Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AD/GOOGLE REDIRECT? VIRUS! HELP!!


  • This topic is locked This topic is locked
15 replies to this topic

#1 turtle0423

turtle0423

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 03:59 AM

For the past two days, there were some weird popups of fake ads coming from my sony vaio computer.... I tried to find a way to get rid of them but it didn't work... then yesterday I see that there's this weird green page that says redirecting which leads to different types of advertisement pages that include but not limited to jobsearch.monster.com, newsfudge.com, and some weird IP address numbers that were embedded in at the beginning of a website.... This often happened when I was trying to access a page to google and yahoo

I looked it up and the best result I got was the Google Redirect Virus however, I tried the solutions suggested by people such as CCleaner, Kapersky TTDS Killer and Malwarebytes (both found infected files to delete but did not delete the virus), and then went Safe Mode with Networking to end processes (I could not find the virus processes, all of them seemed normal),going to hosts to note pad and find any IP Addresses other than the usual 127.0.0.1 (but this was the IP Address that I found), and tried to find drivers via Device Manager to delete the virus (no results)...

I posted on Am I Infected? Topic regarding this problem and narenxp saw my Kapersky TTDS and Avast Engine log then told me that there needs to be advanced tools to remove this one as well as referring me to this part of the forum to post a topic regarding my virus problem... If anyone can help that would be really great. Thank You

This link below is the previous post that I posted earlier.

http://www.bleepingcomputer.com/forums/topic462197.html/page__gopid__2777440#entry2777440

TDSS KILLER LOG

00:32:30.0877 5652 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
00:32:31.0438 5652 ============================================================
00:32:31.0438 5652 Current date / time: 2012/07/24 00:32:31.0438
00:32:31.0438 5652 SystemInfo:
00:32:31.0438 5652
00:32:31.0438 5652 OS Version: 6.1.7601 ServicePack: 1.0
00:32:31.0438 5652 Product type: Workstation
00:32:31.0438 5652 ComputerName: CHRISTY_KANG
00:32:31.0438 5652 UserName: Christy Kang
00:32:31.0438 5652 Windows directory: C:\Windows
00:32:31.0438 5652 System windows directory: C:\Windows
00:32:31.0438 5652 Running under WOW64
00:32:31.0438 5652 Processor architecture: Intel x64
00:32:31.0438 5652 Number of processors: 4
00:32:31.0438 5652 Page size: 0x1000
00:32:31.0438 5652 Boot type: Normal boot
00:32:31.0438 5652 ============================================================
00:32:34.0185 5652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:32:34.0200 5652 Drive \Device\Harddisk1\DR1 - Size: 0x74200000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:32:35.0352 5652 ============================================================
00:32:35.0352 5652 \Device\Harddisk0\DR0:
00:32:35.0383 5652 MBR partitions:
00:32:35.0383 5652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1BC5800, BlocksNum 0x32000
00:32:35.0383 5652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF7800, BlocksNum 0x3878E030
00:32:35.0383 5652 \Device\Harddisk1\DR1:
00:32:35.0383 5652 MBR partitions:
00:32:35.0383 5652 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x8D, BlocksNum 0x3A0F73
00:32:35.0383 5652 ============================================================
00:32:35.0463 5652 C: <-> \Device\Harddisk0\DR0\Partition1
00:32:35.0463 5652 ============================================================
00:32:35.0463 5652 Initialize success
00:32:35.0463 5652 ============================================================
00:32:50.0981 5820 ============================================================
00:32:50.0981 5820 Scan started
00:32:50.0981 5820 Mode: Manual; TDLFS;
00:32:50.0981 5820 ============================================================
00:32:52.0541 5820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:32:52.0604 5820 1394ohci - ok
00:32:52.0775 5820 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:32:52.0791 5820 ACDaemon - ok
00:32:53.0072 5820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:32:53.0087 5820 ACPI - ok
00:32:53.0119 5820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:32:53.0119 5820 AcpiPmi - ok
00:32:53.0602 5820 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:53.0618 5820 AdobeFlashPlayerUpdateSvc - ok
00:32:53.0711 5820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:32:53.0711 5820 adp94xx - ok
00:32:53.0789 5820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:32:53.0789 5820 adpahci - ok
00:32:53.0852 5820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:32:53.0867 5820 adpu320 - ok
00:32:53.0899 5820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:32:53.0899 5820 AeLookupSvc - ok
00:32:54.0023 5820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:32:54.0039 5820 AFD - ok
00:32:54.0086 5820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:32:54.0086 5820 agp440 - ok
00:32:54.0117 5820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:32:54.0117 5820 ALG - ok
00:32:54.0148 5820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:32:54.0148 5820 aliide - ok
00:32:54.0195 5820 AMD External Events Utility (7288df84b363113ef5a5e182d48afc2c) C:\Windows\system32\atiesrxx.exe
00:32:54.0195 5820 AMD External Events Utility - ok
00:32:54.0211 5820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:32:54.0226 5820 amdide - ok
00:32:54.0257 5820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:32:54.0257 5820 AmdK8 - ok
00:32:58.0642 5820 amdkmdag (49c7d5f147dadffbed4e746903c7e15a) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:59.0562 5820 amdkmdag - ok
00:33:02.0324 5820 amdkmdap (2b76e84dc24a0ae24a26878acb82b631) C:\Windows\system32\DRIVERS\atikmpag.sys
00:33:02.0324 5820 amdkmdap - ok
00:33:02.0417 5820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:33:02.0417 5820 AmdPPM - ok
00:33:02.0511 5820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:33:02.0511 5820 amdsata - ok
00:33:02.0573 5820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:33:02.0620 5820 amdsbs - ok
00:33:02.0682 5820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:33:02.0682 5820 amdxata - ok
00:33:02.0729 5820 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\AMPPAL.sys
00:33:02.0729 5820 AMPPAL - ok
00:33:02.0729 5820 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\amppal.sys
00:33:02.0729 5820 AMPPALP - ok
00:33:03.0244 5820 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
00:33:03.0260 5820 AMPPALR3 - ok
00:33:04.0086 5820 ApfiltrService (29a7bf049ce611dcc51adecca23a466d) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:33:04.0086 5820 ApfiltrService - ok
00:33:04.0180 5820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:33:04.0180 5820 AppID - ok
00:33:04.0211 5820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:33:04.0211 5820 AppIDSvc - ok
00:33:04.0305 5820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:33:04.0305 5820 Appinfo - ok
00:33:04.0461 5820 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:33:04.0461 5820 Apple Mobile Device - ok
00:33:04.0539 5820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:33:04.0539 5820 arc - ok
00:33:04.0570 5820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:33:04.0570 5820 arcsas - ok
00:33:04.0617 5820 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
00:33:04.0617 5820 ArcSoftKsUFilter - ok
00:33:04.0757 5820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:33:04.0820 5820 aspnet_state - ok
00:33:04.0869 5820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:33:04.0870 5820 AsyncMac - ok
00:33:04.0890 5820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:33:04.0891 5820 atapi - ok
00:33:04.0991 5820 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
00:33:05.0003 5820 athr - ok
00:33:05.0306 5820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:33:05.0323 5820 AudioEndpointBuilder - ok
00:33:05.0328 5820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:33:05.0331 5820 AudioSrv - ok
00:33:05.0369 5820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:33:05.0371 5820 AxInstSV - ok
00:33:05.0453 5820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:33:05.0458 5820 b06bdrv - ok
00:33:05.0555 5820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:33:05.0588 5820 b57nd60a - ok
00:33:05.0683 5820 BBSvc (216ec30beaa9ae6818b21c969500d308) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:33:05.0699 5820 BBSvc - ok
00:33:05.0746 5820 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:33:05.0746 5820 BBUpdate - ok
00:33:05.0777 5820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:33:05.0777 5820 BDESVC - ok
00:33:05.0808 5820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:33:05.0808 5820 Beep - ok
00:33:06.0526 5820 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_6e2\BHDrvx64.sys
00:33:06.0541 5820 BHDrvx64 - ok
00:33:06.0572 5820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:33:06.0572 5820 blbdrive - ok
00:33:07.0368 5820 Bluetooth Device Monitor (e52221ff68aabb5bee32a7dee69e7eab) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
00:33:07.0384 5820 Bluetooth Device Monitor - ok
00:33:07.0867 5820 Bluetooth Media Service (5cfa8896a5e10b226b0606b4c84d97ae) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
00:33:07.0883 5820 Bluetooth Media Service - ok
00:33:08.0070 5820 Bluetooth OBEX Service (03fe8826f70fc84401b554c4004c4593) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
00:33:08.0086 5820 Bluetooth OBEX Service - ok
00:33:08.0351 5820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:33:08.0366 5820 Bonjour Service - ok
00:33:08.0819 5820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:33:08.0834 5820 bowser - ok
00:33:08.0866 5820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:33:08.0866 5820 BrFiltLo - ok
00:33:08.0881 5820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:33:08.0881 5820 BrFiltUp - ok
00:33:08.0928 5820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:33:08.0944 5820 Browser - ok
00:33:08.0990 5820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:33:09.0006 5820 Brserid - ok
00:33:09.0022 5820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:33:09.0022 5820 BrSerWdm - ok
00:33:09.0053 5820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:33:09.0053 5820 BrUsbMdm - ok
00:33:09.0068 5820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:33:09.0068 5820 BrUsbSer - ok
00:33:09.0100 5820 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
00:33:09.0115 5820 BthEnum - ok
00:33:09.0131 5820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:33:09.0131 5820 BTHMODEM - ok
00:33:09.0178 5820 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:33:09.0178 5820 BthPan - ok
00:33:09.0240 5820 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
00:33:09.0240 5820 BTHPORT - ok
00:33:09.0287 5820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:33:09.0287 5820 bthserv - ok
00:33:09.0474 5820 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
00:33:09.0474 5820 BTHSSecurityMgr - ok
00:33:09.0490 5820 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
00:33:09.0490 5820 BTHUSB - ok
00:33:09.0505 5820 btmaux (a0ca8f0493d26e67436929856e32f585) C:\Windows\system32\DRIVERS\btmaux.sys
00:33:09.0505 5820 btmaux - ok
00:33:09.0568 5820 btmhsf (2b72e1339186a059be27bc1697f4a9c1) C:\Windows\system32\DRIVERS\btmhsf.sys
00:33:09.0568 5820 btmhsf - ok
00:33:09.0661 5820 ccSet_NIS (9a2a298479be9354fed42c9a40a9c214) C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
00:33:09.0661 5820 ccSet_NIS - ok
00:33:09.0724 5820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:33:09.0724 5820 cdfs - ok
00:33:09.0755 5820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:33:09.0770 5820 cdrom - ok
00:33:09.0833 5820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:33:09.0833 5820 CertPropSvc - ok
00:33:09.0864 5820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:33:09.0864 5820 circlass - ok
00:33:09.0942 5820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:33:09.0958 5820 CLFS - ok
00:33:10.0145 5820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:33:10.0192 5820 clr_optimization_v2.0.50727_32 - ok
00:33:10.0301 5820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:33:10.0316 5820 clr_optimization_v2.0.50727_64 - ok
00:33:10.0394 5820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:33:10.0472 5820 clr_optimization_v4.0.30319_32 - ok
00:33:10.0566 5820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:33:10.0660 5820 clr_optimization_v4.0.30319_64 - ok
00:33:10.0691 5820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:33:10.0691 5820 CmBatt - ok
00:33:10.0722 5820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:33:10.0722 5820 cmdide - ok
00:33:11.0268 5820 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:33:11.0299 5820 CNG - ok
00:33:11.0346 5820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:33:11.0346 5820 Compbatt - ok
00:33:11.0362 5820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:33:11.0377 5820 CompositeBus - ok
00:33:11.0393 5820 COMSysApp - ok
00:33:11.0408 5820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:33:11.0424 5820 crcdisk - ok
00:33:11.0502 5820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:33:11.0502 5820 CryptSvc - ok
00:33:11.0970 5820 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:33:11.0986 5820 cvhsvc - ok
00:33:12.0079 5820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:33:12.0110 5820 DcomLaunch - ok
00:33:12.0142 5820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:33:12.0173 5820 defragsvc - ok
00:33:12.0235 5820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:33:12.0235 5820 DfsC - ok
00:33:12.0298 5820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:33:12.0298 5820 Dhcp - ok
00:33:12.0313 5820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:33:12.0313 5820 discache - ok
00:33:12.0360 5820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:33:12.0360 5820 Disk - ok
00:33:12.0407 5820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:33:12.0407 5820 Dnscache - ok
00:33:12.0438 5820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:33:12.0454 5820 dot3svc - ok
00:33:12.0500 5820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:33:12.0500 5820 DPS - ok
00:33:12.0532 5820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:33:12.0532 5820 drmkaud - ok
00:33:12.0859 5820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:33:12.0875 5820 DXGKrnl - ok
00:33:12.0937 5820 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
00:33:12.0937 5820 e1yexpress - ok
00:33:12.0968 5820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:33:12.0984 5820 EapHost - ok
00:33:14.0182 5820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:33:14.0275 5820 ebdrv - ok
00:33:14.0681 5820 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:33:14.0681 5820 eeCtrl - ok
00:33:15.0008 5820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:33:15.0024 5820 EFS - ok
00:33:15.0476 5820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:33:15.0508 5820 ehRecvr - ok
00:33:15.0570 5820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:33:15.0570 5820 ehSched - ok
00:33:15.0804 5820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:33:15.0835 5820 elxstor - ok
00:33:15.0976 5820 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:33:15.0976 5820 EraserUtilRebootDrv - ok
00:33:16.0007 5820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:33:16.0007 5820 ErrDev - ok
00:33:16.0147 5820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:33:16.0163 5820 EventSystem - ok
00:33:16.0740 5820 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:33:16.0771 5820 EvtEng - ok
00:33:17.0021 5820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:33:17.0021 5820 exfat - ok
00:33:17.0052 5820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:33:17.0052 5820 fastfat - ok
00:33:17.0224 5820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:33:17.0255 5820 Fax - ok
00:33:17.0302 5820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:33:17.0302 5820 fdc - ok
00:33:17.0317 5820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:33:17.0317 5820 fdPHost - ok
00:33:17.0333 5820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:33:17.0333 5820 FDResPub - ok
00:33:17.0411 5820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:33:17.0426 5820 FileInfo - ok
00:33:17.0458 5820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:33:17.0458 5820 Filetrace - ok
00:33:17.0489 5820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:33:17.0489 5820 flpydisk - ok
00:33:17.0551 5820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:33:17.0551 5820 FltMgr - ok
00:33:17.0754 5820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:33:17.0801 5820 FontCache - ok
00:33:17.0972 5820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:33:17.0972 5820 FontCache3.0.0.0 - ok
00:33:18.0066 5820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:33:18.0082 5820 FsDepends - ok
00:33:18.0160 5820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:33:18.0160 5820 Fs_Rec - ok
00:33:18.0222 5820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:33:18.0238 5820 fvevol - ok
00:33:18.0269 5820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:33:18.0284 5820 gagp30kx - ok
00:33:18.0316 5820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:33:18.0316 5820 GEARAspiWDM - ok
00:33:18.0472 5820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:33:18.0503 5820 gpsvc - ok
00:33:18.0565 5820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:33:18.0565 5820 hcw85cir - ok
00:33:18.0674 5820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:33:18.0690 5820 HdAudAddService - ok
00:33:18.0721 5820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:33:18.0737 5820 HDAudBus - ok
00:33:18.0752 5820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:33:18.0752 5820 HidBatt - ok
00:33:18.0768 5820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:33:18.0768 5820 HidBth - ok
00:33:18.0799 5820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:33:18.0815 5820 HidIr - ok
00:33:18.0830 5820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:33:18.0830 5820 hidserv - ok
00:33:18.0862 5820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:33:18.0862 5820 HidUsb - ok
00:33:18.0877 5820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:33:18.0893 5820 hkmsvc - ok
00:33:18.0908 5820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:33:18.0908 5820 HomeGroupListener - ok
00:33:18.0940 5820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:33:18.0940 5820 HomeGroupProvider - ok
00:33:18.0986 5820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:33:18.0986 5820 HpSAMD - ok
00:33:19.0049 5820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:33:19.0049 5820 HTTP - ok
00:33:19.0080 5820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:33:19.0080 5820 hwpolicy - ok
00:33:19.0111 5820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:33:19.0127 5820 i8042prt - ok
00:33:19.0205 5820 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
00:33:19.0205 5820 iaStor - ok
00:33:19.0345 5820 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:33:19.0345 5820 IAStorDataMgrSvc - ok
00:33:19.0439 5820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:33:19.0454 5820 iaStorV - ok
00:33:19.0486 5820 iBtFltCoex (e049dd2969a2c0af9ff99dd5f1182695) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:33:19.0486 5820 iBtFltCoex - ok
00:33:19.0751 5820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:33:19.0829 5820 idsvc - ok
00:33:20.0328 5820 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120626.001\IDSvia64.sys
00:33:20.0344 5820 IDSVia64 - ok
00:33:20.0515 5820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:33:20.0515 5820 iirsp - ok
00:33:20.0640 5820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:33:20.0671 5820 IKEEXT - ok
00:33:21.0779 5820 IntcAzAudAddService (cdb772f707ac24b43a20c821852ca61f) C:\Windows\system32\drivers\RTKVHD64.sys
00:33:21.0794 5820 IntcAzAudAddService - ok
00:33:22.0153 5820 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:33:22.0153 5820 IntcDAud - ok
00:33:22.0247 5820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:33:22.0247 5820 intelide - ok
00:33:27.0520 5820 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:33:27.0738 5820 intelkmd - ok
00:33:28.0159 5820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:33:28.0159 5820 intelppm - ok
00:33:28.0222 5820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:33:28.0222 5820 IPBusEnum - ok
00:33:28.0268 5820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:33:28.0268 5820 IpFilterDriver - ok
00:33:28.0300 5820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:33:28.0300 5820 IPMIDRV - ok
00:33:28.0346 5820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:33:28.0346 5820 IPNAT - ok
00:33:28.0877 5820 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
00:33:28.0908 5820 iPod Service - ok
00:33:28.0955 5820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:33:28.0955 5820 IRENUM - ok
00:33:28.0986 5820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:33:28.0986 5820 isapnp - ok
00:33:29.0048 5820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:33:29.0048 5820 iScsiPrt - ok
00:33:29.0314 5820 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
00:33:29.0329 5820 jhi_service - ok
00:33:29.0407 5820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:33:29.0423 5820 kbdclass - ok
00:33:29.0454 5820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:33:29.0454 5820 kbdhid - ok
00:33:29.0501 5820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:33:29.0501 5820 KeyIso - ok
00:33:29.0563 5820 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:33:29.0563 5820 KSecDD - ok
00:33:29.0594 5820 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:33:29.0594 5820 KSecPkg - ok
00:33:29.0641 5820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:33:29.0657 5820 ksthunk - ok
00:33:29.0750 5820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:33:29.0766 5820 KtmRm - ok
00:33:29.0875 5820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:33:29.0875 5820 LanmanServer - ok
00:33:29.0953 5820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:33:29.0953 5820 LanmanWorkstation - ok
00:33:30.0062 5820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:33:30.0062 5820 lltdio - ok
00:33:30.0265 5820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:33:30.0281 5820 lltdsvc - ok
00:33:30.0359 5820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:33:30.0359 5820 lmhosts - ok
00:33:30.0593 5820 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:33:30.0608 5820 LMS - ok
00:33:30.0686 5820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:33:30.0702 5820 LSI_FC - ok
00:33:30.0718 5820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:33:30.0718 5820 LSI_SAS - ok
00:33:30.0780 5820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:33:30.0780 5820 LSI_SAS2 - ok
00:33:30.0827 5820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:33:30.0827 5820 LSI_SCSI - ok
00:33:30.0905 5820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:33:30.0905 5820 luafv - ok
00:33:30.0967 5820 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
00:33:30.0967 5820 MBAMProtector - ok
00:33:31.0123 5820 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:33:31.0139 5820 MBAMService - ok
00:33:31.0186 5820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:33:31.0201 5820 Mcx2Svc - ok
00:33:31.0232 5820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:33:31.0232 5820 megasas - ok
00:33:31.0295 5820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:33:31.0295 5820 MegaSR - ok
00:33:31.0357 5820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:33:31.0357 5820 MEIx64 - ok
00:33:31.0435 5820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:33:31.0435 5820 MMCSS - ok
00:33:31.0482 5820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:33:31.0482 5820 Modem - ok
00:33:31.0498 5820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:33:31.0498 5820 monitor - ok
00:33:31.0560 5820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:33:31.0560 5820 mouclass - ok
00:33:31.0607 5820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
00:33:31.0607 5820 mouhid - ok
00:33:31.0654 5820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:33:31.0654 5820 mountmgr - ok
00:33:31.0685 5820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:33:31.0685 5820 mpio - ok
00:33:31.0716 5820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:33:31.0716 5820 mpsdrv - ok
00:33:31.0732 5820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:33:31.0747 5820 MRxDAV - ok
00:33:31.0763 5820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:33:31.0763 5820 mrxsmb - ok
00:33:31.0794 5820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:33:31.0794 5820 mrxsmb10 - ok
00:33:31.0825 5820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:33:31.0825 5820 mrxsmb20 - ok
00:33:31.0825 5820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:33:31.0825 5820 msahci - ok
00:33:31.0872 5820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:33:31.0888 5820 msdsm - ok
00:33:31.0919 5820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:33:31.0919 5820 MSDTC - ok
00:33:31.0950 5820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:33:31.0950 5820 Msfs - ok
00:33:31.0981 5820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:33:31.0981 5820 mshidkmdf - ok
00:33:31.0981 5820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:33:31.0997 5820 msisadrv - ok
00:33:32.0044 5820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:33:32.0059 5820 MSiSCSI - ok
00:33:32.0059 5820 msiserver - ok
00:33:32.0090 5820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:33:32.0090 5820 MSKSSRV - ok
00:33:32.0106 5820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:33:32.0122 5820 MSPCLOCK - ok
00:33:32.0122 5820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:33:32.0122 5820 MSPQM - ok
00:33:32.0153 5820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:33:32.0168 5820 MsRPC - ok
00:33:32.0184 5820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:33:32.0184 5820 mssmbios - ok
00:33:32.0215 5820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:33:32.0215 5820 MSTEE - ok
00:33:32.0231 5820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:33:32.0231 5820 MTConfig - ok
00:33:32.0246 5820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:33:32.0246 5820 Mup - ok
00:33:32.0371 5820 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:33:32.0387 5820 MyWiFiDHCPDNS - ok
00:33:32.0480 5820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:33:32.0496 5820 napagent - ok
00:33:32.0574 5820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:33:32.0590 5820 NativeWifiP - ok
00:33:32.0777 5820 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\ENG64.SYS
00:33:32.0777 5820 NAVENG - ok
00:33:33.0073 5820 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\EX64.SYS
00:33:33.0167 5820 NAVEX15 - ok
00:33:33.0619 5820 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
00:33:33.0635 5820 NDIS - ok
00:33:33.0666 5820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:33:33.0666 5820 NdisCap - ok
00:33:33.0697 5820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:33:33.0697 5820 NdisTapi - ok
00:33:33.0728 5820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:33:33.0728 5820 Ndisuio - ok
00:33:33.0775 5820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:33:33.0791 5820 NdisWan - ok
00:33:33.0822 5820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:33:33.0822 5820 NDProxy - ok
00:33:33.0869 5820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:33:33.0869 5820 NetBIOS - ok
00:33:33.0900 5820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:33:33.0900 5820 NetBT - ok
00:33:33.0947 5820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:33:33.0962 5820 Netlogon - ok
00:33:34.0072 5820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:33:34.0072 5820 Netman - ok
00:33:34.0274 5820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0321 5820 NetMsmqActivator - ok
00:33:34.0337 5820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0337 5820 NetPipeActivator - ok
00:33:34.0399 5820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:33:34.0415 5820 netprofm - ok
00:33:34.0415 5820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0415 5820 NetTcpActivator - ok
00:33:34.0430 5820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0430 5820 NetTcpPortSharing - ok
00:33:44.0773 5820 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
00:33:44.0945 5820 NETwNs64 - ok
00:33:45.0553 5820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:33:45.0553 5820 nfrd960 - ok
00:33:45.0803 5820 NIS (efbfe525e03c7444187262c85d776532) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
00:33:45.0818 5820 NIS - ok
00:33:46.0084 5820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:33:46.0084 5820 NlaSvc - ok
00:33:46.0162 5820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:33:46.0162 5820 Npfs - ok
00:33:46.0208 5820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:33:46.0208 5820 nsi - ok
00:33:46.0271 5820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:33:46.0271 5820 nsiproxy - ok
00:33:47.0846 5820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:33:47.0893 5820 Ntfs - ok
00:33:48.0314 5820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:33:48.0314 5820 Null - ok
00:33:48.0533 5820 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:33:48.0533 5820 nusb3hub - ok
00:33:48.0782 5820 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:33:48.0798 5820 nusb3xhc - ok
00:33:52.0682 5820 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:33:52.0948 5820 nvlddmkm - ok
00:33:53.0525 5820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:33:53.0540 5820 nvraid - ok
00:33:53.0572 5820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:33:53.0587 5820 nvstor - ok
00:33:53.0634 5820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:33:53.0634 5820 nv_agp - ok
00:33:53.0650 5820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:33:53.0650 5820 ohci1394 - ok
00:33:53.0852 5820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:33:53.0915 5820 ose - ok
00:33:57.0846 5820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:33:58.0049 5820 osppsvc - ok
00:33:58.0876 5820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:33:58.0876 5820 p2pimsvc - ok
00:33:59.0297 5820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:33:59.0313 5820 p2psvc - ok
00:33:59.0812 5820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:33:59.0812 5820 Parport - ok
00:33:59.0859 5820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:33:59.0859 5820 partmgr - ok
00:34:00.0061 5820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:34:00.0077 5820 PcaSvc - ok
00:34:00.0451 5820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:34:00.0467 5820 pci - ok
00:34:00.0576 5820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:34:00.0576 5820 pciide - ok
00:34:00.0732 5820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:34:00.0732 5820 pcmcia - ok
00:34:00.0763 5820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:34:00.0763 5820 pcw - ok
00:34:01.0013 5820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:34:01.0044 5820 PEAUTH - ok
00:34:01.0341 5820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:34:01.0341 5820 PerfHost - ok
00:34:01.0606 5820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:34:01.0637 5820 pla - ok
00:34:01.0793 5820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:34:01.0824 5820 PlugPlay - ok
00:34:02.0074 5820 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
00:34:02.0261 5820 PMBDeviceInfoProvider - ok
00:34:02.0339 5820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:34:02.0355 5820 PNRPAutoReg - ok
00:34:02.0401 5820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:34:02.0448 5820 PNRPsvc - ok
00:34:02.0729 5820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:34:02.0760 5820 PolicyAgent - ok
00:34:02.0838 5820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:34:02.0838 5820 Power - ok
00:34:02.0994 5820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:34:03.0010 5820 PptpMiniport - ok
00:34:03.0057 5820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:34:03.0072 5820 Processor - ok
00:34:03.0166 5820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:34:03.0181 5820 ProfSvc - ok
00:34:03.0291 5820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:03.0291 5820 ProtectedStorage - ok
00:34:03.0337 5820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:34:03.0337 5820 Psched - ok
00:34:03.0915 5820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:34:04.0024 5820 ql2300 - ok
00:34:04.0695 5820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:34:04.0710 5820 ql40xx - ok
00:34:04.0835 5820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:34:04.0835 5820 QWAVE - ok
00:34:04.0866 5820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:34:04.0866 5820 QWAVEdrv - ok
00:34:04.0882 5820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:34:04.0882 5820 RasAcd - ok
00:34:04.0960 5820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:34:04.0991 5820 RasAgileVpn - ok
00:34:05.0085 5820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:34:05.0085 5820 RasAuto - ok
00:34:05.0303 5820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:34:05.0303 5820 Rasl2tp - ok
00:34:05.0475 5820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:34:05.0490 5820 RasMan - ok
00:34:05.0568 5820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:34:05.0568 5820 RasPppoe - ok
00:34:05.0677 5820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:34:05.0677 5820 RasSstp - ok
00:34:05.0833 5820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:34:05.0865 5820 rdbss - ok
00:34:05.0911 5820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:34:05.0911 5820 rdpbus - ok
00:34:05.0911 5820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:34:05.0927 5820 RDPCDD - ok
00:34:05.0958 5820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:34:05.0958 5820 RDPENCDD - ok
00:34:06.0005 5820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:34:06.0005 5820 RDPREFMP - ok
00:34:06.0282 5820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:34:06.0287 5820 RDPWD - ok
00:34:06.0379 5820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:34:06.0382 5820 rdyboost - ok
00:34:07.0133 5820 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:34:07.0180 5820 RegSrvc - ok
00:34:07.0320 5820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:34:07.0320 5820 RemoteAccess - ok
00:34:07.0460 5820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:34:07.0460 5820 RemoteRegistry - ok
00:34:07.0772 5820 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:34:07.0788 5820 RFCOMM - ok
00:34:07.0835 5820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:34:07.0835 5820 RpcEptMapper - ok
00:34:07.0866 5820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:34:07.0866 5820 RpcLocator - ok
00:34:08.0022 5820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:34:08.0022 5820 RpcSs - ok
00:34:08.0287 5820 RSPCIESTOR (f8fea7764348c59262b340916cbfeb40) C:\Windows\system32\DRIVERS\RtsPStor.sys
00:34:08.0287 5820 RSPCIESTOR - ok
00:34:08.0474 5820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:34:08.0506 5820 rspndr - ok
00:34:08.0833 5820 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:34:08.0833 5820 RTL8167 - ok
00:34:08.0880 5820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:08.0880 5820 SamSs - ok
00:34:09.0020 5820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:34:09.0052 5820 sbp2port - ok
00:34:09.0114 5820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:34:09.0114 5820 SCardSvr - ok
00:34:09.0286 5820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:34:09.0286 5820 scfilter - ok
00:34:09.0473 5820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:34:09.0504 5820 Schedule - ok
00:34:09.0535 5820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:34:09.0535 5820 SCPolicySvc - ok
00:34:09.0598 5820 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:34:09.0598 5820 sdbus - ok
00:34:09.0676 5820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:34:09.0691 5820 SDRSVC - ok
00:34:09.0738 5820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:34:09.0738 5820 secdrv - ok
00:34:09.0769 5820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:34:09.0785 5820 seclogon - ok
00:34:09.0816 5820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:34:09.0816 5820 SENS - ok
00:34:09.0863 5820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:34:09.0863 5820 SensrSvc - ok
00:34:09.0894 5820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:34:09.0894 5820 Serenum - ok
00:34:09.0910 5820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:34:09.0910 5820 Serial - ok
00:34:09.0956 5820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:34:09.0956 5820 sermouse - ok
00:34:10.0003 5820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:34:10.0019 5820 SessionEnv - ok
00:34:10.0050 5820 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
00:34:10.0050 5820 SFEP - ok
00:34:10.0081 5820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:34:10.0097 5820 sffdisk - ok
00:34:10.0159 5820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:34:10.0159 5820 sffp_mmc - ok
00:34:10.0190 5820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:34:10.0190 5820 sffp_sd - ok
00:34:10.0222 5820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:34:10.0222 5820 sfloppy - ok
00:34:10.0705 5820 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:34:10.0721 5820 Sftfs - ok
00:34:11.0392 5820 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:34:11.0407 5820 sftlist - ok
00:34:11.0516 5820 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:34:11.0532 5820 Sftplay - ok
00:34:11.0579 5820 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:34:11.0579 5820 Sftredir - ok
00:34:11.0672 5820 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:34:11.0672 5820 Sftvol - ok
00:34:11.0750 5820 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:34:11.0766 5820 sftvsa - ok
00:34:11.0828 5820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:34:11.0844 5820 ShellHWDetection - ok
00:34:11.0922 5820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:34:11.0922 5820 SiSRaid2 - ok
00:34:11.0969 5820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:34:12.0000 5820 SiSRaid4 - ok
00:34:13.0669 5820 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:34:13.0794 5820 Skype C2C Service - ok
00:34:14.0200 5820 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:34:14.0200 5820 SkypeUpdate - ok
00:34:15.0120 5820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:34:15.0120 5820 Smb - ok
00:34:15.0198 5820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:34:15.0229 5820 SNMPTRAP - ok
00:34:15.0401 5820 SOHCImp (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
00:34:15.0401 5820 SOHCImp - ok
00:34:15.0416 5820 SOHDs (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
00:34:15.0416 5820 SOHDs - ok
00:34:15.0588 5820 SpfService (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
00:34:15.0588 5820 SpfService - ok
00:34:15.0650 5820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:34:15.0650 5820 spldr - ok
00:34:15.0869 5820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:34:15.0884 5820 Spooler - ok
00:34:16.0508 5820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:34:16.0586 5820 sppsvc - ok
00:34:16.0883 5820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:34:16.0883 5820 sppuinotify - ok
00:34:17.0288 5820 SRTSP (df26fa7825f9cd39fceb3f2f27e813a7) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS
00:34:17.0320 5820 SRTSP - ok
00:34:17.0335 5820 SRTSPX (a8ade1e0092b8097ddb76c9a6dc5f193) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS
00:34:17.0335 5820 SRTSPX - ok
00:34:17.0725 5820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:34:17.0725 5820 srv - ok
00:34:17.0881 5820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:34:17.0912 5820 srv2 - ok
00:34:17.0944 5820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:34:17.0959 5820 srvnet - ok
00:34:18.0006 5820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:34:18.0006 5820 SSDPSRV - ok
00:34:18.0131 5820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:34:18.0131 5820 SstpSvc - ok
00:34:18.0195 5820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:34:18.0195 5820 stexstor - ok
00:34:18.0616 5820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:34:18.0648 5820 stisvc - ok
00:34:18.0726 5820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:34:18.0726 5820 swenum - ok
00:34:19.0428 5820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:34:19.0459 5820 swprv - ok
00:34:19.0880 5820 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS
00:34:19.0896 5820 SymDS - ok
00:34:20.0520 5820 SymEFA (f016d755aadd6a16555809d4b289497e) C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS
00:34:20.0582 5820 SymEFA - ok
00:34:21.0097 5820 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:34:21.0097 5820 SymEvent - ok
00:34:21.0175 5820 SymIRON (321b635a0c0ff48047d37f6f078c5342) C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS
00:34:21.0175 5820 SymIRON - ok
00:34:21.0315 5820 SymNetS (5ea027a364116963e37a281b1949ffd5) C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS
00:34:21.0315 5820 SymNetS - ok
00:34:21.0705 5820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:34:21.0768 5820 SysMain - ok
00:34:21.0939 5820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:34:21.0939 5820 TabletInputService - ok
00:34:22.0033 5820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:34:22.0064 5820 TapiSrv - ok
00:34:22.0142 5820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:34:22.0142 5820 TBS - ok
00:34:23.0718 5820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:34:23.0811 5820 Tcpip - ok
00:34:25.0886 5820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:34:25.0902 5820 TCPIP6 - ok
00:34:26.0151 5820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:34:26.0151 5820 tcpipreg - ok
00:34:26.0167 5820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:34:26.0167 5820 TDPIPE - ok
00:34:26.0198 5820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:34:26.0198 5820 TDTCP - ok
00:34:26.0260 5820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:34:26.0276 5820 tdx - ok
00:34:26.0307 5820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:34:26.0307 5820 TermDD - ok
00:34:26.0448 5820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:34:26.0463 5820 TermService - ok
00:34:26.0494 5820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:34:26.0494 5820 Themes - ok
00:34:26.0619 5820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:34:26.0619 5820 THREADORDER - ok
00:34:26.0650 5820 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
00:34:26.0666 5820 TPM - ok
00:34:26.0697 5820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:34:26.0697 5820 TrkWks - ok
00:34:26.0760 5820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:34:26.0760 5820 TrustedInstaller - ok
00:34:26.0775 5820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:34:26.0791 5820 tssecsrv - ok
00:34:26.0806 5820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:34:26.0806 5820 TsUsbFlt - ok
00:34:26.0822 5820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:34:26.0822 5820 TsUsbGD - ok
00:34:26.0853 5820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:34:26.0853 5820 tunnel - ok
00:34:26.0869 5820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:34:26.0869 5820 uagp35 - ok
00:34:26.0994 5820 uCamMonitor (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
00:34:27.0072 5820 uCamMonitor - ok
00:34:27.0103 5820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:34:27.0118 5820 udfs - ok
00:34:27.0134 5820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:34:27.0150 5820 UI0Detect - ok
00:34:27.0196 5820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:34:27.0196 5820 uliagpkx - ok
00:34:27.0212 5820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:34:27.0212 5820 umbus - ok
00:34:27.0212 5820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:34:27.0228 5820 UmPass - ok
00:34:27.0774 5820 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:34:27.0836 5820 UNS - ok
00:34:28.0242 5820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:34:28.0242 5820 upnphost - ok
00:34:28.0335 5820 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:34:28.0335 5820 USBAAPL64 - ok
00:34:28.0382 5820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:34:28.0382 5820 usbccgp - ok
00:34:28.0460 5820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:34:28.0460 5820 usbcir - ok
00:34:28.0507 5820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:34:28.0554 5820 usbehci - ok
00:34:29.0037 5820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:34:29.0068 5820 usbhub - ok
00:34:29.0131 5820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:34:29.0131 5820 usbohci - ok
00:34:29.0146 5820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:34:29.0162 5820 usbprint - ok
00:34:29.0193 5820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
00:34:29.0193 5820 USBSTOR - ok
00:34:29.0224 5820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:34:29.0224 5820 usbuhci - ok
00:34:29.0568 5820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:34:29.0599 5820 usbvideo - ok
00:34:29.0708 5820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:34:29.0708 5820 UxSms - ok
00:34:29.0989 5820 VAIO Event Service (203fd19d70549a2939e1ae3a36608151) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
00:34:30.0004 5820 VAIO Event Service - ok
00:34:30.0332 5820 VAIO Power Management (63dd41d4c6f5fd59beb08c88292ca76a) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
00:34:30.0348 5820 VAIO Power Management - ok
00:34:30.0457 5820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:30.0457 5820 VaultSvc - ok
00:34:31.0315 5820 VCFw (c642c93a30dcf1514f2c0502f864ee81) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
00:34:31.0471 5820 VCFw - ok
00:34:32.0391 5820 VcmIAlzMgr (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
00:34:32.0532 5820 VcmIAlzMgr - ok
00:34:33.0062 5820 VcmINSMgr (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
00:34:33.0171 5820 VcmINSMgr - ok
00:34:33.0421 5820 VcmXmlIfHelper (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
00:34:33.0530 5820 VcmXmlIfHelper - ok
00:34:33.0733 5820 VCService (b26dab275900e604f247f5a8b72cffe1) C:\Program Files\Sony\VAIO Care\VCService.exe
00:34:33.0733 5820 VCService - ok
00:34:34.0279 5820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:34:34.0279 5820 vdrvroot - ok
00:34:34.0840 5820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:34:34.0887 5820 vds - ok
00:34:34.0996 5820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:34:34.0996 5820 vga - ok
00:34:35.0074 5820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:34:35.0074 5820 VgaSave - ok
00:34:35.0449 5820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:34:35.0464 5820 vhdmp - ok
00:34:35.0574 5820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:34:35.0589 5820 viaide - ok
00:34:35.0948 5820 VIPAppService (f211e659aaf2d82e4dbd6ea4a8178829) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
00:34:35.0964 5820 VIPAppService - ok
00:34:36.0198 5820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:34:36.0213 5820 volmgr - ok
00:34:36.0478 5820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:34:36.0494 5820 volmgrx - ok
00:34:36.0603 5820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:34:36.0603 5820 volsnap - ok
00:34:36.0775 5820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:34:36.0775 5820 vsmraid - ok
00:34:37.0929 5820 VSNService (6b427ef11b77646e7e3eefb2c4870191) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
00:34:37.0960 5820 VSNService - ok
00:34:38.0943 5820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:34:39.0021 5820 VSS - ok
00:34:39.0754 5820 VUAgent (5498369d830f2d22104af518e50d8aaf) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
00:34:39.0801 5820 VUAgent - ok
00:34:40.0503 5820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:34:40.0503 5820 vwifibus - ok
00:34:40.0581 5820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:34:40.0597 5820 vwififlt - ok
00:34:40.0612 5820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:34:40.0612 5820 vwifimp - ok
00:34:40.0768 5820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:34:40.0784 5820 W32Time - ok
00:34:40.0831 5820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:34:40.0831 5820 WacomPen - ok
00:34:40.0940 5820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:40.0940 5820 WANARP - ok
00:34:40.0940 5820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:40.0956 5820 Wanarpv6 - ok
00:34:41.0923 5820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:34:42.0001 5820 WatAdminSvc - ok
00:34:42.0680 5820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:34:42.0726 5820 wbengine - ok
00:34:43.0210 5820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:34:43.0226 5820 WbioSrvc - ok
00:34:43.0366 5820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:34:43.0382 5820 wcncsvc - ok
00:34:43.0413 5820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:34:43.0413 5820 WcsPlugInService - ok
00:34:43.0491 5820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:34:43.0491 5820 Wd - ok
00:34:43.0662 5820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:34:43.0662 5820 Wdf01000 - ok
00:34:43.0709 5820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:43.0709 5820 WdiServiceHost - ok
00:34:43.0709 5820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:43.0709 5820 WdiSystemHost - ok
00:34:43.0803 5820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:34:43.0834 5820 WebClient - ok
00:34:43.0865 5820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:34:43.0896 5820 Wecsvc - ok
00:34:43.0912 5820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:34:43.0912 5820 wercplsupport - ok
00:34:43.0943 5820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:34:43.0943 5820 WerSvc - ok
00:34:44.0037 5820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:34:44.0037 5820 WfpLwf - ok
00:34:44.0084 5820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:34:44.0084 5820 WIMMount - ok
00:34:44.0099 5820 WinHttpAutoProxySvc - ok
00:34:44.0208 5820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:34:44.0208 5820 Winmgmt - ok
00:34:44.0988 5820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:34:45.0035 5820 WinRM - ok
00:34:45.0425 5820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:34:45.0425 5820 WinUsb - ok
00:34:45.0521 5820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:34:45.0552 5820 Wlansvc - ok
00:34:45.0786 5820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:34:45.0802 5820 wlcrasvc - ok
00:34:46.0473 5820 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:34:46.0535 5820 wlidsvc - ok
00:34:47.0237 5820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:34:47.0237 5820 WmiAcpi - ok
00:34:47.0409 5820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:34:47.0487 5820 wmiApSrv - ok
00:34:47.0518 5820 WMPNetworkSvc - ok
00:34:47.0690 5820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:34:47.0690 5820 WPCSvc - ok
00:34:47.0752 5820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:34:47.0752 5820 WPDBusEnum - ok
00:34:47.0814 5820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:34:47.0830 5820 ws2ifsl - ok
00:34:47.0830 5820 WSearch - ok
00:34:47.0846 5820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:34:47.0861 5820 WudfPf - ok
00:34:47.0892 5820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:34:47.0892 5820 WUDFRd - ok
00:34:47.0924 5820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:34:47.0924 5820 wudfsvc - ok
00:34:48.0033 5820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:34:48.0048 5820 WwanSvc - ok
00:34:48.0111 5820 X6va008 - ok
00:34:48.0173 5820 X6va009 - ok
00:34:48.0220 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:34:49.0998 5820 \Device\Harddisk0\DR0 - ok
00:34:51.0153 5820 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:34:51.0356 5820 \Device\Harddisk1\DR1 - ok
00:34:51.0387 5820 Boot (0x1200) (16df17afa6fa1751b352a516c034f7e3) \Device\Harddisk0\DR0\Partition0
00:34:51.0402 5820 \Device\Harddisk0\DR0\Partition0 - ok
00:34:51.0418 5820 Boot (0x1200) (760584b9473d977a36be0cb3ad4e6294) \Device\Harddisk0\DR0\Partition1
00:34:51.0418 5820 \Device\Harddisk0\DR0\Partition1 - ok
00:34:51.0434 5820 Boot (0x1200) (497fc2c7ba9442ce95bdb9a3f058ce74) \Device\Harddisk1\DR1\Partition0
00:34:51.0434 5820 \Device\Harddisk1\DR1\Partition0 - ok
00:34:51.0434 5820 ============================================================
00:34:51.0434 5820 Scan finished
00:34:51.0434 5820 ============================================================
00:34:51.0449 5796 Detected object count: 0
00:34:51.0449 5796 Actual detected object count: 0
00:35:06.0319 5656 Deinitialize success

aswMBR (AKA AVAST ENGINE) LOG


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 00:36:10
-----------------------------
00:36:10.694 OS Version: Windows x64 6.1.7601 Service Pack 1
00:36:10.694 Number of processors: 4 586 0x2A07
00:36:10.694 ComputerName: CHRISTY_KANG UserName: Christy Kang
00:36:12.535 Initialize success
00:37:17.451 AVAST engine defs: 12072302
00:37:20.054 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:37:20.056 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
00:37:20.094 Disk 0 MBR read successfully
00:37:20.096 Disk 0 MBR scan
00:37:20.101 Disk 0 Windows 7 default MBR code
00:37:20.121 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14218 MB offset 2048
00:37:20.134 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29120512
00:37:20.159 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462620 MB offset 29325312
00:37:20.258 Disk 0 scanning C:\Windows\system32\drivers
00:37:46.580 Service scanning
00:38:37.185 Modules scanning
00:38:37.196 Disk 0 trace - called modules:
00:38:37.217 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
00:38:37.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075c1060]
00:38:37.554 3 CLASSPNP.SYS[fffff88001fa843f] -> nt!IofCallDriver -> [0xfffffa8004e9bdb0]
00:38:37.561 5 ACPI.sys[fffff88000edb7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e9a050]
00:38:41.417 AVAST engine scan C:\Windows
00:38:45.938 AVAST engine scan C:\Windows\system32
00:40:27.505 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:40:29.326 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:41:47.804 AVAST engine scan C:\Windows\system32\drivers
00:42:09.518 AVAST engine scan C:\Users\Christy Kang
00:44:32.337 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
00:44:32.338 The log file has been saved successfully to "C:\aswMBR LOG.txt"

ESET LIST OF THREATS

C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

Edited by turtle0423, 24 July 2012 - 04:28 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 24 July 2012 - 11:18 AM

please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 07:43 PM

I have downloaded the FRST that you have mentioned into the flash drive but it said that the subsystem needed to support the image type is not present...

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 24 July 2012 - 07:44 PM

did you download the 64bit version?

That's the one you need

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 07:53 PM

Ok got it thank you!!! I will scan now!!'

#6 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 08:03 PM

FRST LOG

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 24-07-2012 17:52:52
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-07-12] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-27] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-27] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-27] (Intel Corporation)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [234832 2011-10-30] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Christy Kang\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000" [3208032 2012-01-04] (Microsoft Corporation)
HKU\Christy Kang\...\Run: [uTorrent] "C:\Users\Christy Kang\Downloads\uTorrent.exe" /MINIMIZED [1020816 2012-06-13] (BitTorrent, Inc.)
HKU\Christy Kang\...\Run: [Apple] rundll32.exe "C:\Users\Christy Kang\AppData\Local\ArcSoft\Apple\injlcofe.dll",CreateInstance [690176 2012-07-22] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [923984 2011-07-12] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1321296 2011-07-12] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-07-12] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-04-21] (Intel® Corporation)
2 cbVSCService; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll" /prefetch:1 [281016 2011-05-24] (Symantec Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [260768 2011-08-26] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656536 2011-10-26] (Intel Corporation)
2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [82544 2011-07-12] (Symantec Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_6e2\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-23] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-07-06] (Intel Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120626.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\ENG64.SYS [120440 2012-06-26] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\EX64.SYS [2068600 2012-06-26] (Symantec Corporation)
3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-20] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-20] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-16] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-04-14] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-16] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-09] (Symantec Corporation)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 17:52 - 2012-07-24 17:52 - 00000000 ____D C:\FRST
2012-07-24 15:16 - 2012-07-24 14:54 - 00892784 ____A (Farbar) C:\FRST.exe
2012-07-24 07:04 - 2012-07-24 15:13 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-24 07:04 - 2012-07-24 07:04 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-24 07:03 - 2012-07-24 07:03 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Christy Kang\Downloads\SpyHunter-Installer.exe
2012-07-24 01:10 - 2012-07-24 01:10 - 00000000 ____D C:\Users\Christy Kang\AppData\Local\Safe mirror
2012-07-24 01:09 - 2012-07-24 01:10 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 10
2012-07-24 01:09 - 2012-07-24 01:09 - 15492608 ____A (Luis Cobian, CobianSoft) C:\Users\Christy Kang\Downloads\cbSetup10.exe
2012-07-23 23:44 - 2012-07-23 23:52 - 00000512 ____A C:\MBR.dat
2012-07-23 23:44 - 2012-07-23 23:44 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-23 23:42 - 2012-07-23 23:42 - 02322184 ____A (ESET) C:\Users\Christy Kang\Downloads\esetsmartinstaller_enu.exe
2012-07-23 23:34 - 2012-07-23 23:34 - 04731392 ____N (AVAST Software) C:\Users\Christy Kang\Downloads\aswMBR.exe
2012-07-23 22:34 - 2012-07-23 22:34 - 00000361 ____A C:\rkill.log
2012-07-23 22:33 - 2012-07-23 22:33 - 01012656 ____A C:\Users\Christy Kang\Downloads\rkill.exe
2012-07-23 21:20 - 2012-07-23 21:31 - 00023507 ____A C:\Users\Christy Kang\Downloads\Result.txt
2012-07-23 21:20 - 2012-07-23 21:20 - 00751391 ____A (Farbar) C:\Users\Christy Kang\Downloads\MiniToolBox.exe
2012-07-23 18:36 - 2012-07-24 16:46 - 00001410 ____A C:\Windows\setupact.log
2012-07-23 18:36 - 2012-07-23 18:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-23 18:35 - 2012-07-24 16:20 - 00001568 ____A C:\Windows\PFRO.log
2012-07-23 18:31 - 2012-07-24 16:27 - 00005645 ____A C:\Windows\WindowsUpdate.log
2012-07-23 17:54 - 2012-07-23 17:54 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 17:54 - 2012-07-23 17:54 - 00000000 ____D C:\Program Files\CCleaner
2012-07-23 17:53 - 2012-07-23 17:53 - 03889704 ____A (Piriform Ltd) C:\Users\Christy Kang\Downloads\ccsetup320.exe
2012-07-23 17:40 - 2012-07-23 20:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-23 17:33 - 2012-07-23 17:33 - 02136152 ____A (Kaspersky Lab ZAO) C:\Users\Christy Kang\Downloads\tdsskiller.exe
2012-07-23 17:25 - 2012-07-23 17:26 - 00000021 ____A C:\Windows\Model.txt
2012-07-23 17:24 - 2012-07-23 17:25 - 49184376 ____A C:\Users\Christy Kang\Downloads\SOAVCA-00229335-1060.EXE
2012-07-23 10:14 - 2012-07-23 10:14 - 00000663 ____A C:\Users\Christy Kang\Documents\hosts.txt
2012-07-22 10:07 - 2012-07-22 10:07 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-07-19 18:32 - 2012-07-19 18:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-15 23:40 - 2012-07-15 23:40 - 00021377 ____A C:\Users\Christy Kang\Downloads\Visual Schedule.htm
2012-07-12 02:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 02:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 02:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 02:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 02:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 02:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 02:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 02:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 02:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 02:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 02:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 02:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 02:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 02:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 02:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 02:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 02:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 02:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 02:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 02:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 02:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 02:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 02:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 02:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 02:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 02:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 02:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 02:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 02:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 08:14 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 08:14 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 08:14 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 08:14 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 08:14 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 08:14 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 08:14 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 08:14 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 08:14 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 08:14 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 08:14 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 08:14 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 08:14 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 08:14 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 08:14 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 08:14 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 08:14 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 08:14 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 08:14 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

============ 3 Months Modified Files ========================

2012-07-24 16:51 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-24 16:51 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-24 16:46 - 2012-07-23 18:36 - 00001410 ____A C:\Windows\setupact.log
2012-07-24 16:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-24 16:27 - 2012-07-23 18:31 - 00005645 ____A C:\Windows\WindowsUpdate.log
2012-07-24 16:25 - 2009-07-13 21:13 - 00779550 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 16:20 - 2012-07-23 18:35 - 00001568 ____A C:\Windows\PFRO.log
2012-07-24 16:08 - 2012-06-06 17:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 14:54 - 2012-07-24 15:16 - 00892784 ____A (Farbar) C:\FRST.exe
2012-07-24 07:03 - 2012-07-24 07:03 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Christy Kang\Downloads\SpyHunter-Installer.exe
2012-07-24 01:09 - 2012-07-24 01:09 - 15492608 ____A (Luis Cobian, CobianSoft) C:\Users\Christy Kang\Downloads\cbSetup10.exe
2012-07-23 23:52 - 2012-07-23 23:44 - 00000512 ____A C:\MBR.dat
2012-07-23 23:42 - 2012-07-23 23:42 - 02322184 ____A (ESET) C:\Users\Christy Kang\Downloads\esetsmartinstaller_enu.exe
2012-07-23 23:34 - 2012-07-23 23:34 - 04731392 ____N (AVAST Software) C:\Users\Christy Kang\Downloads\aswMBR.exe
2012-07-23 22:34 - 2012-07-23 22:34 - 00000361 ____A C:\rkill.log
2012-07-23 22:33 - 2012-07-23 22:33 - 01012656 ____A C:\Users\Christy Kang\Downloads\rkill.exe
2012-07-23 21:31 - 2012-07-23 21:20 - 00023507 ____A C:\Users\Christy Kang\Downloads\Result.txt
2012-07-23 21:20 - 2012-07-23 21:20 - 00751391 ____A (Farbar) C:\Users\Christy Kang\Downloads\MiniToolBox.exe
2012-07-23 18:36 - 2012-07-23 18:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-23 17:54 - 2012-07-23 17:54 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 17:53 - 2012-07-23 17:53 - 03889704 ____A (Piriform Ltd) C:\Users\Christy Kang\Downloads\ccsetup320.exe
2012-07-23 17:33 - 2012-07-23 17:33 - 02136152 ____A (Kaspersky Lab ZAO) C:\Users\Christy Kang\Downloads\tdsskiller.exe
2012-07-23 17:26 - 2012-07-23 17:25 - 00000021 ____A C:\Windows\Model.txt
2012-07-23 17:25 - 2012-07-23 17:24 - 49184376 ____A C:\Users\Christy Kang\Downloads\SOAVCA-00229335-1060.EXE
2012-07-23 10:14 - 2012-07-23 10:14 - 00000663 ____A C:\Users\Christy Kang\Documents\hosts.txt
2012-07-22 10:07 - 2012-07-22 10:07 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-07-19 00:53 - 2012-06-19 20:38 - 00131072 ____A C:\Users\Christy Kang\Downloads\DGEmu - 1986 - Pokemon Emerald (U)(TrashMan).sav
2012-07-18 10:16 - 2012-06-08 03:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 23:40 - 2012-07-15 23:40 - 00021377 ____A C:\Users\Christy Kang\Downloads\Visual Schedule.htm
2012-07-12 03:36 - 2012-06-06 17:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 03:36 - 2012-04-14 13:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 02:23 - 2009-07-13 20:45 - 00303560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-03 12:46 - 2012-06-08 03:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-19 20:37 - 2012-06-19 20:36 - 07124471 ____A C:\Users\Christy Kang\Downloads\DGEmu - 1986 - Pokemon Emerald (U)(TrashMan).zip
2012-06-19 20:37 - 1996-12-24 22:32 - 16777216 ____N C:\Users\Christy Kang\Downloads\1986 - Pokemon Emerald (U)(TrashMan).gba
2012-06-19 20:35 - 2012-06-19 20:35 - 00659797 ____A C:\Users\Christy Kang\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2012-06-14 01:12 - 2012-06-14 01:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-14 00:38 - 2012-06-14 00:38 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 00:26 - 2012-06-14 00:25 - 79225752 ____A (Apple Inc.) C:\Users\Christy Kang\Downloads\iTunes64Setup.exe
2012-06-13 23:46 - 2012-06-13 23:46 - 00001807 ____A C:\Users\Public\Desktop\Audition.lnk
2012-06-13 19:12 - 2012-06-13 18:39 - 3272621323 ____A (Acresso Software Inc. ) C:\Users\Christy Kang\Downloads\audition_america_05.exe
2012-06-13 18:38 - 2012-06-13 18:38 - 00017424 ____A C:\Users\Christy Kang\Downloads\audition_america_05.exe.torrent
2012-06-13 18:36 - 2012-06-13 18:36 - 00000686 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-13 18:32 - 2012-06-13 18:27 - 01020816 ____A (BitTorrent, Inc.) C:\Users\Christy Kang\Downloads\uTorrent.exe
2012-06-11 19:08 - 2012-07-12 02:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 08:14 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 08:14 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 03:01 - 2012-06-08 03:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Christy Kang\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-06 02:41 - 2012-06-06 02:41 - 00057633 ____A C:\Users\Christy Kang\Documents\French Project.wlmp
2012-06-06 01:12 - 2012-06-06 01:12 - 00373159 ____A C:\Users\Christy Kang\Documents\French Project Recording 5.wma
2012-06-06 01:12 - 2012-06-06 01:12 - 00175599 ____A C:\Users\Christy Kang\Documents\French Project Recording 6.wma
2012-06-06 01:11 - 2012-06-06 01:11 - 00274379 ____A C:\Users\Christy Kang\Documents\French Project Recording 4.wma
2012-06-06 01:09 - 2012-06-06 01:09 - 00346219 ____A C:\Users\Christy Kang\Documents\French Project Recording 3.wma
2012-06-06 01:08 - 2012-06-06 01:08 - 00337239 ____A C:\Users\Christy Kang\Documents\French Project Recording 1.wma
2012-06-06 01:08 - 2012-06-06 01:08 - 00265399 ____A C:\Users\Christy Kang\Documents\French Project Recording 2.wma
2012-06-05 22:06 - 2012-07-11 08:14 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 08:14 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 08:14 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 08:14 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 08:14 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 08:14 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-23 12:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 12:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 12:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 12:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 12:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-23 12:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-23 12:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 12:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-23 12:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:52 - 2012-06-02 00:52 - 00002391 ____A C:\Users\Christy Kang\Documents\La Cha Ta Counts.wlmp
2012-06-02 00:43 - 2012-07-12 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 08:14 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 08:14 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 08:14 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 08:14 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 08:14 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 08:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 08:14 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 08:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 08:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 23:09 - 2012-05-31 23:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-31 02:01 - 2011-02-10 15:03 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-27 23:24 - 2012-05-27 23:24 - 00000000 __RAH C:\Windows\SysWOW64\Drivers\104D_Sony_VPCSB4AFX.mrk
2012-05-27 23:24 - 2012-05-27 23:24 - 00000000 __RAH C:\Windows\System32\Drivers\104D_Sony_VPCSB4AFX.mrk
2012-05-27 23:24 - 2011-07-14 19:02 - 00000074 ____H C:\splash.idx
2012-05-27 23:20 - 2012-05-27 23:20 - 00067088 ____A C:\Users\Christy Kang\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-27 23:20 - 2012-05-27 23:20 - 00000020 ___SH C:\Users\Christy Kang\ntuser.ini
2012-05-27 23:18 - 2012-05-27 23:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2012-05-27 23:15 - 2012-05-27 23:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2012-05-04 03:06 - 2012-06-13 12:48 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 12:48 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 12:48 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 12:48 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 12:47 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\L
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\L\00000004.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\L\1afb2d56
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\L\201d3dde
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\00000004.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\00000008.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\000000cb.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000000.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000032.@
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000064.@

ZeroAccess:
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328}
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328}\@
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328}\L
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4011.86 MB
Available physical RAM: 3411.37 MB
Total Pagefile: 4010.06 MB
Available Pagefile: 3404.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.78 GB) (Free:408.51 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:13.88 GB) (Free:1.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 451 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 01:34

======================= End Of Log ==========================

search.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-24 17:56:41
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 24 July 2012 - 08:22 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
HKU\Christy Kang\...\Run: [Apple] rundll32.exe "C:\Users\Christy Kang\AppData\Local\ArcSoft\Apple\injlcofe.dll",CreateInstance [690176 2012-07-22] (Microsoft Corporation)
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 09:09 PM

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-24 18:31:42 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\Christy Kang\Software\Microsoft\Windows\CurrentVersion\Run\\Apple Value deleted successfully.
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328} moved successfully.
C:\Users\Christy Kang\AppData\Local\{44593c15-50b0-7a27-4585-9b77e3ace328} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#9 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 09:42 PM

COMBOFIX LOG


ComboFix 12-07-25.04 - Christy Kang 07/24/2012 19:19:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.2242 [GMT -7:00]
Running from: c:\users\Christy Kang\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 01:52 . 2012-07-25 01:52 -------- d-----w- C:\FRST
2012-07-24 15:04 . 2012-07-24 15:04 -------- d-----w- c:\program files\Enigma Software Group
2012-07-24 15:04 . 2012-07-24 23:13 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-24 15:04 . 2012-07-24 15:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-24 09:10 . 2012-07-24 09:10 -------- d-----w- c:\users\Christy Kang\AppData\Local\Safe mirror
2012-07-24 09:09 . 2012-07-24 09:10 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-07-24 07:44 . 2012-07-24 07:44 -------- d-----w- c:\program files (x86)\ESET
2012-07-24 01:54 . 2012-07-24 01:54 -------- d-----w- c:\program files\CCleaner
2012-07-24 01:40 . 2012-07-24 04:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 02:32 . 2012-07-20 02:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 16:06 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B859D565-3510-4EFD-B44C-BE011E79450D}\mpengine.dll
2012-07-12 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 16:14 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:36 . 2012-06-07 01:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 11:36 . 2012-04-14 21:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-06-08 11:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-23 20:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 20:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 20:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 20:44 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 20:43 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-23 20:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 20:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 20:43 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-23 20:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 09:04 . 2012-05-28 09:04 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-28 07:21 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 11:06 . 2012-06-13 20:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 20:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 20:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 20:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 20:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 20:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 20:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 20:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" [2012-01-04 3208032]
"uTorrent"="c:\users\Christy Kang\Downloads\uTorrent.exe" [2012-06-14 1020816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-11 343168]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-07-12 1321296]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-10-30 54432]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1245800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-29 1255736]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS [2011-05-16 1083512]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_6e2\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [2011-05-23 165512]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120626.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [2011-05-16 189560]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [2011-05-09 396408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-28 204288]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-07-12 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-07-12 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2011-05-24 138760]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-08-26 260768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-07-13 82544]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-28 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-28 309760]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-07-06 52736]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-06 274944]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-07 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-10-28 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-28 12289472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-10-27 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-14 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-14 207872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-10-24 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-30 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-07-12 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-51044244.sys
SafeBoot-65453973.sys
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2012-07-24 19:35:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 02:35
.
Pre-Run: 438,483,333,120 bytes free
Post-Run: 438,600,581,120 bytes free
.
- - End Of File - - 62F11457F7BB1534C8EFBE1B55AFB6C9

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 24 July 2012 - 09:46 PM

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 24 July 2012 - 11:26 PM

MALWAREBYTES LOG

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christy Kang :: CHRISTY_KANG [administrator]

Protection: Enabled

7/24/2012 9:21:15 PM
mbam-log-2012-07-24 (21-21-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190772
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 July 2012 - 01:23 AM

ESETSCAN LOG

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000032.@ a variant of Win32/Sirefef.FD trojan

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 25 July 2012 - 10:11 AM

those files are already in quarantine, so they can't harm your computer (you can delete that C:\FRST folder at the end when we are done)

please do the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
NEXT


Please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 25 July 2012 - 03:02 PM

MINITOOL BOX RESULTS..... I haven't had any popups come out now.... So I don't see any problems so far.


MiniToolBox by Farbar Version: 23-07-2012
Ran by Christy Kang (administrator) on 25-07-2012 at 13:00:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X MUI (Version: 10.0.0)
Alps Pointing-device for VAIO
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Media Foundation Decoders (Version: 1.0.61011.0701)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.154)
ArcSoft WebCam Companion 4 (Version: 4.0.21.484)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Audition (Version: 1.00.0000)
Bing Bar (Version: 7.0.831.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1011.657.10569)
Catalyst Control Center Graphics Previews Common (Version: 2011.1011.657.10569)
Catalyst Control Center InstallProxy (Version: 2011.1011.657.10569)
Catalyst Control Center Localization All (Version: 2011.1011.657.10569)
Catalyst Control Center Profiles Mobile (Version: 2011.1011.657.10569)
ccc-utility64 (Version: 2011.1011.657.10569)
CCC Help Chinese Standard (Version: 2011.1011.0656.10569)
CCC Help Chinese Traditional (Version: 2011.1011.0656.10569)
CCC Help Czech (Version: 2011.1011.0656.10569)
CCC Help Danish (Version: 2011.1011.0656.10569)
CCC Help Dutch (Version: 2011.1011.0656.10569)
CCC Help English (Version: 2011.1011.0656.10569)
CCC Help Finnish (Version: 2011.1011.0656.10569)
CCC Help French (Version: 2011.1011.0656.10569)
CCC Help German (Version: 2011.1011.0656.10569)
CCC Help Greek (Version: 2011.1011.0656.10569)
CCC Help Hungarian (Version: 2011.1011.0656.10569)
CCC Help Italian (Version: 2011.1011.0656.10569)
CCC Help Japanese (Version: 2011.1011.0656.10569)
CCC Help Korean (Version: 2011.1011.0656.10569)
CCC Help Norwegian (Version: 2011.1011.0656.10569)
CCC Help Polish (Version: 2011.1011.0656.10569)
CCC Help Portuguese (Version: 2011.1011.0656.10569)
CCC Help Russian (Version: 2011.1011.0656.10569)
CCC Help Spanish (Version: 2011.1011.0656.10569)
CCC Help Swedish (Version: 2011.1011.0656.10569)
CCC Help Thai (Version: 2011.1011.0656.10569)
CCC Help Turkish (Version: 2011.1011.0656.10569)
CCleaner (Version: 3.20)
Cobian Backup 10
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Evernote v. 4.5 (Version: 4.5.0.5229)
FDUx86 (Version: 1.0.0)
Intel PROSet Wireless
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.1.0.0157)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.1.0581)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
Keyboard Shortcuts (Version: 1.1.0.08290)
KUx86 (Version: 1.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Media Gallery (Version: 1.5.4.09210)
Media Go (Version: 2.0.317)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Norton Internet Security (Version: 19.0.0.128)
Oasis2Service (Version: 1.0.1)
OOBE (Version: 12.1.1.2)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayStation®Network Downloader (Version: 2.07.00849)
PlayStation®Store (Version: 4.5.15.13232)
PMB (Version: 5.8.02.10270)
PMB VAIO Edition Plug-in (Version: 1.7.00.10100)
PX Profile Update (Version: 1.00.1.)
Quick Web Access (Version: 1.4.8.1)
Reader for PC (Version: 1.1.02.10070)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6225)
Realtek PCIE Card Reader (Version: 6.1.7601.82)
Remote Keyboard (Version: 1.2.0.09270)
Remote Play with PlayStation®3 (Version: 1.1.0.21090)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.16.0)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.9 (Version: 5.9.123)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
TrackID™ with BRAVIA (Version: 1.2.0.09270)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VAIO - Media Gallery (Version: 1.5.4.09210)
VAIO - PMB VAIO Edition Guide (Version: 1.7.00.10100)
VAIO - PMB VAIO Edition Plug-in (Version: 1.7.00.10100)
VAIO - Remote Keyboard (Version: 1.2.0.09270)
VAIO - Remote Keyboard with PlayStation®3 (Version: 1.2.0.09210)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.21090)
VAIO - TrackID™ with BRAVIA (Version: 1.2.0.09270)
VAIO Care (Version: 6.3.0.09020)
VAIO Care (Version: 7.2.0.10310)
VAIO Control Center (Version: 5.1.3.12120)
VAIO CPU Fan Diagnostic (Version: 1.1.0.09200)
VAIO Data Restore Tool (Version: 1.8.0.09210)
VAIO Easy Connect (Version: 1.1.1.12200)
VAIO Gate (Version: 2.4.1.09230)
VAIO Gate Default (Version: 2.5.1.09230)
VAIO Help and Support (Version: 16.00.1011)
VAIO Improvement (Version: 1.2.0.09270)
VAIO Manual (Version: 1.5.0.09200)
VAIO Messenger (Version: 2.0.424.0)
VAIO Sample Contents (Version: 1.4.0.09010)
VAIO Satisfaction Survey. (Version: 3.0)
VAIO Smart Network (Version: 3.10.0.09300)
VAIO Transfer Support (Version: 1.6.0.09220)
VAIO Update (Version: 5.6.0.10270)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VCCx64 (Version: 1.0.0)
VCCx86 (Version: 1.0.0)
VHD (Version: 1.0.0)
VIP Access (Version: 2.0.2.141)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VMLx86 (Version: 1.0.0)
VPMx64 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VSNx86 (Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (Version: 1.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

**** End of log ****

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 AM

Posted 25 July 2012 - 03:06 PM

We just have some housekeeping to do now, please do the following:


P2P - I see you have P2P software utorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Programs and Features.


NEXT


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT

You can delete the TDSSKiller, aswMBR, MiniToolBox and FRST logs and programs from your desktop. You can now delete the FRST folder from your C:\ drive


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users