Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect (happili, etc.)


  • This topic is locked This topic is locked
15 replies to this topic

#1 tango15000

tango15000

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 08 April 2012 - 11:37 AM

Hey everyone... I started seeing the redirects last week. I use Firefox all the time, and rarely use IE. Chrome is installed, but I never use it. It happens both at home and at the office, but I'm not sure if that matters? Here are my logs. Thanks in advance! :-)


DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Holz at 9:29:17 on 2012-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7862.5710 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6B0D0DC3-A25C-4F7E-AC22-7A478F8F636A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6B0D0DC3-A25C-4F7E-AC22-7A478F8F636A}\240513 : DhcpNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{6B0D0DC3-A25C-4F7E-AC22-7A478F8F636A}\75C414E4D2540343545313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6B0D0DC3-A25C-4F7E-AC22-7A478F8F636A}\84F6C6A7022596467656C656970213 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6B0D0DC3-A25C-4F7E-AC22-7A478F8F636A}\D4F4E4A5F4F4E4 : DhcpNameServer = 80.254.79.157 80.254.77.39
TCP: Interfaces\{971B8CEE-2B57-4972-A7F1-69ADF3265BA5} : DhcpNameServer = 8.8.8.8 4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Holz\AppData\Roaming\Mozilla\Firefox\Profiles\kicgxbru.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Holz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Holz\AppData\Roaming\Mozilla\Firefox\Profiles\kicgxbru.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-7 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-10 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-4 652360]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-12 126400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-2-2 190496]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-2 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-2-2 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-2-2 1250160]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\4452.tmp --> C:\Windows\system32\4452.tmp [?]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-2-2 252416]
.
=============== Created Last 30 ================
.
2012-04-07 22:53:42 -------- d-----w- C:\Program Files\HitmanPro
2012-04-07 22:53:32 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-07 22:27:26 -------- d-----w- C:\Users\Holz\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 22:26:59 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-07 22:26:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-07 22:23:31 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2012-04-07 22:12:46 6144 ------w- C:\Windows\System32\4452.tmp
2012-04-07 22:12:22 6144 ------w- C:\Windows\System32\E560.tmp
2012-04-07 21:35:13 -------- d-----w- C:\ProgramData\Sophos
2012-04-07 21:34:41 73728 ----a-r- C:\Users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34:41 73728 ----a-r- C:\Users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34:41 73728 ----a-r- C:\Users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-04-07 21:34:40 -------- d-----w- C:\Program Files (x86)\Sophos
2012-04-07 21:07:31 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-07 21:07:31 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-07 21:02:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDA955DD-9C73-4DCF-980B-65E4F665EA03}\mpengine.dll
2012-04-05 02:31:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-05 01:06:22 -------- d-----w- C:\Users\Holz\AppData\Local\Symantec
2012-04-04 22:05:56 -------- d-----w- C:\Users\Holz\AppData\Roaming\Malwarebytes
2012-04-04 22:05:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-04 22:05:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:10:48 -------- d-----w- C:\Users\Holz\AppData\Local\PackageAware
2012-03-16 02:50:18 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-16 02:50:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-16 02:50:17 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-16 02:48:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-16 02:48:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-16 02:48:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-16 02:48:48 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-16 02:48:48 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-16 02:48:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-16 02:48:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-16 02:48:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-16 02:48:47 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-16 02:48:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-23 04:03:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:29:39.90 ===============



ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/8/2011 7:34:37 PM
System Uptime: 4/8/2012 8:06:28 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™ i7 CPU M 640 @ 2.80GHz | N/A | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 143.132 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID:
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer:
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID:
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer:
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID:
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer:
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: HP
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID:
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer:
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID:
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer:
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID:
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: hp LaserJet 1300n
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: hp LaserJet 1300n
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID:
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
==== System Restore Points ===================
.
RP118: 3/4/2012 8:41:04 AM - Windows Update
RP119: 3/10/2012 8:23:39 AM - Windows Update
RP120: 3/14/2012 10:41:19 AM - Windows Update
RP121: 3/15/2012 7:48:52 PM - Windows Update
RP122: 3/15/2012 7:57:37 PM - VAIO Care Automatic Restore Point
RP123: 3/22/2012 10:11:11 AM - Windows Update
RP124: 3/22/2012 8:00:39 PM - VAIO Care Automatic Restore Point
RP125: 3/24/2012 9:09:53 AM - Removed Oasis2Service
RP126: 3/27/2012 9:14:01 AM - Windows Update
RP127: 3/31/2012 9:05:23 PM - Windows Update
RP128: 4/3/2012 5:03:57 PM - Norton 360 Registry Clean
RP129: 4/4/2012 5:30:57 PM - Installed Microsoft Fix it 50267
RP130: 4/4/2012 6:01:48 PM - Restore Operation
RP131: 4/4/2012 7:28:08 PM - Windows Update
RP132: 4/4/2012 8:03:27 PM - Removed Oasis2Service
RP133: 4/7/2012 2:34:31 PM - Installed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
AccuWeather.com Cirrus
Adobe Acrobat 9 Standard
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Reader 9.3.2
Adobe SVG Viewer
AIM 6
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
BBSAK
BlackBerry Desktop Software 6.1
BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
Breezy Connector
BufferChm
C410
Coupon Printer for Windows
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Evernote
Fax
Google Chrome
GPBaseService2
HP Photo Creations
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Media Gallery
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Norton 360
OOBE
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PS_AIO_07_C410_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Remote Keyboard with PlayStation 3
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 4.2
SlingPlayer
SmartSound Quicktracks for Premiere Elements 8.0
SmartWebPrinting
SmartWi Connection Utility
SolutionCenter
Sophos Anti-Rootkit 1.5.20
Sophos Virus Removal Tool
Status
System Requirements Lab for Intel
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
Viewpoint Media Player
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 8:07:10 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/8/2012 8:07:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks
4/7/2012 3:22:59 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
4/7/2012 3:22:59 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\4452.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/7/2012 3:12:22 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\E560.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/3/2012 9:50:04 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 09 April 2012 - 12:17 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 April 2012 - 01:09 PM

Hey Gringo! Thanks so much for the response. Here's my ComboFix log. I haven't really done much surfing yet, but I'll see how the computer reacts during the day.

Thanks!!



ComboFix 12-04-09.05 - Holz 04/09/2012 10:57:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7862.5927 [GMT -7:00]
Running from: c:\download\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-07 22:53 . 2012-04-07 22:54 -------- d-----w- c:\program files\HitmanPro
2012-04-07 22:53 . 2012-04-07 22:54 -------- d-----w- c:\programdata\HitmanPro
2012-04-07 22:27 . 2012-04-07 22:27 -------- d-----w- c:\users\Holz\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 22:26 . 2012-04-07 22:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-07 22:26 . 2012-04-07 22:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-07 22:23 . 2011-05-12 21:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-04-07 22:12 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\4452.tmp
2012-04-07 22:12 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\E560.tmp
2012-04-07 21:35 . 2012-04-07 21:35 -------- d-----w- c:\programdata\Sophos
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-04-07 21:34 . 2012-04-07 22:12 -------- d-----w- c:\program files (x86)\Sophos
2012-04-07 21:07 . 2012-04-07 21:07 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-07 21:07 . 2012-04-07 21:07 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-07 21:02 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDA955DD-9C73-4DCF-980B-65E4F665EA03}\mpengine.dll
2012-04-05 02:31 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 01:06 . 2012-04-05 01:06 -------- d-----w- c:\users\Holz\AppData\Local\Symantec
2012-04-04 22:05 . 2012-04-04 22:05 -------- d-----w- c:\users\Holz\AppData\Roaming\Malwarebytes
2012-04-04 22:05 . 2012-04-04 22:05 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 22:05 . 2012-04-05 02:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:10 . 2012-03-24 16:10 -------- d-----w- c:\users\Holz\AppData\Local\PackageAware
2012-03-16 02:50 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-16 02:50 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-16 02:50 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 02:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-16 02:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-16 02:48 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-16 02:48 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-16 02:48 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-16 02:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-16 02:48 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2011-02-09 05:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 04:03 . 2011-05-17 17:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-07-09 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4452.tmp [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-07 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-06-18 190496]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570768703-1593549613-3294618608-1006Core.job
- c:\users\Holz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 03:28]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570768703-1593549613-3294618608-1006UA.job
- c:\users\Holz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 03:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 410136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-04 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-18 9962016]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2010-06-18 475680]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 8.8.8.8 4.2.2.2
FF - ProfilePath - c:\users\Holz\AppData\Roaming\Mozilla\Firefox\Profiles\kicgxbru.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4452.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-09 11:03:07
ComboFix-quarantined-files.txt 2012-04-09 18:03
.
Pre-Run: 154,134,564,864 bytes free
Post-Run: 153,650,540,544 bytes free
.
- - End Of File - - 2E9FB10C4774996320DA93D8434A3BE0

#4 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 April 2012 - 01:14 PM

I just tried a Google search, and it's still redirecting... this time to "addedsuccess.com".

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 09 April 2012 - 03:09 PM

Hello


I want you to check all the browsers that are installed on the computer and give me a list of the ones that are being redirected


Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 April 2012 - 04:49 PM

Hey! It appears that only Firefox is being affected with the redirects. IE and Chrome seemed ok. When I did the scans, my norton 360 blocked a file named "unp76525019.tmp (Trojan.Gen.2)" during the aswMBR scan. TDSSkiller didn't find anything.

Thanks!



TDSSkiller

14:16:05.0766 7404 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
14:16:06.0158 7404 ============================================================
14:16:06.0159 7404 Current date / time: 2012/04/09 14:16:06.0158
14:16:06.0159 7404 SystemInfo:
14:16:06.0159 7404
14:16:06.0159 7404 OS Version: 6.1.7601 ServicePack: 1.0
14:16:06.0159 7404 Product type: Workstation
14:16:06.0159 7404 ComputerName: HOLZ-VAIO_Z
14:16:06.0159 7404 UserName: Holz
14:16:06.0159 7404 Windows directory: C:\Windows
14:16:06.0159 7404 System windows directory: C:\Windows
14:16:06.0159 7404 Running under WOW64
14:16:06.0159 7404 Processor architecture: Intel x64
14:16:06.0159 7404 Number of processors: 4
14:16:06.0159 7404 Page size: 0x1000
14:16:06.0159 7404 Boot type: Normal boot
14:16:06.0159 7404 ============================================================
14:16:06.0380 7404 Drive \Device\Harddisk0\DR0 - Size: 0x3B9EC00000 (238.48 Gb), SectorSize: 0x200, Cylinders: 0x799B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:16:06.0384 7404 Drive \Device\Harddisk1\DR1 - Size: 0x77FB0200 (1.87 Gb), SectorSize: 0x200, Cylinders: 0x17FF, SectorsPerTrack: 0x28, TracksPerCylinder: 0x10, Type 'W'
14:16:06.0386 7404 \Device\Harddisk0\DR0:
14:16:06.0386 7404 MBR used
14:16:06.0386 7404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A98000, BlocksNum 0x32000
14:16:06.0386 7404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ACA000, BlocksNum 0x1C22B800
14:16:06.0386 7404 \Device\Harddisk1\DR1:
14:16:06.0386 7404 MBR used
14:16:06.0389 7404 Initialize success
14:16:06.0389 7404 ============================================================
14:16:30.0434 6244 ============================================================
14:16:30.0434 6244 Scan started
14:16:30.0434 6244 Mode: Manual;
14:16:30.0434 6244 ============================================================
14:16:30.0631 6244 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:16:30.0633 6244 !SASCORE - ok
14:16:30.0671 6244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:16:30.0675 6244 1394ohci - ok
14:16:30.0682 6244 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:16:30.0685 6244 ACDaemon - ok
14:16:30.0730 6244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:16:30.0735 6244 ACPI - ok
14:16:30.0743 6244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:16:30.0745 6244 AcpiPmi - ok
14:16:30.0756 6244 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:16:30.0758 6244 AdobeActiveFileMonitor8.0 - ok
14:16:30.0770 6244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:16:30.0775 6244 adp94xx - ok
14:16:30.0783 6244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:16:30.0787 6244 adpahci - ok
14:16:30.0794 6244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:16:30.0797 6244 adpu320 - ok
14:16:30.0804 6244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:16:30.0804 6244 AeLookupSvc - ok
14:16:30.0820 6244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:16:30.0824 6244 AFD - ok
14:16:30.0831 6244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:16:30.0833 6244 agp440 - ok
14:16:30.0837 6244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:16:30.0839 6244 ALG - ok
14:16:30.0846 6244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:16:30.0847 6244 aliide - ok
14:16:30.0853 6244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:16:30.0854 6244 amdide - ok
14:16:30.0859 6244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:16:30.0862 6244 AmdK8 - ok
14:16:30.0867 6244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:16:30.0869 6244 AmdPPM - ok
14:16:30.0875 6244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:16:30.0877 6244 amdsata - ok
14:16:30.0883 6244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:16:30.0886 6244 amdsbs - ok
14:16:30.0891 6244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:16:30.0892 6244 amdxata - ok
14:16:30.0908 6244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:16:30.0910 6244 AppID - ok
14:16:30.0914 6244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:16:30.0921 6244 AppIDSvc - ok
14:16:30.0927 6244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:16:30.0934 6244 Appinfo - ok
14:16:30.0941 6244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:16:30.0943 6244 arc - ok
14:16:30.0947 6244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:16:30.0949 6244 arcsas - ok
14:16:30.0954 6244 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:16:30.0954 6244 ArcSoftKsUFilter - ok
14:16:30.0959 6244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:30.0961 6244 AsyncMac - ok
14:16:30.0965 6244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:16:30.0966 6244 atapi - ok
14:16:30.0982 6244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:16:30.0985 6244 AudioEndpointBuilder - ok
14:16:30.0992 6244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:16:30.0995 6244 AudioSrv - ok
14:16:31.0001 6244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:16:31.0008 6244 AxInstSV - ok
14:16:31.0020 6244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:16:31.0024 6244 b06bdrv - ok
14:16:31.0036 6244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:16:31.0039 6244 b57nd60a - ok
14:16:31.0048 6244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:16:31.0056 6244 BDESVC - ok
14:16:31.0062 6244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:16:31.0064 6244 Beep - ok
14:16:31.0083 6244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:16:31.0087 6244 BFE - ok
14:16:31.0108 6244 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
14:16:31.0113 6244 BHDrvx64 - ok
14:16:31.0130 6244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:16:31.0138 6244 BITS - ok
14:16:31.0144 6244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:16:31.0146 6244 blbdrive - ok
14:16:31.0152 6244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:16:31.0154 6244 bowser - ok
14:16:31.0160 6244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:16:31.0161 6244 BrFiltLo - ok
14:16:31.0167 6244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:16:31.0168 6244 BrFiltUp - ok
14:16:31.0179 6244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:16:31.0181 6244 BridgeMP - ok
14:16:31.0189 6244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:16:31.0190 6244 Browser - ok
14:16:31.0199 6244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:16:31.0202 6244 Brserid - ok
14:16:31.0208 6244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:16:31.0209 6244 BrSerWdm - ok
14:16:31.0214 6244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:16:31.0215 6244 BrUsbMdm - ok
14:16:31.0220 6244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:16:31.0221 6244 BrUsbSer - ok
14:16:31.0228 6244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:16:31.0229 6244 BthEnum - ok
14:16:31.0236 6244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:16:31.0238 6244 BTHMODEM - ok
14:16:31.0245 6244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:16:31.0247 6244 BthPan - ok
14:16:31.0258 6244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:16:31.0264 6244 BTHPORT - ok
14:16:31.0271 6244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:16:31.0274 6244 bthserv - ok
14:16:31.0281 6244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:16:31.0283 6244 BTHUSB - ok
14:16:31.0293 6244 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
14:16:31.0296 6244 btwampfl - ok
14:16:31.0304 6244 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
14:16:31.0307 6244 btwaudio - ok
14:16:31.0314 6244 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
14:16:31.0317 6244 btwavdt - ok
14:16:31.0345 6244 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:16:31.0351 6244 btwdins - ok
14:16:31.0356 6244 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:16:31.0358 6244 btwl2cap - ok
14:16:31.0363 6244 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
14:16:31.0364 6244 btwrchid - ok
14:16:31.0367 6244 catchme - ok
14:16:31.0386 6244 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
14:16:31.0389 6244 ccHP - ok
14:16:31.0393 6244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:16:31.0395 6244 cdfs - ok
14:16:31.0401 6244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:16:31.0403 6244 cdrom - ok
14:16:31.0411 6244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:16:31.0412 6244 CertPropSvc - ok
14:16:31.0417 6244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:16:31.0418 6244 circlass - ok
14:16:31.0428 6244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:16:31.0431 6244 CLFS - ok
14:16:31.0439 6244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:31.0441 6244 clr_optimization_v2.0.50727_32 - ok
14:16:31.0451 6244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:16:31.0453 6244 clr_optimization_v2.0.50727_64 - ok
14:16:31.0463 6244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:31.0464 6244 clr_optimization_v4.0.30319_32 - ok
14:16:31.0472 6244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:16:31.0474 6244 clr_optimization_v4.0.30319_64 - ok
14:16:31.0479 6244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:16:31.0480 6244 CmBatt - ok
14:16:31.0483 6244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:16:31.0485 6244 cmdide - ok
14:16:31.0493 6244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:16:31.0497 6244 CNG - ok
14:16:31.0503 6244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:16:31.0504 6244 Compbatt - ok
14:16:31.0509 6244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:16:31.0510 6244 CompositeBus - ok
14:16:31.0513 6244 COMSysApp - ok
14:16:31.0518 6244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:16:31.0521 6244 crcdisk - ok
14:16:31.0529 6244 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:16:31.0530 6244 CryptSvc - ok
14:16:31.0540 6244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:16:31.0546 6244 DcomLaunch - ok
14:16:31.0552 6244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:16:31.0555 6244 defragsvc - ok
14:16:31.0560 6244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:16:31.0561 6244 DfsC - ok
14:16:31.0570 6244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:16:31.0572 6244 Dhcp - ok
14:16:31.0576 6244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:16:31.0577 6244 discache - ok
14:16:31.0582 6244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:16:31.0583 6244 Disk - ok
14:16:31.0588 6244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:16:31.0590 6244 Dnscache - ok
14:16:31.0597 6244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:16:31.0605 6244 dot3svc - ok
14:16:31.0610 6244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:16:31.0612 6244 DPS - ok
14:16:31.0616 6244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:16:31.0617 6244 drmkaud - ok
14:16:31.0635 6244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:16:31.0639 6244 DXGKrnl - ok
14:16:31.0647 6244 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
14:16:31.0649 6244 e1kexpress - ok
14:16:31.0654 6244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:16:31.0655 6244 EapHost - ok
14:16:31.0701 6244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:16:31.0718 6244 ebdrv - ok
14:16:31.0729 6244 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:16:31.0731 6244 eeCtrl - ok
14:16:31.0735 6244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:16:31.0736 6244 EFS - ok
14:16:31.0752 6244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:16:31.0757 6244 ehRecvr - ok
14:16:31.0763 6244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:16:31.0766 6244 ehSched - ok
14:16:31.0778 6244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:16:31.0782 6244 elxstor - ok
14:16:31.0788 6244 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:16:31.0789 6244 EraserUtilRebootDrv - ok
14:16:31.0793 6244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:16:31.0795 6244 ErrDev - ok
14:16:31.0806 6244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:16:31.0809 6244 EventSystem - ok
14:16:31.0827 6244 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:16:31.0833 6244 EvtEng - ok
14:16:31.0838 6244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:16:31.0844 6244 exfat - ok
14:16:31.0848 6244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:16:31.0850 6244 fastfat - ok
14:16:31.0860 6244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:16:31.0868 6244 Fax - ok
14:16:31.0873 6244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:16:31.0874 6244 fdc - ok
14:16:31.0879 6244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:16:31.0880 6244 fdPHost - ok
14:16:31.0883 6244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:16:31.0884 6244 FDResPub - ok
14:16:31.0888 6244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:16:31.0889 6244 FileInfo - ok
14:16:31.0892 6244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:16:31.0893 6244 Filetrace - ok
14:16:31.0905 6244 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:16:31.0914 6244 FLEXnet Licensing Service - ok
14:16:31.0920 6244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:16:31.0921 6244 flpydisk - ok
14:16:31.0930 6244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:16:31.0933 6244 FltMgr - ok
14:16:31.0948 6244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:16:31.0959 6244 FontCache - ok
14:16:31.0964 6244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:16:31.0964 6244 FontCache3.0.0.0 - ok
14:16:31.0969 6244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:16:31.0971 6244 FsDepends - ok
14:16:31.0975 6244 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:16:31.0976 6244 Fs_Rec - ok
14:16:31.0985 6244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:16:31.0987 6244 fvevol - ok
14:16:31.0993 6244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:16:31.0994 6244 gagp30kx - ok
14:16:32.0002 6244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:32.0002 6244 GEARAspiWDM - ok
14:16:32.0025 6244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:16:32.0029 6244 gpsvc - ok
14:16:32.0035 6244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:16:32.0037 6244 hcw85cir - ok
14:16:32.0047 6244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:16:32.0052 6244 HdAudAddService - ok
14:16:32.0061 6244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:16:32.0062 6244 HDAudBus - ok
14:16:32.0070 6244 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
14:16:32.0071 6244 HECIx64 - ok
14:16:32.0077 6244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:16:32.0079 6244 HidBatt - ok
14:16:32.0085 6244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:16:32.0087 6244 HidBth - ok
14:16:32.0094 6244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:16:32.0095 6244 HidIr - ok
14:16:32.0101 6244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:16:32.0104 6244 hidserv - ok
14:16:32.0113 6244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:16:32.0115 6244 HidUsb - ok
14:16:32.0121 6244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:16:32.0129 6244 hkmsvc - ok
14:16:32.0137 6244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:16:32.0142 6244 HomeGroupListener - ok
14:16:32.0148 6244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:16:32.0150 6244 HomeGroupProvider - ok
14:16:32.0168 6244 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:16:32.0170 6244 hpqcxs08 - ok
14:16:32.0188 6244 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:16:32.0189 6244 hpqddsvc - ok
14:16:32.0196 6244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:16:32.0199 6244 HpSAMD - ok
14:16:32.0231 6244 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:16:32.0237 6244 HPSLPSVC - ok
14:16:32.0252 6244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:16:32.0258 6244 HTTP - ok
14:16:32.0264 6244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:16:32.0265 6244 hwpolicy - ok
14:16:32.0273 6244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:16:32.0275 6244 i8042prt - ok
14:16:32.0289 6244 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
14:16:32.0292 6244 iaStor - ok
14:16:32.0300 6244 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:16:32.0300 6244 IAStorDataMgrSvc - ok
14:16:32.0314 6244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:16:32.0318 6244 iaStorV - ok
14:16:32.0332 6244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:16:32.0338 6244 idsvc - ok
14:16:32.0355 6244 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120406.002\IDSvia64.sys
14:16:32.0357 6244 IDSVia64 - ok
14:16:32.0362 6244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:16:32.0364 6244 iirsp - ok
14:16:32.0382 6244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:16:32.0387 6244 IKEEXT - ok
14:16:32.0398 6244 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
14:16:32.0401 6244 Impcd - ok
14:16:32.0444 6244 IntcAzAudAddService (9aa1e982bc10176ce316aadfbd5c28f5) C:\Windows\system32\drivers\RTKVHD64.sys
14:16:32.0457 6244 IntcAzAudAddService - ok
14:16:32.0468 6244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:16:32.0469 6244 intelide - ok
14:16:32.0478 6244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:16:32.0478 6244 intelppm - ok
14:16:32.0485 6244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:16:32.0486 6244 IPBusEnum - ok
14:16:32.0495 6244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:32.0498 6244 IpFilterDriver - ok
14:16:32.0510 6244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:16:32.0513 6244 iphlpsvc - ok
14:16:32.0520 6244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:16:32.0523 6244 IPMIDRV - ok
14:16:32.0529 6244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:16:32.0531 6244 IPNAT - ok
14:16:32.0537 6244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:16:32.0538 6244 IRENUM - ok
14:16:32.0545 6244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:16:32.0547 6244 isapnp - ok
14:16:32.0555 6244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:16:32.0559 6244 iScsiPrt - ok
14:16:32.0572 6244 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
14:16:32.0573 6244 ivusb - ok
14:16:32.0579 6244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:16:32.0580 6244 kbdclass - ok
14:16:32.0588 6244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:16:32.0589 6244 kbdhid - ok
14:16:32.0594 6244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:32.0595 6244 KeyIso - ok
14:16:32.0603 6244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:16:32.0604 6244 KSecDD - ok
14:16:32.0611 6244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:16:32.0613 6244 KSecPkg - ok
14:16:32.0619 6244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:16:32.0620 6244 ksthunk - ok
14:16:32.0630 6244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:16:32.0640 6244 KtmRm - ok
14:16:32.0646 6244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:16:32.0648 6244 LanmanServer - ok
14:16:32.0654 6244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:16:32.0656 6244 LanmanWorkstation - ok
14:16:32.0663 6244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:16:32.0664 6244 lltdio - ok
14:16:32.0671 6244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:16:32.0676 6244 lltdsvc - ok
14:16:32.0679 6244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:16:32.0680 6244 lmhosts - ok
14:16:32.0687 6244 LMS (ad1cf8471b06badb93d87cc4d63b8483) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:16:32.0688 6244 LMS - ok
14:16:32.0695 6244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:16:32.0697 6244 LSI_FC - ok
14:16:32.0701 6244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:16:32.0704 6244 LSI_SAS - ok
14:16:32.0708 6244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:16:32.0710 6244 LSI_SAS2 - ok
14:16:32.0715 6244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:16:32.0718 6244 LSI_SCSI - ok
14:16:32.0724 6244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:16:32.0727 6244 luafv - ok
14:16:32.0733 6244 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:16:32.0733 6244 MBAMProtector - ok
14:16:32.0744 6244 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:16:32.0749 6244 MBAMService - ok
14:16:32.0754 6244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:16:32.0755 6244 Mcx2Svc - ok
14:16:32.0759 6244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:16:32.0761 6244 megasas - ok
14:16:32.0772 6244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:16:32.0775 6244 MegaSR - ok
14:16:32.0780 6244 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\4452.tmp
14:16:32.0785 6244 MEMSWEEP2 - ok
14:16:32.0791 6244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:16:32.0792 6244 MMCSS - ok
14:16:32.0796 6244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:16:32.0797 6244 Modem - ok
14:16:32.0802 6244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:16:32.0802 6244 monitor - ok
14:16:32.0808 6244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:16:32.0808 6244 mouclass - ok
14:16:32.0813 6244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:16:32.0815 6244 mouhid - ok
14:16:32.0819 6244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:16:32.0820 6244 mountmgr - ok
14:16:32.0827 6244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:16:32.0828 6244 mpio - ok
14:16:32.0833 6244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:16:32.0835 6244 mpsdrv - ok
14:16:32.0853 6244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:16:32.0858 6244 MpsSvc - ok
14:16:32.0863 6244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:16:32.0866 6244 MRxDAV - ok
14:16:32.0872 6244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:32.0874 6244 mrxsmb - ok
14:16:32.0882 6244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:32.0884 6244 mrxsmb10 - ok
14:16:32.0889 6244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:32.0891 6244 mrxsmb20 - ok
14:16:32.0895 6244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:16:32.0897 6244 msahci - ok
14:16:32.0901 6244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:16:32.0904 6244 msdsm - ok
14:16:32.0908 6244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:16:32.0911 6244 MSDTC - ok
14:16:32.0917 6244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:16:32.0919 6244 Msfs - ok
14:16:32.0923 6244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:16:32.0925 6244 mshidkmdf - ok
14:16:32.0929 6244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:16:32.0929 6244 msisadrv - ok
14:16:32.0936 6244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:16:32.0943 6244 MSiSCSI - ok
14:16:32.0946 6244 msiserver - ok
14:16:32.0951 6244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:16:32.0952 6244 MSKSSRV - ok
14:16:32.0956 6244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:32.0957 6244 MSPCLOCK - ok
14:16:32.0961 6244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:16:32.0962 6244 MSPQM - ok
14:16:32.0971 6244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:16:32.0974 6244 MsRPC - ok
14:16:32.0980 6244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:16:32.0980 6244 mssmbios - ok
14:16:32.0986 6244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:16:32.0989 6244 MSTEE - ok
14:16:32.0992 6244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:16:32.0993 6244 MTConfig - ok
14:16:32.0997 6244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:16:32.0998 6244 Mup - ok
14:16:33.0005 6244 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
14:16:33.0006 6244 N360 - ok
14:16:33.0016 6244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:16:33.0019 6244 napagent - ok
14:16:33.0029 6244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:16:33.0031 6244 NativeWifiP - ok
14:16:33.0040 6244 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120409.001\ENG64.SYS
14:16:33.0040 6244 NAVENG - ok
14:16:33.0067 6244 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120409.001\EX64.SYS
14:16:33.0075 6244 NAVEX15 - ok
14:16:33.0096 6244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:16:33.0101 6244 NDIS - ok
14:16:33.0105 6244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:16:33.0107 6244 NdisCap - ok
14:16:33.0112 6244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:33.0113 6244 NdisTapi - ok
14:16:33.0118 6244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:33.0120 6244 Ndisuio - ok
14:16:33.0126 6244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:33.0129 6244 NdisWan - ok
14:16:33.0133 6244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:16:33.0135 6244 NDProxy - ok
14:16:33.0141 6244 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:16:33.0142 6244 Net Driver HPZ12 - ok
14:16:33.0147 6244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:16:33.0149 6244 NetBIOS - ok
14:16:33.0156 6244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:16:33.0158 6244 NetBT - ok
14:16:33.0161 6244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:33.0162 6244 Netlogon - ok
14:16:33.0173 6244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:16:33.0175 6244 Netman - ok
14:16:33.0182 6244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:16:33.0187 6244 netprofm - ok
14:16:33.0196 6244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:16:33.0198 6244 NetTcpPortSharing - ok
14:16:33.0271 6244 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:16:33.0321 6244 NETw5s64 - ok
14:16:33.0328 6244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:16:33.0330 6244 nfrd960 - ok
14:16:33.0340 6244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:16:33.0342 6244 NlaSvc - ok
14:16:33.0346 6244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:16:33.0348 6244 Npfs - ok
14:16:33.0352 6244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:16:33.0353 6244 nsi - ok
14:16:33.0358 6244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:16:33.0359 6244 nsiproxy - ok
14:16:33.0385 6244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:16:33.0398 6244 Ntfs - ok
14:16:33.0403 6244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:16:33.0404 6244 Null - ok
14:16:33.0411 6244 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
14:16:33.0412 6244 NVHDA - ok
14:16:33.0527 6244 nvlddmkm (23183c4149547d21b5cb9f7aee3775b0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:16:33.0570 6244 nvlddmkm - ok
14:16:33.0580 6244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:16:33.0583 6244 nvraid - ok
14:16:33.0591 6244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:16:33.0594 6244 nvstor - ok
14:16:33.0603 6244 nvsvc (cb3814ed7b97cc2d9315cbe7731f018e) C:\Windows\system32\nvvsvc.exe
14:16:33.0606 6244 nvsvc - ok
14:16:33.0611 6244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:16:33.0614 6244 nv_agp - ok
14:16:33.0622 6244 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:16:33.0627 6244 odserv - ok
14:16:33.0632 6244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:16:33.0634 6244 ohci1394 - ok
14:16:33.0640 6244 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:33.0642 6244 ose - ok
14:16:33.0651 6244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:16:33.0655 6244 p2pimsvc - ok
14:16:33.0662 6244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:16:33.0669 6244 p2psvc - ok
14:16:33.0675 6244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:16:33.0677 6244 Parport - ok
14:16:33.0682 6244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:16:33.0683 6244 partmgr - ok
14:16:33.0688 6244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:16:33.0691 6244 PcaSvc - ok
14:16:33.0696 6244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:16:33.0698 6244 pci - ok
14:16:33.0702 6244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:16:33.0704 6244 pciide - ok
14:16:33.0711 6244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:16:33.0714 6244 pcmcia - ok
14:16:33.0718 6244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:16:33.0719 6244 pcw - ok
14:16:33.0733 6244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:16:33.0736 6244 PEAUTH - ok
14:16:33.0757 6244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:16:33.0760 6244 PerfHost - ok
14:16:33.0782 6244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:16:33.0806 6244 pla - ok
14:16:33.0817 6244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:16:33.0820 6244 PlugPlay - ok
14:16:33.0833 6244 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:16:33.0835 6244 PMBDeviceInfoProvider - ok
14:16:33.0843 6244 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:16:33.0845 6244 Pml Driver HPZ12 - ok
14:16:33.0848 6244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:16:33.0855 6244 PNRPAutoReg - ok
14:16:33.0859 6244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:16:33.0862 6244 PNRPsvc - ok
14:16:33.0873 6244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:16:33.0876 6244 PolicyAgent - ok
14:16:33.0883 6244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:16:33.0885 6244 Power - ok
14:16:33.0890 6244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:16:33.0892 6244 PptpMiniport - ok
14:16:33.0897 6244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:16:33.0898 6244 Processor - ok
14:16:33.0904 6244 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:16:33.0907 6244 ProfSvc - ok
14:16:33.0911 6244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:33.0912 6244 ProtectedStorage - ok
14:16:33.0919 6244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:16:33.0920 6244 Psched - ok
14:16:33.0926 6244 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
14:16:33.0927 6244 PxHlpa64 - ok
14:16:33.0943 6244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:16:33.0960 6244 ql2300 - ok
14:16:33.0965 6244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:16:33.0967 6244 ql40xx - ok
14:16:33.0974 6244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:16:33.0978 6244 QWAVE - ok
14:16:33.0982 6244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:16:33.0983 6244 QWAVEdrv - ok
14:16:33.0987 6244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:16:33.0989 6244 RasAcd - ok
14:16:33.0995 6244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:16:33.0996 6244 RasAgileVpn - ok
14:16:34.0001 6244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:16:34.0008 6244 RasAuto - ok
14:16:34.0015 6244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:34.0017 6244 Rasl2tp - ok
14:16:34.0024 6244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:16:34.0026 6244 RasMan - ok
14:16:34.0031 6244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:34.0032 6244 RasPppoe - ok
14:16:34.0038 6244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:16:34.0039 6244 RasSstp - ok
14:16:34.0046 6244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:16:34.0049 6244 rdbss - ok
14:16:34.0053 6244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:16:34.0054 6244 rdpbus - ok
14:16:34.0059 6244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:34.0059 6244 RDPCDD - ok
14:16:34.0064 6244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:16:34.0065 6244 RDPENCDD - ok
14:16:34.0070 6244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:16:34.0071 6244 RDPREFMP - ok
14:16:34.0077 6244 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:16:34.0084 6244 RDPWD - ok
14:16:34.0090 6244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:16:34.0092 6244 rdyboost - ok
14:16:34.0108 6244 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:16:34.0112 6244 RegSrvc - ok
14:16:34.0117 6244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:16:34.0123 6244 RemoteAccess - ok
14:16:34.0129 6244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:16:34.0138 6244 RemoteRegistry - ok
14:16:34.0145 6244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:16:34.0147 6244 RFCOMM - ok
14:16:34.0153 6244 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
14:16:34.0154 6244 rimspci - ok
14:16:34.0160 6244 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:16:34.0162 6244 RimUsb - ok
14:16:34.0167 6244 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:16:34.0168 6244 RimVSerPort - ok
14:16:34.0173 6244 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
14:16:34.0175 6244 risdsnpe - ok
14:16:34.0178 6244 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:16:34.0179 6244 ROOTMODEM - ok
14:16:34.0185 6244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:16:34.0186 6244 RpcEptMapper - ok
14:16:34.0190 6244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:16:34.0192 6244 RpcLocator - ok
14:16:34.0200 6244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:16:34.0203 6244 RpcSs - ok
14:16:34.0208 6244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:16:34.0209 6244 rspndr - ok
14:16:34.0215 6244 RtkAudioService (b7fcc2d5b1dd8898bc00056cbfba46b8) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:16:34.0217 6244 RtkAudioService - ok
14:16:34.0221 6244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:34.0222 6244 SamSs - ok
14:16:34.0228 6244 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:16:34.0228 6244 SASDIFSV - ok
14:16:34.0234 6244 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:16:34.0234 6244 SASKUTIL - ok
14:16:34.0239 6244 SAVRKBootTasks - ok
14:16:34.0245 6244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:16:34.0247 6244 sbp2port - ok
14:16:34.0253 6244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:16:34.0261 6244 SCardSvr - ok
14:16:34.0266 6244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:16:34.0267 6244 scfilter - ok
14:16:34.0282 6244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:16:34.0288 6244 Schedule - ok
14:16:34.0294 6244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:16:34.0295 6244 SCPolicySvc - ok
14:16:34.0300 6244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:16:34.0302 6244 sdbus - ok
14:16:34.0307 6244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:16:34.0311 6244 SDRSVC - ok
14:16:34.0319 6244 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:16:34.0321 6244 SeaPort - ok
14:16:34.0326 6244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:16:34.0328 6244 secdrv - ok
14:16:34.0332 6244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:16:34.0333 6244 seclogon - ok
14:16:34.0338 6244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:16:34.0339 6244 SENS - ok
14:16:34.0344 6244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:16:34.0350 6244 SensrSvc - ok
14:16:34.0353 6244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:16:34.0355 6244 Serenum - ok
14:16:34.0360 6244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:16:34.0362 6244 Serial - ok
14:16:34.0366 6244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:16:34.0368 6244 sermouse - ok
14:16:34.0377 6244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:16:34.0379 6244 SessionEnv - ok
14:16:34.0384 6244 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
14:16:34.0385 6244 SFEP - ok
14:16:34.0390 6244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:16:34.0391 6244 sffdisk - ok
14:16:34.0395 6244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:16:34.0396 6244 sffp_mmc - ok
14:16:34.0399 6244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:16:34.0401 6244 sffp_sd - ok
14:16:34.0405 6244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:16:34.0406 6244 sfloppy - ok
14:16:34.0416 6244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:16:34.0419 6244 SharedAccess - ok
14:16:34.0427 6244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:16:34.0430 6244 ShellHWDetection - ok
14:16:34.0434 6244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:16:34.0436 6244 SiSRaid2 - ok
14:16:34.0441 6244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:16:34.0442 6244 SiSRaid4 - ok
14:16:34.0448 6244 SlingAgentService (e15176399af40b56ac09a823708b85d7) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
14:16:34.0448 6244 SlingAgentService - ok
14:16:34.0453 6244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:16:34.0455 6244 Smb - ok
14:16:34.0462 6244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:16:34.0464 6244 SNMPTRAP - ok
14:16:34.0470 6244 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:16:34.0489 6244 SOHCImp - ok
14:16:34.0502 6244 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
14:16:34.0521 6244 SOHDms - ok
14:16:34.0524 6244 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:16:34.0539 6244 SOHDs - ok
14:16:34.0546 6244 SpfService (5449fc97476f52e027409e703791e6a9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
14:16:34.0547 6244 SpfService - ok
14:16:34.0552 6244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:16:34.0554 6244 spldr - ok
14:16:34.0562 6244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:16:34.0568 6244 Spooler - ok
14:16:34.0611 6244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:16:34.0630 6244 sppsvc - ok
14:16:34.0636 6244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:16:34.0643 6244 sppuinotify - ok
14:16:34.0655 6244 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
14:16:34.0657 6244 SRTSP - ok
14:16:34.0663 6244 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
14:16:34.0663 6244 SRTSPX - ok
14:16:34.0677 6244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:16:34.0680 6244 srv - ok
14:16:34.0688 6244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:16:34.0692 6244 srv2 - ok
14:16:34.0698 6244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:16:34.0700 6244 srvnet - ok
14:16:34.0708 6244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:16:34.0711 6244 SSDPSRV - ok
14:16:34.0716 6244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:16:34.0717 6244 SstpSvc - ok
14:16:34.0721 6244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:16:34.0724 6244 stexstor - ok
14:16:34.0730 6244 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:16:34.0731 6244 StillCam - ok
14:16:34.0744 6244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:16:34.0748 6244 stisvc - ok
14:16:34.0752 6244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:16:34.0753 6244 swenum - ok
14:16:34.0764 6244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:16:34.0768 6244 swprv - ok
14:16:34.0782 6244 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
14:16:34.0785 6244 SymDS - ok
14:16:34.0793 6244 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
14:16:34.0794 6244 SymEFA - ok
14:16:34.0801 6244 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:16:34.0802 6244 SymEvent - ok
14:16:34.0808 6244 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) C:\Windows\system32\DRIVERS\SymIMv.sys
14:16:34.0809 6244 SymIM - ok
14:16:34.0815 6244 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
14:16:34.0816 6244 SymIRON - ok
14:16:34.0827 6244 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
14:16:34.0829 6244 SYMTDIv - ok
14:16:34.0838 6244 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys
14:16:34.0840 6244 SynTP - ok
14:16:34.0871 6244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:16:34.0880 6244 SysMain - ok
14:16:34.0886 6244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:16:34.0894 6244 TabletInputService - ok
14:16:34.0901 6244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:16:34.0905 6244 TapiSrv - ok
14:16:34.0910 6244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:16:34.0912 6244 TBS - ok
14:16:34.0946 6244 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:16:34.0955 6244 Tcpip - ok
14:16:34.0969 6244 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:16:34.0977 6244 TCPIP6 - ok
14:16:34.0983 6244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:16:34.0985 6244 tcpipreg - ok
14:16:34.0990 6244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:16:34.0992 6244 TDPIPE - ok
14:16:34.0996 6244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:16:34.0997 6244 TDTCP - ok
14:16:35.0002 6244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:16:35.0004 6244 tdx - ok
14:16:35.0008 6244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:16:35.0009 6244 TermDD - ok
14:16:35.0018 6244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:16:35.0025 6244 TermService - ok
14:16:35.0029 6244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:16:35.0030 6244 Themes - ok
14:16:35.0035 6244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:16:35.0037 6244 THREADORDER - ok
14:16:35.0041 6244 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
14:16:35.0043 6244 TPM - ok
14:16:35.0048 6244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:16:35.0049 6244 TrkWks - ok
14:16:35.0055 6244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:16:35.0057 6244 TrustedInstaller - ok
14:16:35.0063 6244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:16:35.0064 6244 tssecsrv - ok
14:16:35.0069 6244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:16:35.0071 6244 TsUsbFlt - ok
14:16:35.0077 6244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:16:35.0079 6244 tunnel - ok
14:16:35.0083 6244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:16:35.0085 6244 uagp35 - ok
14:16:35.0091 6244 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:16:35.0092 6244 uCamMonitor - ok
14:16:35.0101 6244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:16:35.0104 6244 udfs - ok
14:16:35.0111 6244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:16:35.0114 6244 UI0Detect - ok
14:16:35.0118 6244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:16:35.0121 6244 uliagpkx - ok
14:16:35.0126 6244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:16:35.0127 6244 umbus - ok
14:16:35.0132 6244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:16:35.0133 6244 UmPass - ok
14:16:35.0162 6244 UNS (ad88af249abdc546151f9bfc4093fa9b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:16:35.0179 6244 UNS - ok
14:16:35.0188 6244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:16:35.0191 6244 upnphost - ok
14:16:35.0196 6244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:16:35.0198 6244 usbccgp - ok
14:16:35.0203 6244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:16:35.0205 6244 usbcir - ok
14:16:35.0210 6244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:16:35.0212 6244 usbehci - ok
14:16:35.0219 6244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:16:35.0222 6244 usbhub - ok
14:16:35.0227 6244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:16:35.0228 6244 usbohci - ok
14:16:35.0233 6244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:16:35.0235 6244 usbprint - ok
14:16:35.0240 6244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:16:35.0241 6244 USBSTOR - ok
14:16:35.0246 6244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:16:35.0247 6244 usbuhci - ok
14:16:35.0253 6244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:16:35.0256 6244 usbvideo - ok
14:16:35.0261 6244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:16:35.0262 6244 UxSms - ok
14:16:35.0268 6244 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
14:16:35.0269 6244 VAIO Event Service - ok
14:16:35.0282 6244 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:16:35.0285 6244 VAIO Power Management - ok
14:16:35.0290 6244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:35.0291 6244 VaultSvc - ok
14:16:35.0311 6244 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:16:35.0315 6244 VCFw - ok
14:16:35.0327 6244 VcmIAlzMgr (f0672b2368e859284a4c44ae2cca4c72) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:16:35.0348 6244 VcmIAlzMgr - ok
14:16:35.0357 6244 VcmINSMgr (e005b04dfca99f5880c5111933194ca9) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
14:16:35.0370 6244 VcmINSMgr - ok
14:16:35.0374 6244 VcmXmlIfHelper (c8e3ba694cc5eacec4c01660ace40d56) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
14:16:35.0381 6244 VcmXmlIfHelper - ok
14:16:35.0385 6244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:16:35.0386 6244 vdrvroot - ok
14:16:35.0398 6244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:16:35.0402 6244 vds - ok
14:16:35.0407 6244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:16:35.0409 6244 vga - ok
14:16:35.0413 6244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:16:35.0414 6244 VgaSave - ok
14:16:35.0420 6244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:16:35.0423 6244 vhdmp - ok
14:16:35.0427 6244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:16:35.0429 6244 viaide - ok
14:16:35.0434 6244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:16:35.0435 6244 volmgr - ok
14:16:35.0442 6244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:16:35.0446 6244 volmgrx - ok
14:16:35.0453 6244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:16:35.0455 6244 volsnap - ok
14:16:35.0461 6244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:16:35.0464 6244 vsmraid - ok
14:16:35.0482 6244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:16:35.0494 6244 VSS - ok
14:16:35.0520 6244 VUAgent (e55a44d8f9f713d5f5d5bbaef2ba0a34) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
14:16:35.0525 6244 VUAgent - ok
14:16:35.0530 6244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:16:35.0530 6244 vwifibus - ok
14:16:35.0536 6244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:16:35.0537 6244 vwififlt - ok
14:16:35.0541 6244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:16:35.0541 6244 vwifimp - ok
14:16:35.0550 6244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:16:35.0555 6244 W32Time - ok
14:16:35.0561 6244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:16:35.0563 6244 WacomPen - ok
14:16:35.0570 6244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:35.0572 6244 WANARP - ok
14:16:35.0575 6244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:35.0576 6244 Wanarpv6 - ok
14:16:35.0599 6244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:16:35.0606 6244 WatAdminSvc - ok
14:16:35.0631 6244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:16:35.0640 6244 wbengine - ok
14:16:35.0647 6244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:16:35.0649 6244 WbioSrvc - ok
14:16:35.0656 6244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:16:35.0660 6244 wcncsvc - ok
14:16:35.0664 6244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:16:35.0671 6244 WcsPlugInService - ok
14:16:35.0676 6244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:16:35.0677 6244 Wd - ok
14:16:35.0693 6244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:16:35.0696 6244 Wdf01000 - ok
14:16:35.0700 6244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:35.0702 6244 WdiServiceHost - ok
14:16:35.0705 6244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:35.0707 6244 WdiSystemHost - ok
14:16:35.0713 6244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:16:35.0718 6244 WebClient - ok
14:16:35.0724 6244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:16:35.0732 6244 Wecsvc - ok
14:16:35.0736 6244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:16:35.0738 6244 wercplsupport - ok
14:16:35.0743 6244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:16:35.0745 6244 WerSvc - ok
14:16:35.0750 6244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:16:35.0751 6244 WfpLwf - ok
14:16:35.0754 6244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:16:35.0756 6244 WIMMount - ok
14:16:35.0759 6244 WinDefend - ok
14:16:35.0762 6244 WinHttpAutoProxySvc - ok
14:16:35.0774 6244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:16:35.0775 6244 Winmgmt - ok
14:16:35.0800 6244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:16:35.0822 6244 WinRM - ok
14:16:35.0832 6244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:16:35.0833 6244 WinUsb - ok
14:16:35.0852 6244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:16:35.0857 6244 Wlansvc - ok
14:16:35.0885 6244 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:16:35.0905 6244 wlidsvc - ok
14:16:35.0911 6244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:16:35.0912 6244 WmiAcpi - ok
14:16:35.0927 6244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:16:35.0930 6244 wmiApSrv - ok
14:16:35.0933 6244 WMPNetworkSvc - ok
14:16:35.0938 6244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:16:35.0944 6244 WPCSvc - ok
14:16:35.0950 6244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:16:35.0952 6244 WPDBusEnum - ok
14:16:35.0956 6244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:16:35.0957 6244 ws2ifsl - ok
14:16:35.0963 6244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:16:35.0966 6244 wscsvc - ok
14:16:35.0972 6244 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:16:35.0974 6244 WSDPrintDevice - ok
14:16:35.0978 6244 WSearch - ok
14:16:36.0024 6244 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:16:36.0038 6244 wuauserv - ok
14:16:36.0048 6244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:16:36.0050 6244 WudfPf - ok
14:16:36.0058 6244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:36.0060 6244 WUDFRd - ok
14:16:36.0067 6244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:16:36.0069 6244 wudfsvc - ok
14:16:36.0077 6244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:16:36.0086 6244 WwanSvc - ok
14:16:36.0095 6244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:16:36.0099 6244 \Device\Harddisk0\DR0 - ok
14:16:36.0106 6244 MBR (0x1B8) (a68f0cc68b053c5df3b294649bfd9640) \Device\Harddisk1\DR1
14:16:36.0124 6244 \Device\Harddisk1\DR1 - ok
14:16:36.0126 6244 Boot (0x1200) (67bb7bc16fce97cb0e3f4358aeb391d3) \Device\Harddisk0\DR0\Partition0
14:16:36.0127 6244 \Device\Harddisk0\DR0\Partition0 - ok
14:16:36.0129 6244 Boot (0x1200) (0099051d7596f1fb0b47bab273357c5a) \Device\Harddisk0\DR0\Partition1
14:16:36.0130 6244 \Device\Harddisk0\DR0\Partition1 - ok
14:16:36.0130 6244 ============================================================
14:16:36.0130 6244 Scan finished
14:16:36.0130 6244 ============================================================
14:16:36.0137 7676 Detected object count: 0
14:16:36.0137 7676 Actual detected object count: 0


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 14:20:50
-----------------------------
14:20:50.722 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:50.722 Number of processors: 4 586 0x2505
14:20:50.723 ComputerName: HOLZ-VAIO_Z UserName: Holz
14:20:51.081 Initialize success
14:39:07.426 AVAST engine defs: 12040901
14:39:55.135 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:39:55.139 Disk 0 Vendor: Intel___ 1.0. Size: 244204MB BusType: 8
14:39:55.143 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000096
14:39:55.147 Disk 1 Vendor: RICOH 02 Size: 1919MB BusType: 0
14:39:55.151 Disk 0 MBR read successfully
14:39:55.154 Disk 0 MBR scan
14:39:55.161 Disk 0 Windows 7 default MBR code
14:39:55.165 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13615 MB offset 2048
14:39:55.173 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27885568
14:39:55.181 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230487 MB offset 28090368
14:39:55.193 Disk 0 scanning C:\Windows\system32\drivers
14:40:00.039 Service scanning
14:40:09.904 Modules scanning
14:40:09.919 Disk 0 trace - called modules:
14:40:09.932 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:40:09.941 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80098dc060]
14:40:09.948 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078c9050]
14:40:10.354 AVAST engine scan C:\Windows
14:40:13.665 AVAST engine scan C:\Windows\system32
14:42:00.887 AVAST engine scan C:\Windows\system32\drivers
14:42:09.478 AVAST engine scan C:\Users\Holz
14:43:28.580 AVAST engine scan C:\ProgramData
14:45:15.880 Scan finished successfully
14:45:32.656 Disk 0 MBR has been saved successfully to "C:\Users\Holz\Desktop\MBR.dat"
14:45:32.661 The log file has been saved successfully to "C:\Users\Holz\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 09 April 2012 - 06:39 PM

Hello

I want you to uninstall FireFox and when asked about user data or settings I want that removed also

Then reinstall it and see if it is still being redirected



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 April 2012 - 10:01 PM

Gringo... so far so good! I uninstalled and reinstalled firefox with no settings, and then also ran combofix again with that script. I'll keep using my computer and see what happens. Thanks! Here is the log:

combofix

ComboFix 12-04-09.05 - Holz 04/09/2012 19:50:49.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7862.5847 [GMT -7:00]
Running from: c:\download\ComboFix.exe
Command switches used :: c:\users\Holz\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 02:53 . 2012-04-10 02:53 -------- d-----w- c:\users\Mcx1-HOLZ-VAIO_Z\AppData\Local\temp
2012-04-10 02:53 . 2012-04-10 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 02:53 . 2012-04-10 02:53 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-04-10 02:35 . 2012-04-10 02:35 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-07 22:53 . 2012-04-07 22:54 -------- d-----w- c:\program files\HitmanPro
2012-04-07 22:53 . 2012-04-07 22:54 -------- d-----w- c:\programdata\HitmanPro
2012-04-07 22:27 . 2012-04-07 22:27 -------- d-----w- c:\users\Holz\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 22:26 . 2012-04-07 22:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-07 22:26 . 2012-04-07 22:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-07 22:23 . 2011-05-12 21:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-04-07 22:12 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\4452.tmp
2012-04-07 22:12 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\E560.tmp
2012-04-07 21:35 . 2012-04-07 21:35 -------- d-----w- c:\programdata\Sophos
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-07 21:34 . 2012-04-07 21:34 73728 ----a-r- c:\users\Holz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-04-07 21:34 . 2012-04-07 22:12 -------- d-----w- c:\program files (x86)\Sophos
2012-04-07 21:02 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDA955DD-9C73-4DCF-980B-65E4F665EA03}\mpengine.dll
2012-04-05 02:31 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 01:06 . 2012-04-05 01:06 -------- d-----w- c:\users\Holz\AppData\Local\Symantec
2012-04-04 22:05 . 2012-04-04 22:05 -------- d-----w- c:\users\Holz\AppData\Roaming\Malwarebytes
2012-04-04 22:05 . 2012-04-04 22:05 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 22:05 . 2012-04-05 02:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:10 . 2012-03-24 16:10 -------- d-----w- c:\users\Holz\AppData\Local\PackageAware
2012-03-16 02:50 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-16 02:50 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-16 02:50 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 02:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-16 02:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-16 02:48 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 02:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-16 02:48 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 02:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-16 02:48 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 02:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-16 02:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-16 02:48 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2011-02-09 05:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 04:03 . 2011-05-17 17:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_18.01.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-10 19:29 . 2012-04-10 02:37 58502 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 02:37 36196 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-09 03:56 . 2012-04-08 21:14 10636 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2570768703-1593549613-3294618608-1006_UserData.bin
+ 2011-02-09 03:56 . 2012-04-10 02:37 10636 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2570768703-1593549613-3294618608-1006_UserData.bin
- 2011-02-02 09:48 . 2012-04-07 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 09:48 . 2012-04-09 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 09:48 . 2012-04-09 21:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 09:48 . 2012-04-07 21:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-09 17:12 . 2012-04-09 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 02:35 . 2012-04-10 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 02:35 . 2012-04-10 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 17:12 . 2012-04-09 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-09 17:19 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 02:42 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 02:42 107600 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-09 17:19 107600 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-09 06:53 420760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-10 02:34 420760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-02 11:02 . 2012-04-09 06:53 5624816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-02 11:02 . 2012-04-10 02:34 5624816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-09 06:23 . 2012-04-10 02:34 12723824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2570768703-1593549613-3294618608-1006-12288.dat
- 2011-02-09 06:23 . 2012-04-09 06:53 12723824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2570768703-1593549613-3294618608-1006-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-07-09 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4452.tmp [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-07 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-06-18 190496]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570768703-1593549613-3294618608-1006Core.job
- c:\users\Holz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 03:28]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570768703-1593549613-3294618608-1006UA.job
- c:\users\Holz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 03:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 410136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-04 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-18 9962016]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2010-06-18 475680]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Holz\AppData\Roaming\Mozilla\Firefox\Profiles\anm51kip.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4452.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-09 19:55:21
ComboFix-quarantined-files.txt 2012-04-10 02:55
ComboFix2.txt 2012-04-09 18:03
.
Pre-Run: 153,212,968,960 bytes free
Post-Run: 153,300,676,608 bytes free
.
- - End Of File - - 156BFAF4639020DD5C0FB3E6E3A6CDD5

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 09 April 2012 - 10:14 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.2
Java™ 6 Update 20
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.





Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 April 2012 - 10:40 PM

Hey! Here are the next 2 logs... What type of P2P items do you see on my system?

Thanks!



Malwarebytes


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Holz :: HOLZ-VAIO_Z [administrator]

Protection: Disabled

4/9/2012 8:32:31 PM
mbam-log-2012-04-09 (20-32-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 234126
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:55 PM, on 4/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12706 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 09 April 2012 - 10:46 PM

Greetings

Sorry about that , it was a copy and paste error

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
      O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
      O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 10 April 2012 - 01:13 AM

Hey! Here are the ESET results:

No threats found.
Scanned Files: 174905
Infected Files: 0
Cleaned Files: 0
Total Scan Time: 01:54:38
Scan Status: Finished

Lemme know what to do next!

Thanks.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 10 April 2012 - 05:47 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tango15000

tango15000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 10 April 2012 - 11:40 AM

THANKS SO MUCH!!!! everything seems to be ok! i appreciate it. :-)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 10 April 2012 - 05:58 PM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users