148 \Device\Harddisk0\DR0:
14:09:06.0716 2148 MBR used
14:09:06.0716 2148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1454800, BlocksNum 0x32000
14:09:06.0716 2148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1486800, BlocksNum 0x493D1000
14:09:06.0716 2148 \Device\Harddisk1\DR1:
14:09:06.0716 2148 MBR used
14:09:06.0716 2148 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
14:09:06.0732 2148 Initialize success
14:09:06.0732 2148 ============================================================
14:09:16.0170 6688 ============================================================
14:09:16.0170 6688 Scan started
14:09:16.0170 6688 Mode: Manual;
14:09:16.0170 6688 ============================================================
14:09:16.0528 6688 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
14:09:16.0528 6688 1394ohci - ok
14:09:16.0700 6688 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
14:09:16.0700 6688 ACPI - ok
14:09:16.0809 6688 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
14:09:16.0809 6688 AcpiPmi - ok
14:09:16.0950 6688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:09:16.0950 6688 adp94xx - ok
14:09:17.0074 6688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:09:17.0090 6688 adpahci - ok
14:09:17.0199 6688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:09:17.0215 6688 adpu320 - ok
14:09:17.0340 6688 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:09:17.0355 6688 AFD - ok
14:09:17.0480 6688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:09:17.0480 6688 agp440 - ok
14:09:17.0605 6688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:09:17.0605 6688 aliide - ok
14:09:17.0730 6688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:09:17.0730 6688 amdide - ok
14:09:17.0854 6688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:09:17.0854 6688 AmdK8 - ok
14:09:17.0948 6688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:09:17.0948 6688 AmdPPM - ok
14:09:18.0073 6688 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
14:09:18.0088 6688 amdsata - ok
14:09:18.0213 6688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:09:18.0213 6688 amdsbs - ok
14:09:18.0338 6688 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
14:09:18.0338 6688 amdxata - ok
14:09:18.0510 6688 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:09:18.0510 6688 AppID - ok
14:09:18.0666 6688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:09:18.0666 6688 arc - ok
14:09:18.0790 6688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:09:18.0790 6688 arcsas - ok
14:09:18.0915 6688 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:09:18.0915 6688 ArcSoftKsUFilter - ok
14:09:19.0040 6688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:19.0040 6688 AsyncMac - ok
14:09:19.0149 6688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:09:19.0149 6688 atapi - ok
14:09:19.0290 6688 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
14:09:19.0290 6688 avgntflt - ok
14:09:19.0414 6688 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
14:09:19.0414 6688 avipbb - ok
14:09:19.0524 6688 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:09:19.0524 6688 avkmgr - ok
14:09:19.0680 6688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:09:19.0680 6688 b06bdrv - ok
14:09:19.0820 6688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:19.0836 6688 b57nd60a - ok
14:09:19.0976 6688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:09:19.0976 6688 Beep - ok
14:09:20.0148 6688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:09:20.0148 6688 blbdrive - ok
14:09:20.0272 6688 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:09:20.0272 6688 bowser - ok
14:09:20.0397 6688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:09:20.0397 6688 BrFiltLo - ok
14:09:20.0522 6688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:09:20.0522 6688 BrFiltUp - ok
14:09:20.0647 6688 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:09:20.0647 6688 BridgeMP - ok
14:09:20.0787 6688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:09:20.0803 6688 Brserid - ok
14:09:20.0928 6688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:20.0928 6688 BrSerWdm - ok
14:09:21.0052 6688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:21.0052 6688 BrUsbMdm - ok
14:09:21.0177 6688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:21.0177 6688 BrUsbSer - ok
14:09:21.0318 6688 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
14:09:21.0318 6688 BthEnum - ok
14:09:21.0442 6688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:09:21.0442 6688 BTHMODEM - ok
14:09:21.0567 6688 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:09:21.0567 6688 BthPan - ok
14:09:21.0708 6688 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
14:09:21.0708 6688 BTHPORT - ok
14:09:21.0832 6688 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
14:09:21.0832 6688 BTHUSB - ok
14:09:21.0988 6688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:09:21.0988 6688 cdfs - ok
14:09:22.0113 6688 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:09:22.0113 6688 cdrom - ok
14:09:22.0254 6688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:09:22.0254 6688 circlass - ok
14:09:22.0363 6688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:09:22.0363 6688 CLFS - ok
14:09:22.0519 6688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:09:22.0519 6688 CmBatt - ok
14:09:22.0628 6688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:09:22.0628 6688 cmdide - ok
14:09:22.0768 6688 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:09:22.0768 6688 CNG - ok
14:09:22.0924 6688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:09:22.0924 6688 Compbatt - ok
14:09:23.0034 6688 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
14:09:23.0034 6688 CompositeBus - ok
14:09:23.0174 6688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:09:23.0174 6688 crcdisk - ok
14:09:23.0299 6688 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:09:23.0299 6688 DfsC - ok
14:09:23.0424 6688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:09:23.0424 6688 discache - ok
14:09:23.0548 6688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:09:23.0548 6688 Disk - ok
14:09:23.0689 6688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:09:23.0689 6688 drmkaud - ok
14:09:23.0814 6688 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:09:23.0814 6688 dtsoftbus01 - ok
14:09:23.0938 6688 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
14:09:23.0954 6688 DXGKrnl - ok
14:09:24.0157 6688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:09:24.0172 6688 ebdrv - ok
14:09:24.0313 6688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:09:24.0313 6688 elxstor - ok
14:09:24.0422 6688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:09:24.0422 6688 ErrDev - ok
14:09:24.0547 6688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:09:24.0562 6688 exfat - ok
14:09:24.0640 6688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:09:24.0640 6688 fastfat - ok
14:09:24.0765 6688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:09:24.0765 6688 fdc - ok
14:09:24.0874 6688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:09:24.0874 6688 FileInfo - ok
14:09:24.0968 6688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:09:24.0968 6688 Filetrace - ok
14:09:25.0077 6688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:09:25.0077 6688 flpydisk - ok
14:09:25.0171 6688 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:09:25.0171 6688 FltMgr - ok
14:09:25.0264 6688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:09:25.0264 6688 FsDepends - ok
14:09:25.0374 6688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:09:25.0374 6688 Fs_Rec - ok
14:09:25.0483 6688 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:09:25.0483 6688 fvevol - ok
14:09:25.0592 6688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:09:25.0608 6688 gagp30kx - ok
14:09:25.0701 6688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:09:25.0701 6688 hcw85cir - ok
14:09:25.0826 6688 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:09:25.0842 6688 HdAudAddService - ok
14:09:25.0951 6688 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
14:09:25.0951 6688 HDAudBus - ok
14:09:26.0076 6688 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:09:26.0076 6688 HECIx64 - ok
14:09:26.0169 6688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:09:26.0169 6688 HidBatt - ok
14:09:26.0278 6688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:09:26.0278 6688 HidBth - ok
14:09:26.0388 6688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:09:26.0388 6688 HidIr - ok
14:09:26.0528 6688 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
14:09:26.0528 6688 HidUsb - ok
14:09:26.0653 6688 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
14:09:26.0653 6688 HpSAMD - ok
14:09:26.0793 6688 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:09:26.0793 6688 HTTP - ok
14:09:26.0918 6688 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:09:26.0918 6688 hwpolicy - ok
14:09:27.0027 6688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:09:27.0027 6688 i8042prt - ok
14:09:27.0168 6688 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
14:09:27.0168 6688 iaStor - ok
14:09:27.0308 6688 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
14:09:27.0324 6688 iaStorV - ok
14:09:27.0636 6688 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:27.0682 6688 igfx - ok
14:09:27.0792 6688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:09:27.0792 6688 iirsp - ok
14:09:27.0916 6688 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
14:09:27.0916 6688 Impcd - ok
14:09:28.0088 6688 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
14:09:28.0119 6688 IntcAzAudAddService - ok
14:09:28.0228 6688 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:09:28.0244 6688 IntcDAud - ok
14:09:28.0322 6688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:09:28.0322 6688 intelide - ok
14:09:28.0431 6688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:09:28.0431 6688 intelppm - ok
14:09:28.0525 6688 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:28.0525 6688 IpFilterDriver - ok
14:09:28.0634 6688 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
14:09:28.0634 6688 IPMIDRV - ok
14:09:28.0712 6688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:09:28.0712 6688 IPNAT - ok
14:09:28.0821 6688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:09:28.0821 6688 IRENUM - ok
14:09:28.0915 6688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:09:28.0915 6688 isapnp - ok
14:09:28.0993 6688 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
14:09:28.0993 6688 iScsiPrt - ok
14:09:29.0102 6688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:09:29.0102 6688 kbdclass - ok
14:09:29.0196 6688 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
14:09:29.0196 6688 kbdhid - ok
14:09:29.0320 6688 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:09:29.0320 6688 KSecDD - ok
14:09:29.0414 6688 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:09:29.0414 6688 KSecPkg - ok
14:09:29.0523 6688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:09:29.0523 6688 ksthunk - ok
14:09:29.0632 6688 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:09:29.0632 6688 L1C - ok
14:09:29.0773 6688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:09:29.0773 6688 lltdio - ok
14:09:29.0898 6688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:09:29.0898 6688 LSI_FC - ok
14:09:30.0007 6688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:09:30.0007 6688 LSI_SAS - ok
14:09:30.0100 6688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:09:30.0100 6688 LSI_SAS2 - ok
14:09:30.0210 6688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:09:30.0210 6688 LSI_SCSI - ok
14:09:30.0319 6688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:09:30.0334 6688 luafv - ok
14:09:30.0428 6688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:09:30.0428 6688 megasas - ok
14:09:30.0506 6688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:09:30.0506 6688 MegaSR - ok
14:09:30.0615 6688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:09:30.0615 6688 Modem - ok
14:09:30.0709 6688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:09:30.0724 6688 monitor - ok
14:09:30.0818 6688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:09:30.0818 6688 mouclass - ok
14:09:30.0927 6688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:09:30.0927 6688 mouhid - ok
14:09:31.0021 6688 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:09:31.0021 6688 mountmgr - ok
14:09:31.0114 6688 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
14:09:31.0114 6688 mpio - ok
14:09:31.0192 6688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:09:31.0192 6688 mpsdrv - ok
14:09:31.0286 6688 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:09:31.0286 6688 MRxDAV - ok
14:09:31.0395 6688 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:31.0395 6688 mrxsmb - ok
14:09:31.0489 6688 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:31.0489 6688 mrxsmb10 - ok
14:09:31.0598 6688 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:31.0598 6688 mrxsmb20 - ok
14:09:31.0692 6688 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
14:09:31.0692 6688 msahci - ok
14:09:31.0785 6688 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
14:09:31.0785 6688 msdsm - ok
14:09:31.0910 6688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:09:31.0910 6688 Msfs - ok
14:09:32.0004 6688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:09:32.0004 6688 mshidkmdf - ok
14:09:32.0097 6688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:09:32.0097 6688 msisadrv - ok
14:09:32.0206 6688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:09:32.0206 6688 MSKSSRV - ok
14:09:32.0316 6688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:32.0316 6688 MSPCLOCK - ok
14:09:32.0409 6688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:09:32.0409 6688 MSPQM - ok
14:09:32.0503 6688 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:09:32.0503 6688 MsRPC - ok
14:09:32.0596 6688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:09:32.0596 6688 mssmbios - ok
14:09:32.0706 6688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:09:32.0706 6688 MSTEE - ok
14:09:32.0799 6688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:09:32.0799 6688 MTConfig - ok
14:09:32.0877 6688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:09:32.0893 6688 Mup - ok
14:09:33.0018 6688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:09:33.0018 6688 NativeWifiP - ok
14:09:33.0142 6688 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:09:33.0142 6688 NDIS - ok
14:09:33.0236 6688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:33.0236 6688 NdisCap - ok
14:09:33.0330 6688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:33.0330 6688 NdisTapi - ok
14:09:33.0423 6688 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:33.0423 6688 Ndisuio - ok
14:09:33.0532 6688 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:33.0532 6688 NdisWan - ok
14:09:33.0657 6688 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:09:33.0657 6688 NDProxy - ok
14:09:33.0766 6688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:09:33.0766 6688 NetBIOS - ok
14:09:33.0876 6688 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:09:33.0876 6688 NetBT - ok
14:09:34.0141 6688 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:09:34.0188 6688 NETw5s64 - ok
14:09:34.0297 6688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:09:34.0297 6688 nfrd960 - ok
14:09:34.0390 6688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:09:34.0406 6688 Npfs - ok
14:09:34.0500 6688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:09:34.0500 6688 nsiproxy - ok
14:09:34.0624 6688 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
14:09:34.0640 6688 Ntfs - ok
14:09:34.0734 6688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:09:34.0734 6688 Null - ok
14:09:34.0843 6688 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
14:09:34.0843 6688 NVHDA - ok
14:09:35.0186 6688 nvlddmkm (af340a9ecfcc13de8a602221eeed8fde) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:09:35.0248 6688 nvlddmkm - ok
14:09:35.0373 6688 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
14:09:35.0373 6688 nvraid - ok
14:09:35.0467 6688 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
14:09:35.0467 6688 nvstor - ok
14:09:35.0576 6688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:09:35.0576 6688 nv_agp - ok
14:09:35.0685 6688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:09:35.0685 6688 ohci1394 - ok
14:09:35.0826 6688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:09:35.0826 6688 Parport - ok
14:09:35.0904 6688 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:09:35.0904 6688 partmgr - ok
14:09:36.0013 6688 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
14:09:36.0013 6688 pci - ok
14:09:36.0106 6688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:09:36.0106 6688 pciide - ok
14:09:36.0216 6688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:09:36.0216 6688 pcmcia - ok
14:09:36.0294 6688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:09:36.0294 6688 pcw - ok
14:09:36.0403 6688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:09:36.0403 6688 PEAUTH - ok
14:09:36.0543 6688 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:09:36.0543 6688 PptpMiniport - ok
14:09:36.0637 6688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:09:36.0652 6688 Processor - ok
14:09:36.0746 6688 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:09:36.0746 6688 Psched - ok
14:09:36.0871 6688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:09:36.0886 6688 ql2300 - ok
14:09:36.0980 6688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:09:36.0980 6688 ql40xx - ok
14:09:37.0074 6688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:09:37.0074 6688 QWAVEdrv - ok
14:09:37.0183 6688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:09:37.0183 6688 RasAcd - ok
14:09:37.0292 6688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:37.0292 6688 RasAgileVpn - ok
14:09:37.0370 6688 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:37.0370 6688 Rasl2tp - ok
14:09:37.0464 6688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:37.0479 6688 RasPppoe - ok
14:09:37.0573 6688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:09:37.0588 6688 RasSstp - ok
14:09:37.0682 6688 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:09:37.0682 6688 rdbss - ok
14:09:37.0791 6688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:09:37.0791 6688 rdpbus - ok
14:09:37.0885 6688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:37.0885 6688 RDPCDD - ok
14:09:37.0978 6688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:09:37.0978 6688 RDPENCDD - ok
14:09:38.0072 6688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:09:38.0072 6688 RDPREFMP - ok
14:09:38.0166 6688 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:09:38.0166 6688 RDPWD - ok
14:09:38.0290 6688 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
14:09:38.0290 6688 rdyboost - ok
14:09:38.0400 6688 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:09:38.0400 6688 RFCOMM - ok
14:09:38.0524 6688 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
14:09:38.0524 6688 rimspci - ok
14:09:38.0618 6688 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
14:09:38.0618 6688 risdsnpe - ok
14:09:38.0743 6688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:09:38.0743 6688 rspndr - ok
14:09:38.0836 6688 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
14:09:38.0852 6688 sbp2port - ok
14:09:38.0946 6688 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:09:38.0946 6688 scfilter - ok
14:09:39.0039 6688 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
14:09:39.0039 6688 sdbus - ok
14:09:39.0133 6688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:09:39.0133 6688 secdrv - ok
14:09:39.0258 6688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:09:39.0258 6688 Serenum - ok
14:09:39.0336 6688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:09:39.0351 6688 Serial - ok
14:09:39.0429 6688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:09:39.0429 6688 sermouse - ok
14:09:39.0570 6688 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
14:09:39.0570 6688 SFEP - ok
14:09:39.0663 6688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:09:39.0663 6688 sffdisk - ok
14:09:39.0772 6688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:09:39.0772 6688 sffp_mmc - ok
14:09:39.0866 6688 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
14:09:39.0866 6688 sffp_sd - ok
14:09:39.0975 6688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:09:39.0975 6688 sfloppy - ok
14:09:40.0116 6688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:09:40.0116 6688 SiSRaid2 - ok
14:09:40.0225 6688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:09:40.0225 6688 SiSRaid4 - ok
14:09:40.0334 6688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:09:40.0334 6688 Smb - ok
14:09:40.0443 6688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:09:40.0443 6688 spldr - ok
14:09:40.0568 6688 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:09:40.0568 6688 srv - ok
14:09:40.0662 6688 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:09:40.0662 6688 srv2 - ok
14:09:40.0771 6688 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:09:40.0771 6688 srvnet - ok
14:09:40.0880 6688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:09:40.0880 6688 stexstor - ok
14:09:40.0974 6688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:09:40.0974 6688 swenum - ok
14:09:41.0114 6688 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys
14:09:41.0114 6688 SynTP - ok
14:09:41.0270 6688 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:09:41.0286 6688 Tcpip - ok
14:09:41.0442 6688 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:09:41.0457 6688 TCPIP6 - ok
14:09:41.0551 6688 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:09:41.0551 6688 tcpipreg - ok
14:09:41.0660 6688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:09:41.0660 6688 TDPIPE - ok
14:09:41.0754 6688 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:09:41.0754 6688 TDTCP - ok
14:09:41.0847 6688 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:09:41.0847 6688 tdx - ok
14:09:41.0941 6688 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
14:09:41.0956 6688 TermDD - ok
14:09:42.0050 6688 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:42.0050 6688 tssecsrv - ok
14:09:42.0175 6688 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:09:42.0175 6688 tunnel - ok
14:09:42.0268 6688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:09:42.0268 6688 uagp35 - ok
14:09:42.0362 6688 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
14:09:42.0378 6688 udfs - ok
14:09:42.0471 6688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:09:42.0471 6688 uliagpkx - ok
14:09:42.0565 6688 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:09:42.0565 6688 umbus - ok
14:09:42.0674 6688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:09:42.0674 6688 UmPass - ok
14:09:42.0783 6688 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:42.0783 6688 usbccgp - ok
14:09:42.0892 6688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:09:42.0892 6688 usbcir - ok
14:09:42.0986 6688 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
14:09:42.0986 6688 usbehci - ok
14:09:43.0095 6688 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
14:09:43.0111 6688 usbhub - ok
14:09:43.0204 6688 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
14:09:43.0204 6688 usbohci - ok
14:09:43.0298 6688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:09:43.0298 6688 usbprint - ok
14:09:43.0407 6688 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:43.0407 6688 USBSTOR - ok
14:09:43.0516 6688 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
14:09:43.0516 6688 usbuhci - ok
14:09:43.0626 6688 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:09:43.0626 6688 usbvideo - ok
14:09:43.0766 6688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:09:43.0766 6688 vdrvroot - ok
14:09:43.0891 6688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:43.0891 6688 vga - ok
14:09:44.0000 6688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:09:44.0000 6688 VgaSave - ok
14:09:44.0109 6688 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
14:09:44.0109 6688 vhdmp - ok
14:09:44.0218 6688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:09:44.0218 6688 viaide - ok
14:09:44.0312 6688 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
14:09:44.0312 6688 volmgr - ok
14:09:44.0421 6688 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:09:44.0421 6688 volmgrx - ok
14:09:44.0515 6688 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
14:09:44.0515 6688 volsnap - ok
14:09:44.0640 6688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:09:44.0640 6688 vsmraid - ok
14:09:44.0733 6688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:09:44.0733 6688 vwifibus - ok
14:09:44.0827 6688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:09:44.0827 6688 vwififlt - ok
14:09:44.0920 6688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:09:44.0920 6688 vwifimp - ok
14:09:45.0014 6688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:09:45.0014 6688 WacomPen - ok
14:09:45.0123 6688 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:09:45.0123 6688 WANARP - ok
14:09:45.0139 6688 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:09:45.0139 6688 Wanarpv6 - ok
14:09:45.0264 6688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:09:45.0264 6688 Wd - ok
14:09:45.0373 6688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:09:45.0388 6688 Wdf01000 - ok
14:09:45.0482 6688 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
14:09:45.0482 6688 wdkmd - ok
14:09:45.0607 6688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:45.0622 6688 WfpLwf - ok
14:09:45.0716 6688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:09:45.0716 6688 WIMMount - ok
14:09:45.0841 6688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:09:45.0841 6688 WmiAcpi - ok
14:09:45.0950 6688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:09:45.0950 6688 ws2ifsl - ok
14:09:46.0059 6688 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:09:46.0059 6688 WudfPf - ok
14:09:46.0153 6688 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:46.0153 6688 WUDFRd - ok
14:09:46.0200 6688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:09:46.0262 6688 \Device\Harddisk0\DR0 - ok
14:09:46.0262 6688 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:09:46.0309 6688 \Device\Harddisk1\DR1 - ok
14:09:46.0309 6688 Boot (0x1200) (4d99ef084a641904057b78526ff2b6df) \Device\Harddisk0\DR0\Partition0
14:09:46.0309 6688 \Device\Harddisk0\DR0\Partition0 - ok
14:09:46.0309 6688 Boot (0x1200) (33227ef062ae968c842443ad2b11230d) \Device\Harddisk0\DR0\Partition1
14:09:46.0324 6688 \Device\Harddisk0\DR0\Partition1 - ok
14:09:46.0324 6688 Boot (0x1200) (e5e24002978b44811c121ddce1fef61b) \Device\Harddisk1\DR1\Partition0
14:09:46.0324 6688 \Device\Harddisk1\DR1\Partition0 - ok
14:09:46.0324 6688 ============================================================
14:09:46.0324 6688 Scan finished
14:09:46.0324 6688 ============================================================
14:09:46.0324 7032 Detected object count: 0
14:09:46.0324 7032 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 16 February 2012 - 02:45 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 February 2012 - 04:37 PM

Sorry for the temporary delay. I had to be away from my computer for a while. aswMBR also created a file called MBR.dat, and I'm assuming its not necessary for what we are doing now. I have it saved in case we need it later.

aswMBR log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 14:11:46
-----------------------------
14:11:46.172 OS Version: Windows x64 6.1.7600
14:11:46.172 Number of processors: 4 586 0x2505
14:11:46.172 ComputerName: MATT-VAIO UserName: Matt
14:11:47.062 Initialize success
14:16:07.201 AVAST engine defs: 12021600
14:20:02.747 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:02.751 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
14:20:02.758 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
14:20:02.761 Disk 1 Vendor: RICOH 02 Size: 1937MB BusType: 0
14:20:02.775 Disk 0 MBR read successfully
14:20:02.780 Disk 0 MBR scan
14:20:02.787 Disk 0 Windows 7 default MBR code
14:20:02.795 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10408 MB offset 2048
14:20:02.814 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21317632
14:20:02.835 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599970 MB offset 21522432
14:20:02.842 Service scanning
14:20:03.846 Modules scanning
14:20:03.853 Disk 0 trace - called modules:
14:20:04.263 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:20:04.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfd060]
14:20:04.278 3 CLASSPNP.SYS[fffff88001aff43f] -> nt!IofCallDriver -> [0xfffffa800494a9d0]
14:20:04.286 5 ACPI.sys[fffff88000f21781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004987050]
14:20:05.429 AVAST engine scan C:\Windows
14:20:08.167 AVAST engine scan C:\Windows\system32
14:22:26.787 AVAST engine scan C:\Windows\system32\drivers
14:22:37.586 AVAST engine scan C:\Users\Matt
14:31:28.219 AVAST engine scan C:\ProgramData
14:31:56.703 Scan finished successfully
16:32:11.537 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
16:32:11.537 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 16 February 2012 - 09:15 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2012 - 12:22 AM

Please see the log generated by Combofix below. I loaded up an mp3 in vlc player to listen to while I waited for Combofix to finish running, I hope this didn't interfere with the script. In any case, I didn't see any instruction not to touch my computer while script was running. Hopefully this is fine.


ComboFix 12-02-16.02 - Matt 17/02/2012 0:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3767.1899 [GMT -5:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
Command switches used :: c:\users\Matt\Downloads\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 05:18 . 2012-02-17 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 06:46 . 2012-02-16 06:46 -------- d-----w- c:\program files (x86)\uTorrent
2012-02-15 09:14 . 2012-02-15 09:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E96AEBE-DD39-4C7B-A699-125E25B7D038}\offreg.dll
2012-02-15 07:45 . 2012-02-15 07:45 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-15 07:45 . 2012-02-15 07:45 -------- d-----w- c:\windows\system32\Wat
2012-02-15 07:43 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-15 07:43 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-15 07:40 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-15 07:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-15 05:30 . 2012-02-16 05:32 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 05:30 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-15 05:30 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-15 05:30 . 2012-02-15 05:30 -------- d-----w- c:\programdata\Avira
2012-02-15 05:30 . 2012-02-15 05:30 -------- d-----w- c:\program files (x86)\Avira
2012-02-15 05:07 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-02-15 05:07 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-02-15 05:07 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-02-15 05:07 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-02-15 05:07 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-15 05:07 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-15 05:07 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-15 05:05 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-02-15 05:00 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-15 05:00 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-15 04:34 . 2012-02-15 04:34 -------- d-----w- c:\program files (x86)\VideoLAN
2012-02-15 04:23 . 2012-02-15 05:54 -------- d-----w- c:\windows\AutoKMS
2012-02-15 04:14 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-15 04:14 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-15 04:14 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-15 04:14 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-15 04:14 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-15 04:14 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-15 04:14 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-15 04:14 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-15 04:14 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-15 04:14 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-15 04:03 . 2012-02-15 04:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-15 04:03 . 2012-02-15 04:09 -------- d-----w- c:\programdata\Microsoft Help
2012-02-15 04:02 . 2012-02-15 04:02 -------- d-----r- C:\MSOCache
2012-02-15 03:56 . 2012-02-15 03:56 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-15 03:54 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E96AEBE-DD39-4C7B-A699-125E25B7D038}\mpengine.dll
2012-02-15 03:54 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 03:36 . 2012-02-16 21:33 -------- d-----w- C:\Stuff
2012-02-15 03:36 . 2012-02-15 03:36 -------- d-----w- C:\Matthew
2012-02-15 03:07 . 2012-02-15 03:07 -------- d-----w- c:\users\Public\Symantec
2012-02-15 03:06 . 2012-02-15 03:06 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2012-02-15 03:06 . 2012-02-16 21:33 -------- d-----w- c:\users\Matt
2012-02-15 02:59 . 2012-02-16 02:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-02-15 02:58 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-15 02:58 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-02-15 02:57 . 2012-02-15 02:57 -------- d-----w- c:\windows\PCHEALTH
2012-02-15 02:56 . 2012-02-15 02:56 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-15 02:35 . 2010-01-14 22:02 98304 ----a-w- c:\windows\SysWow64\SonyVideoProcessor.dll
2012-02-15 02:35 . 2010-01-14 22:02 94720 ----a-w- c:\windows\system32\SonyVideoProcessor.dll
2012-02-15 02:19 . 2012-02-15 02:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-15 02:19 . 2007-07-19 23:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-02-15 02:12 . 2005-04-27 21:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-02-15 02:12 . 2003-03-19 03:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2012-02-15 02:12 . 2003-02-21 09:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-15 02:12 . 1995-07-31 18:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2012-02-15 02:12 . 2009-05-26 19:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2012-02-15 02:12 . 2008-09-04 22:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2012-02-15 02:12 . 2012-02-15 02:48 -------- d-----w- c:\program files (x86)\ArcSoft
2012-02-15 02:12 . 2012-02-15 02:12 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-02-15 02:10 . 2012-02-15 02:10 -------- d-----w- c:\programdata\Evernote
2012-02-15 02:07 . 2012-02-15 02:07 -------- d-----w- C:\Documentation
2012-02-15 02:07 . 2012-02-15 02:07 -------- d-----w- C:\_FS_SWRINFO
2012-02-15 02:06 . 2008-09-24 23:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-02-15 02:06 . 2008-09-24 23:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-02-15 02:04 . 2012-02-15 02:58 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-15 02:00 . 2012-02-15 03:34 -------- d-----w- c:\program files (x86)\Sony
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----r- c:\program files (x86)\Skype
2012-02-15 01:59 . 2012-02-15 01:59 -------- d-----w- c:\programdata\Skype
2012-02-15 01:58 . 2012-02-15 01:58 -------- d---a-w- c:\program files\Shutterfly
2012-02-15 01:56 . 2012-02-15 01:56 -------- d---a-w- C:\Nobu_Icon
2012-02-15 01:55 . 2012-02-15 03:16 -------- d-----w- c:\programdata\Norton
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 01:51 . 2012-02-15 01:51 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files (x86)\Java
2012-02-15 01:51 . 2012-02-15 01:51 455680 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 01:51 . 2012-02-15 01:51 -------- d-----w- c:\program files\Java
2012-02-15 01:49 . 2012-02-15 16:40 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-02-15 01:49 . 2012-02-15 01:49 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-02-15 01:47 . 2012-02-15 05:53 -------- d-----w- c:\programdata\Partner
2012-02-15 01:46 . 2012-02-15 05:53 -------- d-----w- c:\program files\Google
2012-02-15 01:46 . 2012-02-15 05:53 -------- d-----w- c:\program files (x86)\Google
2012-02-15 01:46 . 2012-02-15 02:51 -------- d-----w- c:\windows\Sonysys
2012-02-15 01:44 . 2012-02-15 01:44 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-15 01:42 . 2012-02-15 03:13 -------- d-----w- c:\program files (x86)\AccuWeather.com Cirrus
2012-02-15 01:40 . 2012-02-15 01:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-15 01:40 . 2012-02-15 03:29 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2012-02-15 01:40 . 2012-02-15 03:29 -------- d-----w- c:\program files\Common Files\Sony Shared
2012-02-15 01:35 . 2010-06-19 07:05 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files (x86)\Cisco
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\programdata\Intel
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files\Intel
2012-02-15 01:32 . 2012-02-15 01:32 -------- d-----w- c:\program files\Synaptics
2012-02-15 01:30 . 2012-02-15 01:30 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-02-15 01:30 . 2009-09-17 17:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-02-15 01:28 . 2012-02-15 01:28 -------- d-----w- c:\program files\WIDCOMM
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\program files (x86)\DDNi
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\programdata\DDNi
2012-02-15 01:23 . 2012-02-15 02:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-15 01:23 . 2012-02-15 01:23 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-15 01:23 . 2012-02-15 01:23 -------- dc-h--w- c:\programdata\{2BD4D073-FF7E-46C6-B916-02F1AF376300}
2012-02-15 01:19 . 2012-02-15 03:08 -------- d-----w- c:\program files\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 01:17 . 2012-02-15 01:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-02-15 01:17 . 2012-02-15 01:17 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-02-15 01:17 . 2012-02-15 01:17 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-02-15 01:16 . 2012-02-15 01:16 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_18.47.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-15 09:05 . 2012-02-16 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 09:05 . 2012-02-17 05:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-15 09:05 . 2012-02-16 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-15 09:05 . 2012-02-17 05:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-15 15:03 . 2012-02-17 01:43 191918 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:34 . 2012-02-17 03:36 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-16 10:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
VAIO Messenger.lnk - c:\program files (x86)\DDNi\Oasis\Delay.exe [2010-6-30 14176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69604011
*NewlyCreated* - ASWMBR
*Deregistered* - 69604011
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902679062-2139006972-4100439617-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-15 03:51]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902679062-2139006972-4100439617-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-15 03:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-27 10135584]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 130.63.9.18 130.63.10.18
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-17 00:19:19
ComboFix-quarantined-files.txt 2012-02-17 05:19
ComboFix2.txt 2012-02-16 18:48
.
Pre-Run: 575,985,782,784 bytes free
Post-Run: 575,982,854,144 bytes free
.
- - End Of File - - D7A3A30BE72565734A4260D57F7BDF02

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 17 February 2012 - 12:24 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2012 - 12:42 AM

As requested:



Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
µTorrent
Avira Free Antivirus
DAEMON Tools Lite
Dropbox
Google Chrome
HL-2270DW
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service 1.0
OOBE
PMB
Realtek High Definition Audio Driver
Remote Keyboard with PlayStation 3
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 4.2
SmartWi Connection Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Messenger
VAIO Transfer Support
VAIO Update
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 17 February 2012 - 12:47 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

XXXX [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

[b]"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 m22chan

m22chan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2012 - 01:25 AM

Log from MBAM:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Matt :: MATT-VAIO [administrator]

Protection: Enabled

17/02/2012 1:15:07 AM
mbam-log-2012-02-17 (01-15-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183934
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

===============================================================

Log from HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:19 AM, on 17/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VAIO Messenger.lnk = C:\Program Files (x86)\DDNi\Oasis\Delay.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10302 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users