Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 LawDogg

LawDogg

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 05 October 2012 - 01:45 PM

Hi!

Every time I use Google search the links redirect to unwanted websites. I am not sure what to do. My AVG antivirus protection is not detecting it. I can't get rid of this thing!

Thanks

LawDogg

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 05 October 2012 - 03:05 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 LawDogg

LawDogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 05 October 2012 - 04:11 PM

The results:

Olt:

OTL logfile created on: 10/5/2012 3:51:48 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 59.92% Memory free
7.34 Gb Paging File | 5.21 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.31 Gb Total Space | 398.89 Gb Free Space | 87.61% Space Free | Partition Type: NTFS

Computer Name: LAURA-VAIO | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 15:45:53 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/07 23:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/11/04 14:20:08 | 013,489,992 | ---- | M] (Tango Inc.) -- C:\Program Files (x86)\Tango\Tango.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2010/11/27 03:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 03:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/27 18:12:36 | 000,864,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/05/31 22:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 22:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 20:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 15:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 15:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/26 13:08:08 | 000,055,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/18 16:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 03:40:22 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/17 03:40:09 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/17 03:39:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:39:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/17 03:39:40 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/05/10 03:47:16 | 000,887,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bbede691e8386ac49379edad37eb7e3c\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2012/05/10 03:47:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\496033ebd93c3381e4ba09486bf23cc3\System.Xml.Linq.ni.dll
MOD - [2012/05/10 03:47:07 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\98bbe3c24de8dfbbfa6faa685fac7632\System.Data.Linq.ni.dll
MOD - [2012/05/10 03:45:18 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
MOD - [2012/05/10 03:44:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/05/10 03:43:59 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012/05/10 03:42:31 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\99bb6d93ce5daed24761530fa32ed5f4\System.AddIn.Contract.ni.dll
MOD - [2012/05/10 03:42:30 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\db477bc003958f524c72bc30040f0899\System.AddIn.ni.dll
MOD - [2012/05/10 03:42:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:42:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:42:03 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:42:03 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
MOD - [2012/05/10 03:42:02 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/10 03:41:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/10 03:41:18 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
MOD - [2012/05/10 03:41:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 03:41:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 03:41:11 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 03:41:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/10 04:32:56 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/09 05:31:38 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Tango\CrashRpt.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/14 04:58:40 | 011,159,040 | ---- | M] () -- C:\Program Files (x86)\Tango\QtWebKit4.dll
MOD - [2011/04/14 03:50:18 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Tango\QtMultimedia4.dll
MOD - [2011/04/14 03:49:56 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Tango\phonon4.dll
MOD - [2011/04/14 03:43:44 | 008,448,512 | ---- | M] () -- C:\Program Files (x86)\Tango\QtGui4.dll
MOD - [2011/04/14 03:36:08 | 000,859,648 | ---- | M] () -- C:\Program Files (x86)\Tango\QtNetwork4.dll
MOD - [2011/04/14 03:35:12 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Tango\QtCore4.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/25 20:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/10/25 20:12:24 | 000,549,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/21 21:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/06/09 18:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/06/08 20:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/06/07 18:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 18:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/06/07 01:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/05/31 21:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010/05/25 08:23:52 | 000,252,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/03/05 13:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 13:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 13:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/21 10:23:46 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2010/11/27 03:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/27 18:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/21 00:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/21 00:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 10:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/05/31 22:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 15:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/28 15:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/18 22:08:56 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/27 01:20:15 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/24 15:34:53 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/24 15:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 15:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 15:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/06/18 13:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/31 16:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/31 16:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/05/31 16:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/31 15:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/28 15:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/28 15:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/05/16 20:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/05/16 20:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 20:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/26 15:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:56:05 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:56:05 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120111.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/08 12:01:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120111.033\EX64.SYS -- (NAVEX15)
DRV - [2011/08/08 12:01:56 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120111.033\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sony.msn.com/"
FF - prefs.js..extensions.enabledAddons: oyikkydxih@oyikkydxih.org:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Laura\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/10/13 03:32:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 12:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/28 09:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/01 17:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/21 22:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions
[2012/05/02 09:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\extensions
[2012/04/01 11:23:51 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\extensions\oyikkydxih@oyikkydxih.org.xpi
[2012/05/01 12:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/12 23:06:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/01 12:40:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/08/28 09:21:04 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/09/10 12:12:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/03/01 17:38:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/01 17:38:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/01 17:38:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/29 13:15:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Tango] C:\Program Files (x86)\Tango\Tango.exe (Tango Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.70.11 156.154.71.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C68CD09A-0B16-4F59-84EF-62E5D37A2BC1}: DhcpNameServer = 156.154.70.11 156.154.71.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 12:11:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/23 13:16:23 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 13:16:15 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/09/23 13:16:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 13:16:15 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/09/23 13:16:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 13:16:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 13:16:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 13:16:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/09/23 13:16:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/09/23 13:16:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 13:16:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 13:16:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/09/23 13:16:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/09/23 13:16:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/09/23 13:16:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/09/19 21:17:33 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Microsoft_Corporation
[2012/09/12 09:30:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/10 12:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2012/10/05 15:39:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 15:38:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 15:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 09:22:49 | 096,691,837 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/10/04 23:21:23 | 000,403,416 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/04 17:45:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 12:09:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 12:09:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 12:06:09 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/03 12:06:09 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/03 12:06:09 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/03 12:00:53 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 09:45:58 | 000,000,023 | ---- | M] () -- C:\test.xml
[2012/09/21 10:23:46 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 10:23:46 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/17 13:09:49 | 000,010,898 | ---- | M] () -- C:\Users\Laura\Desktop\atropine.c3xml
[2012/09/17 11:20:21 | 000,006,195 | ---- | M] () -- C:\Users\Laura\Desktop\guanbenz.c3xml
[2012/09/10 12:12:34 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

========== Files Created - No Company Name ==========

[2012/09/17 13:09:49 | 000,010,898 | ---- | C] () -- C:\Users\Laura\Desktop\atropine.c3xml
[2012/09/17 11:20:21 | 000,006,195 | ---- | C] () -- C:\Users\Laura\Desktop\guanbenz.c3xml
[2012/01/29 13:08:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/29 13:08:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/29 13:08:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/29 13:08:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 13:08:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/10 17:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/10 13:50:27 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/10 13:50:27 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/10 13:50:27 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/10 13:50:26 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/10 13:50:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/10 13:50:19 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2011/01/10 13:50:19 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< netscvs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

And extras:

OTL Extras logfile created on: 10/5/2012 3:51:48 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 59.92% Memory free
7.34 Gb Paging File | 5.21 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.31 Gb Total Space | 398.89 Gb Free Space | 87.61% Space Free | Partition Type: NTFS

Computer Name: LAURA-VAIO | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E62CB8-E2EF-452F-B409-EC25EC729FC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9A2AD4-EEF2-429E-8874-44588C6E63BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D625CD2-B117-4477-A156-6E77D179E87C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{306457E0-A4C3-4AAE-8A1E-BAAEB5D8A793}" = lport=445 | protocol=6 | dir=in | app=system |
"{31DBF890-1012-4CAC-9F3A-3C7BB1CF0AD2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35070238-47B7-46DA-9528-02B4B87B298D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41F03C84-00AE-4F8B-8237-6DA8FB41EA86}" = rport=445 | protocol=6 | dir=out | app=system |
"{53DC3566-3809-4DC1-A3B0-B4AA98359126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5AA9B198-8B5B-40C1-B517-6BDCCD395676}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{653BA0B1-F207-4BBD-8EDA-20B45B3ACF73}" = rport=139 | protocol=6 | dir=out | app=system |
"{6E131A6B-012E-4D22-90CC-BAB69B333CD8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7AE35421-ED6D-4BEA-BA08-C16557DBC41F}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A3EA40A-E125-428D-94BF-54AD2B6DB6E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{91746C68-985D-4E04-816D-AD16C6EDDE4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{963EFE57-2307-4494-B913-AAB17DF09DB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{989F4704-20DA-4736-B984-8A00677BC993}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DD38745-10F3-4A96-8084-3A6E761918DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB0AA046-CEA9-425D-AF20-94A13D64EFF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0EAC985-BF0D-4DA0-8344-D91B9796CADC}" = lport=138 | protocol=17 | dir=in | app=system |
"{D906051A-9FEC-473F-B1B0-56B0F3F70F32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB1BC2F6-82D3-4DA9-94CE-4C0928A42E96}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EFF946F0-9298-4790-8E7C-FD22CEC15E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F20A9259-9A2D-4D30-8CBD-3834202A4DEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F613F7EF-7C19-45DE-A7BF-070507E2CF09}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FBE74C77-C205-47D0-A60D-E9117EC7125C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBFB3DA3-967D-4B52-9E1A-5D571443C682}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0049A343-6F93-4216-AF42-F1FFFF20EA1D}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{02D69754-5507-41EE-866B-3B9D3DA8CB82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CE10BF3-F3C2-4F4C-A1D9-C4AF734B7F55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{126619B4-4FD9-46D0-9466-961061E3C0A8}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{1A4B06ED-D60E-400A-9932-5DAFB32D4735}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A6347E1-5559-4166-95BC-F5DAA9C910B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FCE7E83-056F-4BB5-9858-D288496FA9E6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{291BDE9B-7C5A-4F19-B371-EA32647CE8C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B7D8233-FF6F-4BB2-A699-F36C948AFECD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2C57E655-C827-4E53-B3FC-706883B90A51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F589DB1-13FE-4D3A-9B2F-534DF267FEDE}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{310D9574-5B02-4B15-AEB3-775B4CC3DD09}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{36314BEE-4913-4472-8774-138B4EF436FB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{36E4F4C9-96D6-4005-B7CF-75E017E19166}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38B5BE11-4B11-4EE1-8DB3-DB727569E819}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{406B199B-F94F-4AE4-A60D-38A52FA0F545}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{41CE6AC7-709E-448A-990F-879CF3CE0E06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44CB9024-6640-46E1-A604-4B6BDE631B0E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48F860CC-6BE5-48FC-8E14-E2F83DD169CD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{4D137559-FA48-4913-BDA7-E4645C1F9DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EF0D813-514D-43D3-8A46-DB02D4D14DD2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{507A5741-0725-4D7A-9742-ABF80DB3BC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{511E51B6-FF4D-4D9E-A507-2A15A64C678B}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{535844B6-D33C-4F15-A9F5-3EE06C492DCA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5527874B-1BB3-402D-9A17-9495EB911D57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{665ADF24-0D5B-412D-BB9D-EBBFBEB25498}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{68863E07-734C-46E1-A9FE-65BDD8E86F98}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{68C1A0FA-5BA4-497B-B4D8-5F695DA904D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{69319E43-6186-4649-8F7F-83677565A168}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6E56EFD9-195C-4997-BC9B-0FF32B91D2AA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{70161FDC-4DBB-4EFD-87B5-1CF692B24926}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73A2DAE3-67ED-47AE-B5E3-A0AFA9830810}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{7DEBE94E-DB9E-4867-BB50-3523E238714B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83F1CFF4-2381-49BF-AFF3-0C38DF9FE2D6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{9183C8B6-B9A7-48F6-9BE1-52472FA2BB48}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{99682BA3-F7BC-461C-9E35-EF191F33C3AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4B60346-4336-411A-A593-A4EBF910D48C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A58BC775-9ADB-40B3-BADC-D1AEF0E6C104}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCBCB37-04F7-47CB-80F9-5FEEDF96BBF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BC7397AB-0D42-4295-9030-86F56EDEA9A5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C20EA4B3-746B-4D49-8109-9F48858C648D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C7001B21-D139-450A-AAF2-4C1C7C458BCE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{CC6F8DB0-C4DA-4363-922A-E009302A8387}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF12E9B8-303E-4ACD-88AB-F8BEEC230323}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D02F4F12-7ADB-42D5-B41E-6CA9B1DB07CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA13C3AD-A262-470C-8BF0-977758F2BD50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAA276C4-0348-428E-989D-FB7D75A04C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{DF085D2B-8177-40FB-A32D-4424A461760C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E034CD3B-EF35-46AB-9110-2C382E709E73}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{E047D7B8-8A52-46B9-B215-3E570005F041}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{E3C63F58-A57C-44A8-87EA-13E81046C2CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E8571655-E736-417B-91D9-A0D9744A0094}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{E91AC919-2848-4544-9C56-DC7DFCC9A84E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE3FBD8E-563A-4245-9EF1-58018605E57E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{F26CD4EC-8823-44AD-9599-CCB5AEA3A679}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3E96839-7232-4002-AC8D-9AC7B1C952AF}" = protocol=6 | dir=out | app=system |
"{FB5CADB6-284B-4A2C-9E17-7748C9EDE801}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0BF8F6BB-9F85-4384-A26A-C53E2895AF1A}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{0EDFFA7B-3B36-40AE-A508-1378611B4BD9}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{11253BBC-6EF4-4A61-A776-2B6DD5AB3F96}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{37A26ED5-9BCF-4569-BF60-7A4BA7F23ECD}C:\program files (x86)\tango\tango.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"TCP Query User{4650B912-5EDF-4DB5-9772-07AA42E692D1}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{06EAD43F-C9FE-4A0E-BD85-8523996FF4F0}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{2287BEA3-AAF3-4C1B-AF6C-FE5F4679A48D}C:\program files (x86)\tango\tango.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"UDP Query User{4FDDBB08-7ADD-4FE6-846B-1EE4DE8EF63B}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{ACE7F1EE-2E43-4EE8-A4C7-6F53C0392840}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{CB9D6591-6118-4367-8E21-A9044F280B43}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel® PROSet/Wireless WiFi Software
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D0F662B-EBEA-4075-819E-74798AD42CDE}" = VAIO Care
"{0F952661-0BFE-4D92-A50C-A8DD13DCEDFA}" = Media Gallery
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{76F52BDB-C3A6-46B6-ADD1-9638E40F9AB9}" = VAIO Wireless Wizard
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97E0EB8D-8A24-47F9-9BFA-C45D65195957}" = Media Gallery
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}" = VAIO Help and Support
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8548B93-DE2D-4A98-874C-BDC9BFE7E4FF}" = Media Gallery
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Application Manager for VAIO" = Application Manager for VAIO
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP Photo Creations" = HP Photo Creations
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NAV" = Norton AntiVirus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"splashtop" = VAIO Quick Web Access
"VAIO Messenger" = VAIO Messenger
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Tango" = Tango
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2012 10:43:49 AM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8267663

Error - 5/11/2012 12:37:34 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2012 12:37:34 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 5/11/2012 12:37:34 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 5/11/2012 12:37:35 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2012 12:37:35 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2106

Error - 5/11/2012 12:37:35 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2106

Error - 5/11/2012 2:41:30 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2012 2:41:30 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7437941

Error - 5/11/2012 2:41:30 PM | Computer Name = Laura-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7437941

[ System Events ]
Error - 4/24/2012 2:22:42 PM | Computer Name = Laura-VAIO | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/4/2012 10:53:17 AM | Computer Name = Laura-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:58:26 AM on ?5/?3/?2012 was unexpected.

Error - 5/22/2012 4:00:59 AM | Computer Name = Laura-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SampleCollector service.

Error - 5/22/2012 5:47:38 PM | Computer Name = Laura-VAIO | Source = DCOM | ID = 10010
Description =

Error - 5/26/2012 11:28:39 PM | Computer Name = Laura-VAIO | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/26/2012 11:29:09 PM | Computer Name = Laura-VAIO | Source = DCOM | ID = 10010
Description =

Error - 6/12/2012 9:37:46 PM | Computer Name = Laura-VAIO | Source = DCOM | ID = 10010
Description =

Error - 6/17/2012 4:17:58 AM | Computer Name = Laura-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368).

Error - 7/7/2012 2:45:36 AM | Computer Name = Laura-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SampleCollector service.

Error - 7/16/2012 12:13:52 PM | Computer Name = Laura-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:10:48 AM on ?7/?16/?2012 was unexpected.


< End of report >

And aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 16:04:59
-----------------------------
16:04:59.681 OS Version: Windows x64 6.1.7600
16:04:59.681 Number of processors: 4 586 0x2505
16:04:59.697 ComputerName: LAURA-VAIO UserName: Laura
16:05:01.834 Initialize success
16:05:10.871 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:10.887 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:05:10.902 Disk 0 MBR read successfully
16:05:10.902 Disk 0 MBR scan
16:05:10.902 Disk 0 Windows 7 default MBR code
16:05:10.918 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10596 MB offset 2048
16:05:10.933 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21702656
16:05:10.949 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466242 MB offset 21907456
16:05:10.965 Disk 0 scanning C:\Windows\system32\drivers
16:05:18.656 Service scanning
16:06:13.443 Modules scanning
16:06:13.458 Disk 0 trace - called modules:
16:06:13.474 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:06:13.474 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800636b790]
16:06:14.004 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa8003573e40]
16:06:14.004 5 ACPI.sys[fffff88000f40781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004332050]
16:06:14.020 Scan finished successfully
16:09:44.187 Disk 0 MBR has been saved successfully to "C:\Users\Laura\Downloads\MBR.dat"
16:09:44.406 The log file has been saved successfully to "C:\Users\Laura\Downloads\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 05 October 2012 - 11:55 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 LawDogg

LawDogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 06 October 2012 - 09:59 AM

tssdkiller:

08:47:20.0928 9232 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:47:21.0412 9232 ============================================================
08:47:21.0412 9232 Current date / time: 2012/10/06 08:47:21.0412
08:47:21.0412 9232 SystemInfo:
08:47:21.0412 9232
08:47:21.0412 9232 OS Version: 6.1.7600 ServicePack: 0.0
08:47:21.0412 9232 Product type: Workstation
08:47:21.0412 9232 ComputerName: LAURA-VAIO
08:47:21.0412 9232 UserName: Laura
08:47:21.0412 9232 Windows directory: C:\Windows
08:47:21.0412 9232 System windows directory: C:\Windows
08:47:21.0412 9232 Running under WOW64
08:47:21.0412 9232 Processor architecture: Intel x64
08:47:21.0412 9232 Number of processors: 4
08:47:21.0412 9232 Page size: 0x1000
08:47:21.0412 9232 Boot type: Normal boot
08:47:21.0412 9232 ============================================================
08:47:22.0036 9232 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:47:22.0036 9232 ============================================================
08:47:22.0036 9232 \Device\Harddisk0\DR0:
08:47:22.0036 9232 MBR partitions:
08:47:22.0036 9232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14B2800, BlocksNum 0x32000
08:47:22.0036 9232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14E4800, BlocksNum 0x38EA1030
08:47:22.0036 9232 ============================================================
08:47:22.0067 9232 C: <-> \Device\Harddisk0\DR0\Partition2
08:47:22.0067 9232 ============================================================
08:47:22.0067 9232 Initialize success
08:47:22.0067 9232 ============================================================
08:48:15.0731 6564 ============================================================
08:48:15.0731 6564 Scan started
08:48:15.0731 6564 Mode: Manual; TDLFS;
08:48:15.0731 6564 ============================================================
08:48:16.0074 6564 ================ Scan system memory ========================
08:48:16.0074 6564 System memory - ok
08:48:16.0074 6564 ================ Scan services =============================
08:48:16.0308 6564 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:48:16.0308 6564 1394ohci - ok
08:48:16.0386 6564 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:48:16.0402 6564 ACDaemon - ok
08:48:16.0449 6564 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:48:16.0449 6564 ACPI - ok
08:48:16.0480 6564 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:48:16.0480 6564 AcpiPmi - ok
08:48:16.0667 6564 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:48:16.0683 6564 AdobeFlashPlayerUpdateSvc - ok
08:48:16.0745 6564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:48:16.0761 6564 adp94xx - ok
08:48:16.0823 6564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:48:16.0823 6564 adpahci - ok
08:48:16.0854 6564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:48:16.0870 6564 adpu320 - ok
08:48:16.0885 6564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:48:16.0885 6564 AeLookupSvc - ok
08:48:16.0932 6564 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
08:48:16.0948 6564 AFD - ok
08:48:16.0995 6564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:48:16.0995 6564 agp440 - ok
08:48:17.0026 6564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:48:17.0041 6564 ALG - ok
08:48:17.0088 6564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:48:17.0088 6564 aliide - ok
08:48:17.0104 6564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:48:17.0119 6564 amdide - ok
08:48:17.0151 6564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:48:17.0151 6564 AmdK8 - ok
08:48:17.0166 6564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:48:17.0166 6564 AmdPPM - ok
08:48:17.0229 6564 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:48:17.0229 6564 amdsata - ok
08:48:17.0275 6564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:48:17.0275 6564 amdsbs - ok
08:48:17.0307 6564 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:48:17.0307 6564 amdxata - ok
08:48:17.0353 6564 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
08:48:17.0353 6564 ApfiltrService - ok
08:48:17.0385 6564 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
08:48:17.0385 6564 AppID - ok
08:48:17.0431 6564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:48:17.0431 6564 AppIDSvc - ok
08:48:17.0790 6564 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
08:48:17.0790 6564 Appinfo - ok
08:48:17.0853 6564 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:48:17.0868 6564 Apple Mobile Device - ok
08:48:17.0946 6564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:48:17.0962 6564 arc - ok
08:48:17.0993 6564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:48:17.0993 6564 arcsas - ok
08:48:18.0040 6564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:48:18.0040 6564 AsyncMac - ok
08:48:18.0071 6564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:48:18.0071 6564 atapi - ok
08:48:18.0149 6564 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys
08:48:18.0196 6564 athr - ok
08:48:18.0383 6564 [ EAEA2CE49DE0CCA80BEB9134107E5DD7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:48:18.0523 6564 atikmdag - ok
08:48:18.0570 6564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:48:18.0586 6564 AudioEndpointBuilder - ok
08:48:18.0601 6564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:48:18.0617 6564 AudioSrv - ok
08:48:18.0804 6564 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
08:48:18.0929 6564 AVGIDSAgent - ok
08:48:18.0976 6564 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:48:18.0976 6564 AVGIDSDriver - ok
08:48:19.0023 6564 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:48:19.0023 6564 AVGIDSFilter - ok
08:48:19.0054 6564 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:48:19.0054 6564 AVGIDSHA - ok
08:48:19.0101 6564 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:48:19.0116 6564 Avgldx64 - ok
08:48:19.0147 6564 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:48:19.0147 6564 Avgmfx64 - ok
08:48:19.0194 6564 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:48:19.0194 6564 Avgrkx64 - ok
08:48:19.0225 6564 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:48:19.0225 6564 Avgtdia - ok
08:48:19.0257 6564 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
08:48:19.0257 6564 avgwd - ok
08:48:19.0303 6564 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:48:19.0319 6564 AxInstSV - ok
08:48:19.0366 6564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:48:19.0381 6564 b06bdrv - ok
08:48:19.0428 6564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:48:19.0428 6564 b57nd60a - ok
08:48:19.0553 6564 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
08:48:19.0569 6564 BBSvc - ok
08:48:19.0584 6564 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
08:48:19.0584 6564 BBUpdate - ok
08:48:19.0615 6564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:48:19.0615 6564 BDESVC - ok
08:48:19.0662 6564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:48:19.0662 6564 Beep - ok
08:48:19.0693 6564 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
08:48:19.0709 6564 BFE - ok
08:48:19.0912 6564 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
08:48:19.0943 6564 BHDrvx64 - ok
08:48:19.0990 6564 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
08:48:20.0005 6564 BITS - ok
08:48:20.0052 6564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:48:20.0052 6564 blbdrive - ok
08:48:20.0130 6564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:48:20.0146 6564 Bonjour Service - ok
08:48:20.0177 6564 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:48:20.0193 6564 bowser - ok
08:48:20.0224 6564 [ F46DD257FAD7D2D097EF32E72220A06C ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
08:48:20.0239 6564 bpenum - ok
08:48:20.0271 6564 [ E82060AED0F28ED8909F2B07FA276185 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
08:48:20.0271 6564 bpmp - ok
08:48:20.0286 6564 [ FC6313A5A45C1AE53D0491F0057D5A4D ] bpusb C:\Windows\system32\Drivers\bpusb.sys
08:48:20.0286 6564 bpusb - ok
08:48:20.0333 6564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:48:20.0333 6564 BrFiltLo - ok
08:48:20.0349 6564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:48:20.0349 6564 BrFiltUp - ok
08:48:20.0380 6564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:48:20.0380 6564 BridgeMP - ok
08:48:20.0442 6564 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
08:48:20.0442 6564 Browser - ok
08:48:20.0473 6564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:48:20.0473 6564 Brserid - ok
08:48:20.0489 6564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:48:20.0489 6564 BrSerWdm - ok
08:48:20.0536 6564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:48:20.0536 6564 BrUsbMdm - ok
08:48:20.0551 6564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:48:20.0551 6564 BrUsbSer - ok
08:48:20.0614 6564 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:48:20.0614 6564 BthEnum - ok
08:48:20.0629 6564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:48:20.0629 6564 BTHMODEM - ok
08:48:20.0661 6564 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:48:20.0661 6564 BthPan - ok
08:48:20.0707 6564 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:48:20.0723 6564 BTHPORT - ok
08:48:20.0754 6564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:48:20.0754 6564 bthserv - ok
08:48:20.0801 6564 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:48:20.0801 6564 BTHUSB - ok
08:48:20.0817 6564 catchme - ok
08:48:20.0863 6564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:48:20.0863 6564 cdfs - ok
08:48:20.0895 6564 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:48:20.0895 6564 cdrom - ok
08:48:20.0941 6564 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
08:48:20.0941 6564 CertPropSvc - ok
08:48:20.0973 6564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:48:20.0973 6564 circlass - ok
08:48:21.0004 6564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:48:21.0004 6564 CLFS - ok
08:48:21.0097 6564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:48:21.0097 6564 clr_optimization_v2.0.50727_32 - ok
08:48:21.0129 6564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:48:21.0144 6564 clr_optimization_v2.0.50727_64 - ok
08:48:21.0238 6564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:48:21.0238 6564 clr_optimization_v4.0.30319_32 - ok
08:48:21.0285 6564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:48:21.0285 6564 clr_optimization_v4.0.30319_64 - ok
08:48:21.0331 6564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:48:21.0331 6564 CmBatt - ok
08:48:21.0347 6564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:48:21.0347 6564 cmdide - ok
08:48:21.0394 6564 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
08:48:21.0394 6564 CNG - ok
08:48:21.0441 6564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:48:21.0441 6564 Compbatt - ok
08:48:21.0472 6564 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:48:21.0472 6564 CompositeBus - ok
08:48:21.0487 6564 COMSysApp - ok
08:48:21.0519 6564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:48:21.0519 6564 crcdisk - ok
08:48:21.0581 6564 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:48:21.0581 6564 CryptSvc - ok
08:48:21.0628 6564 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:48:21.0643 6564 DcomLaunch - ok
08:48:21.0690 6564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:48:21.0690 6564 defragsvc - ok
08:48:21.0737 6564 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:48:21.0737 6564 DfsC - ok
08:48:21.0768 6564 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
08:48:21.0768 6564 Dhcp - ok
08:48:21.0799 6564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:48:21.0815 6564 discache - ok
08:48:21.0846 6564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:48:21.0862 6564 Disk - ok
08:48:21.0955 6564 [ 61458C120CDDFE7514E2DB125568CA59 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
08:48:21.0987 6564 DMAgent - ok
08:48:22.0018 6564 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:48:22.0033 6564 Dnscache - ok
08:48:22.0065 6564 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
08:48:22.0065 6564 dot3svc - ok
08:48:22.0080 6564 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
08:48:22.0096 6564 DPS - ok
08:48:22.0127 6564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:48:22.0127 6564 drmkaud - ok
08:48:22.0174 6564 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:48:22.0205 6564 DXGKrnl - ok
08:48:22.0221 6564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:48:22.0236 6564 EapHost - ok
08:48:22.0330 6564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:48:22.0408 6564 ebdrv - ok
08:48:22.0486 6564 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:48:22.0501 6564 eeCtrl - ok
08:48:22.0548 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
08:48:22.0548 6564 EFS - ok
08:48:22.0611 6564 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:48:22.0626 6564 ehRecvr - ok
08:48:22.0642 6564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:48:22.0657 6564 ehSched - ok
08:48:22.0704 6564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:48:22.0720 6564 elxstor - ok
08:48:22.0782 6564 [ 7A898E4A744621711BE7E7B796C69876 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:48:22.0782 6564 EraserUtilRebootDrv - ok
08:48:22.0813 6564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:48:22.0813 6564 ErrDev - ok
08:48:22.0860 6564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:48:22.0876 6564 EventSystem - ok
08:48:22.0985 6564 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:48:23.0032 6564 EvtEng - ok
08:48:23.0047 6564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:48:23.0063 6564 exfat - ok
08:48:23.0079 6564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:48:23.0094 6564 fastfat - ok
08:48:23.0141 6564 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
08:48:23.0157 6564 Fax - ok
08:48:23.0188 6564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:48:23.0188 6564 fdc - ok
08:48:23.0203 6564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:48:23.0203 6564 fdPHost - ok
08:48:23.0219 6564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:48:23.0219 6564 FDResPub - ok
08:48:23.0235 6564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:48:23.0235 6564 FileInfo - ok
08:48:23.0250 6564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:48:23.0250 6564 Filetrace - ok
08:48:23.0281 6564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:48:23.0297 6564 flpydisk - ok
08:48:23.0313 6564 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:48:23.0328 6564 FltMgr - ok
08:48:23.0375 6564 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
08:48:23.0406 6564 FontCache - ok
08:48:23.0453 6564 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:48:23.0453 6564 FontCache3.0.0.0 - ok
08:48:23.0469 6564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:48:23.0469 6564 FsDepends - ok
08:48:23.0515 6564 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:48:23.0515 6564 fssfltr - ok
08:48:23.0593 6564 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:48:23.0640 6564 fsssvc - ok
08:48:23.0687 6564 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:48:23.0703 6564 Fs_Rec - ok
08:48:23.0734 6564 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:48:23.0734 6564 fvevol - ok
08:48:23.0765 6564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:48:23.0765 6564 gagp30kx - ok
08:48:23.0796 6564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:48:23.0796 6564 GEARAspiWDM - ok
08:48:23.0859 6564 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
08:48:23.0874 6564 gpsvc - ok
08:48:23.0983 6564 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:48:23.0983 6564 gupdate - ok
08:48:24.0015 6564 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:48:24.0015 6564 gupdatem - ok
08:48:24.0061 6564 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:48:24.0061 6564 gusvc - ok
08:48:24.0108 6564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:48:24.0108 6564 hcw85cir - ok
08:48:24.0139 6564 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:48:24.0155 6564 HdAudAddService - ok
08:48:24.0171 6564 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:48:24.0171 6564 HDAudBus - ok
08:48:24.0202 6564 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
08:48:24.0202 6564 HECIx64 - ok
08:48:24.0233 6564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:48:24.0233 6564 HidBatt - ok
08:48:24.0264 6564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:48:24.0264 6564 HidBth - ok
08:48:24.0295 6564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:48:24.0311 6564 HidIr - ok
08:48:24.0327 6564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:48:24.0327 6564 hidserv - ok
08:48:24.0373 6564 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:48:24.0373 6564 HidUsb - ok
08:48:24.0389 6564 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:48:24.0389 6564 hkmsvc - ok
08:48:24.0420 6564 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:48:24.0420 6564 HomeGroupListener - ok
08:48:24.0467 6564 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:48:24.0467 6564 HomeGroupProvider - ok
08:48:24.0514 6564 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:48:24.0514 6564 HpSAMD - ok
08:48:24.0561 6564 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:48:24.0561 6564 HTTP - ok
08:48:24.0576 6564 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:48:24.0576 6564 hwpolicy - ok
08:48:24.0607 6564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:48:24.0607 6564 i8042prt - ok
08:48:24.0670 6564 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\drivers\iaStor.sys
08:48:24.0670 6564 iaStor - ok
08:48:24.0748 6564 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:48:24.0748 6564 IAStorDataMgrSvc - ok
08:48:24.0795 6564 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:48:24.0810 6564 iaStorV - ok
08:48:24.0873 6564 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:48:24.0904 6564 idsvc - ok
08:48:25.0044 6564 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120111.003\IDSvia64.sys
08:48:25.0044 6564 IDSVia64 - ok
08:48:25.0278 6564 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:48:25.0481 6564 igfx - ok
08:48:25.0512 6564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:48:25.0512 6564 iirsp - ok
08:48:25.0559 6564 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
08:48:25.0606 6564 IKEEXT - ok
08:48:25.0637 6564 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
08:48:25.0637 6564 Impcd - ok
08:48:25.0746 6564 [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:48:25.0824 6564 IntcAzAudAddService - ok
08:48:25.0855 6564 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:48:25.0855 6564 IntcDAud - ok
08:48:25.0887 6564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:48:25.0887 6564 intelide - ok
08:48:25.0933 6564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:48:25.0933 6564 intelppm - ok
08:48:25.0965 6564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:48:25.0965 6564 IPBusEnum - ok
08:48:25.0996 6564 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:48:25.0996 6564 IpFilterDriver - ok
08:48:26.0027 6564 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:48:26.0043 6564 iphlpsvc - ok
08:48:26.0058 6564 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:48:26.0058 6564 IPMIDRV - ok
08:48:26.0074 6564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:48:26.0074 6564 IPNAT - ok
08:48:26.0152 6564 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:48:26.0183 6564 iPod Service - ok
08:48:26.0214 6564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:48:26.0214 6564 IRENUM - ok
08:48:26.0245 6564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:48:26.0245 6564 isapnp - ok
08:48:26.0277 6564 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:48:26.0277 6564 iScsiPrt - ok
08:48:26.0308 6564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:48:26.0308 6564 kbdclass - ok
08:48:26.0355 6564 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:48:26.0355 6564 kbdhid - ok
08:48:26.0370 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
08:48:26.0370 6564 KeyIso - ok
08:48:26.0417 6564 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:48:26.0417 6564 KSecDD - ok
08:48:26.0464 6564 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:48:26.0464 6564 KSecPkg - ok
08:48:26.0542 6564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:48:26.0542 6564 ksthunk - ok
08:48:26.0635 6564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:48:26.0635 6564 KtmRm - ok
08:48:26.0760 6564 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:48:26.0760 6564 LanmanServer - ok
08:48:26.0838 6564 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:48:26.0838 6564 LanmanWorkstation - ok
08:48:26.0916 6564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:48:26.0916 6564 lltdio - ok
08:48:26.0947 6564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:48:26.0963 6564 lltdsvc - ok
08:48:27.0010 6564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:48:27.0010 6564 lmhosts - ok
08:48:27.0259 6564 [ 3D23191672D83E90D1CF63927EE98136 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:48:27.0259 6564 LMS - ok
08:48:27.0291 6564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:48:27.0306 6564 LSI_FC - ok
08:48:27.0369 6564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:48:27.0384 6564 LSI_SAS - ok
08:48:27.0447 6564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:48:27.0447 6564 LSI_SAS2 - ok
08:48:27.0509 6564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:48:27.0509 6564 LSI_SCSI - ok
08:48:27.0556 6564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:48:27.0556 6564 luafv - ok
08:48:27.0665 6564 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:48:27.0665 6564 Mcx2Svc - ok
08:48:27.0712 6564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:48:27.0712 6564 megasas - ok
08:48:27.0774 6564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:48:27.0774 6564 MegaSR - ok
08:48:27.0821 6564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:48:27.0821 6564 MMCSS - ok
08:48:27.0852 6564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:48:27.0852 6564 Modem - ok
08:48:27.0883 6564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:48:27.0883 6564 monitor - ok
08:48:27.0899 6564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:48:27.0899 6564 mouclass - ok
08:48:27.0946 6564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:48:27.0946 6564 mouhid - ok
08:48:27.0961 6564 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:48:27.0961 6564 mountmgr - ok
08:48:27.0977 6564 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys
08:48:27.0993 6564 mpio - ok
08:48:28.0008 6564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:48:28.0008 6564 mpsdrv - ok
08:48:28.0039 6564 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:48:28.0086 6564 MpsSvc - ok
08:48:28.0102 6564 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:48:28.0102 6564 MRxDAV - ok
08:48:28.0149 6564 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:48:28.0149 6564 mrxsmb - ok
08:48:28.0195 6564 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:48:28.0211 6564 mrxsmb10 - ok
08:48:28.0227 6564 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:48:28.0227 6564 mrxsmb20 - ok
08:48:28.0258 6564 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys
08:48:28.0258 6564 msahci - ok
08:48:28.0273 6564 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:48:28.0273 6564 msdsm - ok
08:48:28.0289 6564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:48:28.0305 6564 MSDTC - ok
08:48:28.0320 6564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:48:28.0320 6564 Msfs - ok
08:48:28.0351 6564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:48:28.0351 6564 mshidkmdf - ok
08:48:28.0383 6564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:48:28.0398 6564 msisadrv - ok
08:48:28.0429 6564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:48:28.0429 6564 MSiSCSI - ok
08:48:28.0445 6564 msiserver - ok
08:48:28.0492 6564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:48:28.0492 6564 MSKSSRV - ok
08:48:28.0507 6564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:48:28.0507 6564 MSPCLOCK - ok
08:48:28.0523 6564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:48:28.0523 6564 MSPQM - ok
08:48:28.0539 6564 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:48:28.0554 6564 MsRPC - ok
08:48:28.0570 6564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:48:28.0570 6564 mssmbios - ok
08:48:28.0601 6564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:48:28.0601 6564 MSTEE - ok
08:48:28.0632 6564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:48:28.0632 6564 MTConfig - ok
08:48:28.0648 6564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:48:28.0648 6564 Mup - ok
08:48:28.0679 6564 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:48:28.0695 6564 MyWiFiDHCPDNS - ok
08:48:28.0741 6564 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
08:48:28.0757 6564 napagent - ok
08:48:28.0819 6564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:48:28.0819 6564 NativeWifiP - ok
08:48:28.0929 6564 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
08:48:28.0929 6564 NAV - ok
08:48:28.0991 6564 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120111.033\ENG64.SYS
08:48:28.0991 6564 NAVENG - ok
08:48:29.0069 6564 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120111.033\EX64.SYS
08:48:29.0131 6564 NAVEX15 - ok
08:48:29.0194 6564 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:48:29.0209 6564 NDIS - ok
08:48:29.0225 6564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:48:29.0241 6564 NdisCap - ok
08:48:29.0272 6564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:48:29.0272 6564 NdisTapi - ok
08:48:29.0287 6564 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:48:29.0303 6564 Ndisuio - ok
08:48:29.0319 6564 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:48:29.0319 6564 NdisWan - ok
08:48:29.0334 6564 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:48:29.0334 6564 NDProxy - ok
08:48:29.0350 6564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:48:29.0350 6564 NetBIOS - ok
08:48:29.0365 6564 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:48:29.0381 6564 NetBT - ok
08:48:29.0381 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
08:48:29.0397 6564 Netlogon - ok
08:48:29.0428 6564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:48:29.0443 6564 Netman - ok
08:48:29.0459 6564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:48:29.0459 6564 netprofm - ok
08:48:29.0490 6564 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:48:29.0506 6564 NetTcpPortSharing - ok
08:48:29.0709 6564 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
08:48:29.0880 6564 NETw5s64 - ok
08:48:29.0927 6564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:48:29.0927 6564 nfrd960 - ok
08:48:29.0958 6564 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:48:29.0958 6564 NlaSvc - ok
08:48:29.0989 6564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:48:29.0989 6564 Npfs - ok
08:48:30.0021 6564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:48:30.0021 6564 nsi - ok
08:48:30.0036 6564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:48:30.0036 6564 nsiproxy - ok
08:48:30.0114 6564 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:48:30.0161 6564 Ntfs - ok
08:48:30.0192 6564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:48:30.0192 6564 Null - ok
08:48:30.0239 6564 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:48:30.0255 6564 nvraid - ok
08:48:30.0286 6564 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:48:30.0286 6564 nvstor - ok
08:48:30.0317 6564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:48:30.0317 6564 nv_agp - ok
08:48:30.0379 6564 [ 07571684567859DA796A566CC78FFA74 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
08:48:30.0411 6564 Oasis2Service - ok
08:48:30.0442 6564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:48:30.0442 6564 ohci1394 - ok
08:48:30.0504 6564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:48:30.0504 6564 ose - ok
08:48:30.0660 6564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:48:30.0769 6564 osppsvc - ok
08:48:30.0816 6564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:48:30.0816 6564 p2pimsvc - ok
08:48:30.0847 6564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:48:30.0847 6564 p2psvc - ok
08:48:30.0879 6564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:48:30.0879 6564 Parport - ok
08:48:30.0925 6564 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:48:30.0925 6564 partmgr - ok
08:48:30.0941 6564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:48:30.0957 6564 PcaSvc - ok
08:48:30.0972 6564 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys
08:48:30.0972 6564 pci - ok
08:48:31.0019 6564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:48:31.0019 6564 pciide - ok
08:48:31.0035 6564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:48:31.0035 6564 pcmcia - ok
08:48:31.0066 6564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:48:31.0066 6564 pcw - ok
08:48:31.0097 6564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:48:31.0113 6564 PEAUTH - ok
08:48:31.0222 6564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:48:31.0222 6564 PerfHost - ok
08:48:31.0315 6564 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
08:48:31.0347 6564 pla - ok
08:48:31.0425 6564 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:48:31.0425 6564 PlugPlay - ok
08:48:31.0518 6564 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
08:48:31.0565 6564 PMBDeviceInfoProvider - ok
08:48:31.0596 6564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:48:31.0596 6564 PNRPAutoReg - ok
08:48:31.0612 6564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:48:31.0612 6564 PNRPsvc - ok
08:48:31.0643 6564 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:48:31.0659 6564 PolicyAgent - ok
08:48:31.0705 6564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:48:31.0705 6564 Power - ok
08:48:31.0752 6564 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:48:31.0752 6564 PptpMiniport - ok
08:48:31.0768 6564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:48:31.0768 6564 Processor - ok
08:48:31.0815 6564 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
08:48:31.0815 6564 ProfSvc - ok
08:48:31.0830 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:48:31.0830 6564 ProtectedStorage - ok
08:48:31.0861 6564 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:48:31.0861 6564 Psched - ok
08:48:31.0908 6564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:48:31.0939 6564 ql2300 - ok
08:48:31.0971 6564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:48:31.0986 6564 ql40xx - ok
08:48:32.0017 6564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:48:32.0033 6564 QWAVE - ok
08:48:32.0049 6564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:48:32.0064 6564 QWAVEdrv - ok
08:48:32.0080 6564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:48:32.0080 6564 RasAcd - ok
08:48:32.0111 6564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:32.0111 6564 RasAgileVpn - ok
08:48:32.0158 6564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:48:32.0158 6564 RasAuto - ok
08:48:32.0189 6564 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:32.0189 6564 Rasl2tp - ok
08:48:32.0205 6564 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
08:48:32.0220 6564 RasMan - ok
08:48:32.0236 6564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:32.0236 6564 RasPppoe - ok
08:48:32.0251 6564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:48:32.0251 6564 RasSstp - ok
08:48:32.0283 6564 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:48:32.0283 6564 rdbss - ok
08:48:32.0298 6564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:48:32.0314 6564 rdpbus - ok
08:48:32.0329 6564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:32.0329 6564 RDPCDD - ok
08:48:32.0361 6564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:48:32.0361 6564 RDPENCDD - ok
08:48:32.0376 6564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:48:32.0376 6564 RDPREFMP - ok
08:48:32.0407 6564 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:48:32.0407 6564 RDPWD - ok
08:48:32.0454 6564 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:48:32.0454 6564 rdyboost - ok
08:48:32.0532 6564 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:48:32.0548 6564 RegSrvc - ok
08:48:32.0579 6564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:48:32.0579 6564 RemoteAccess - ok
08:48:32.0610 6564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:48:32.0610 6564 RemoteRegistry - ok
08:48:32.0673 6564 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:48:32.0673 6564 RFCOMM - ok
08:48:32.0704 6564 [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci C:\Windows\system32\drivers\rimssne64.sys
08:48:32.0719 6564 rimspci - ok
08:48:32.0751 6564 [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
08:48:32.0751 6564 risdsnpe - ok
08:48:32.0782 6564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:48:32.0782 6564 RpcEptMapper - ok
08:48:32.0797 6564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:48:32.0813 6564 RpcLocator - ok
08:48:32.0829 6564 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
08:48:32.0844 6564 RpcSs - ok
08:48:32.0875 6564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:48:32.0875 6564 rspndr - ok
08:48:32.0891 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
08:48:32.0907 6564 SamSs - ok
08:48:32.0922 6564 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:48:32.0922 6564 sbp2port - ok
08:48:32.0953 6564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:48:32.0953 6564 SCardSvr - ok
08:48:32.0985 6564 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:48:32.0985 6564 scfilter - ok
08:48:33.0016 6564 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
08:48:33.0047 6564 Schedule - ok
08:48:33.0094 6564 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:48:33.0094 6564 SCPolicySvc - ok
08:48:33.0125 6564 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:48:33.0125 6564 sdbus - ok
08:48:33.0156 6564 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:48:33.0156 6564 SDRSVC - ok
08:48:33.0187 6564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:48:33.0203 6564 secdrv - ok
08:48:33.0203 6564 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
08:48:33.0219 6564 seclogon - ok
08:48:33.0234 6564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:48:33.0234 6564 SENS - ok
08:48:33.0265 6564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:48:33.0265 6564 SensrSvc - ok
08:48:33.0297 6564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:48:33.0312 6564 Serenum - ok
08:48:33.0328 6564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:48:33.0328 6564 Serial - ok
08:48:33.0375 6564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:48:33.0375 6564 sermouse - ok
08:48:33.0406 6564 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
08:48:33.0421 6564 SessionEnv - ok
08:48:33.0453 6564 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
08:48:33.0453 6564 SFEP - ok
08:48:33.0468 6564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:48:33.0468 6564 sffdisk - ok
08:48:33.0499 6564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:48:33.0515 6564 sffp_mmc - ok
08:48:33.0515 6564 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:48:33.0515 6564 sffp_sd - ok
08:48:33.0546 6564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:48:33.0546 6564 sfloppy - ok
08:48:33.0577 6564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:48:33.0577 6564 SharedAccess - ok
08:48:33.0609 6564 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:48:33.0624 6564 ShellHWDetection - ok
08:48:33.0655 6564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:48:33.0655 6564 SiSRaid2 - ok
08:48:33.0687 6564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:48:33.0687 6564 SiSRaid4 - ok
08:48:33.0765 6564 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:48:33.0780 6564 SkypeUpdate - ok
08:48:33.0811 6564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:48:33.0811 6564 Smb - ok
08:48:33.0843 6564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:48:33.0843 6564 SNMPTRAP - ok
08:48:33.0921 6564 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
08:48:33.0921 6564 SOHCImp - ok
08:48:33.0936 6564 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
08:48:33.0952 6564 SOHDms - ok
08:48:33.0967 6564 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
08:48:33.0967 6564 SOHDs - ok
08:48:34.0030 6564 [ 5449FC97476F52E027409E703791E6A9 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
08:48:34.0030 6564 SpfService - ok
08:48:34.0061 6564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:48:34.0077 6564 spldr - ok
08:48:34.0123 6564 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
08:48:34.0139 6564 Spooler - ok
08:48:34.0233 6564 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
08:48:34.0311 6564 sppsvc - ok
08:48:34.0342 6564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:48:34.0342 6564 sppuinotify - ok
08:48:34.0435 6564 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
08:48:34.0451 6564 SRTSP - ok
08:48:34.0482 6564 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
08:48:34.0482 6564 SRTSPX - ok
08:48:34.0529 6564 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:48:34.0545 6564 srv - ok
08:48:34.0591 6564 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:48:34.0591 6564 srv2 - ok
08:48:34.0638 6564 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:48:34.0638 6564 srvnet - ok
08:48:34.0685 6564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:48:34.0685 6564 SSDPSRV - ok
08:48:34.0701 6564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:48:34.0701 6564 SstpSvc - ok
08:48:34.0716 6564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:48:34.0716 6564 stexstor - ok
08:48:34.0763 6564 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
08:48:34.0779 6564 stisvc - ok
08:48:34.0794 6564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:48:34.0794 6564 swenum - ok
08:48:34.0841 6564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:48:34.0857 6564 swprv - ok
08:48:34.0919 6564 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
08:48:34.0919 6564 SymDS - ok
08:48:34.0981 6564 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
08:48:34.0997 6564 SymEFA - ok
08:48:35.0059 6564 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:48:35.0059 6564 SymEvent - ok
08:48:35.0091 6564 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
08:48:35.0091 6564 SymIRON - ok
08:48:35.0153 6564 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
08:48:35.0153 6564 SymNetS - ok
08:48:35.0231 6564 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
08:48:35.0278 6564 SysMain - ok
08:48:35.0309 6564 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:48:35.0309 6564 TabletInputService - ok
08:48:35.0325 6564 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
08:48:35.0340 6564 TapiSrv - ok
08:48:35.0340 6564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:48:35.0340 6564 TBS - ok
08:48:35.0418 6564 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:48:35.0481 6564 Tcpip - ok
08:48:35.0527 6564 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:48:35.0543 6564 TCPIP6 - ok
08:48:35.0559 6564 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:48:35.0559 6564 tcpipreg - ok
08:48:35.0574 6564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:48:35.0590 6564 TDPIPE - ok
08:48:35.0605 6564 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:48:35.0605 6564 TDTCP - ok
08:48:35.0652 6564 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:48:35.0652 6564 tdx - ok
08:48:35.0668 6564 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:48:35.0668 6564 TermDD - ok
08:48:35.0699 6564 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
08:48:35.0715 6564 TermService - ok
08:48:35.0715 6564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:48:35.0715 6564 Themes - ok
08:48:35.0746 6564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:48:35.0746 6564 THREADORDER - ok
08:48:35.0777 6564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:48:35.0777 6564 TrkWks - ok
08:48:35.0839 6564 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:48:35.0839 6564 TrustedInstaller - ok
08:48:35.0871 6564 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:35.0871 6564 tssecsrv - ok
08:48:35.0917 6564 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:48:35.0917 6564 tunnel - ok
08:48:35.0949 6564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:48:35.0964 6564 uagp35 - ok
08:48:35.0995 6564 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:48:35.0995 6564 udfs - ok
08:48:36.0027 6564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:48:36.0042 6564 UI0Detect - ok
08:48:36.0073 6564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:48:36.0073 6564 uliagpkx - ok
08:48:36.0105 6564 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:48:36.0105 6564 umbus - ok
08:48:36.0136 6564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:48:36.0136 6564 UmPass - ok
08:48:36.0245 6564 [ 11A559E0F10CC5E788984023DF400A6F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:48:36.0323 6564 UNS - ok
08:48:36.0385 6564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:48:36.0385 6564 upnphost - ok
08:48:36.0417 6564 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:48:36.0432 6564 USBAAPL64 - ok
08:48:36.0463 6564 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:36.0463 6564 usbccgp - ok
08:48:36.0495 6564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:48:36.0495 6564 usbcir - ok
08:48:36.0510 6564 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:48:36.0526 6564 usbehci - ok
08:48:36.0541 6564 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:48:36.0557 6564 usbhub - ok
08:48:36.0588 6564 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:48:36.0588 6564 usbohci - ok
08:48:36.0619 6564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:48:36.0619 6564 usbprint - ok
08:48:36.0666 6564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:48:36.0666 6564 usbscan - ok
08:48:36.0697 6564 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:48:36.0713 6564 USBSTOR - ok
08:48:36.0713 6564 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:48:36.0713 6564 usbuhci - ok
08:48:36.0744 6564 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:48:36.0760 6564 usbvideo - ok
08:48:36.0775 6564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:48:36.0791 6564 UxSms - ok
08:48:36.0822 6564 [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
08:48:36.0822 6564 VAIO Event Service - ok
08:48:36.0900 6564 [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
08:48:36.0916 6564 VAIO Power Management - ok
08:48:36.0947 6564 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
08:48:36.0963 6564 VaultSvc - ok
08:48:37.0025 6564 [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
08:48:37.0087 6564 VCFw - ok
08:48:37.0150 6564 [ F0672B2368E859284A4C44AE2CCA4C72 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:48:37.0165 6564 VcmIAlzMgr - ok
08:48:37.0212 6564 [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
08:48:37.0212 6564 VcmINSMgr - ok
08:48:37.0259 6564 [ C8E3BA694CC5EACEC4C01660ACE40D56 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
08:48:37.0259 6564 VcmXmlIfHelper - ok
08:48:37.0306 6564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:48:37.0321 6564 vdrvroot - ok
08:48:37.0337 6564 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
08:48:37.0353 6564 vds - ok
08:48:37.0368 6564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:37.0368 6564 vga - ok
08:48:37.0384 6564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:48:37.0384 6564 VgaSave - ok
08:48:37.0415 6564 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:48:37.0431 6564 vhdmp - ok
08:48:37.0446 6564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:48:37.0462 6564 viaide - ok
08:48:37.0477 6564 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:48:37.0477 6564 volmgr - ok
08:48:37.0493 6564 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:48:37.0509 6564 volmgrx - ok
08:48:37.0524 6564 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:48:37.0524 6564 volsnap - ok
08:48:37.0571 6564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:48:37.0587 6564 vsmraid - ok
08:48:37.0680 6564 [ A7EB62C664A03901165290A714BD48D0 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
08:48:37.0727 6564 VSNService - ok
08:48:37.0789 6564 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
08:48:37.0836 6564 VSS - ok
08:48:37.0899 6564 [ E55A44D8F9F713D5F5D5BBAEF2BA0A34 ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
08:48:37.0930 6564 VUAgent - ok
08:48:37.0945 6564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:48:37.0961 6564 vwifibus - ok
08:48:37.0977 6564 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:48:37.0977 6564 vwififlt - ok
08:48:37.0992 6564 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:48:37.0992 6564 vwifimp - ok
08:48:38.0008 6564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:48:38.0023 6564 W32Time - ok
08:48:38.0039 6564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:48:38.0039 6564 WacomPen - ok
08:48:38.0086 6564 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:48:38.0086 6564 WANARP - ok
08:48:38.0101 6564 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:48:38.0101 6564 Wanarpv6 - ok
08:48:38.0164 6564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:48:38.0195 6564 WatAdminSvc - ok
08:48:38.0257 6564 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
08:48:38.0304 6564 wbengine - ok
08:48:38.0320 6564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:48:38.0335 6564 WbioSrvc - ok
08:48:38.0367 6564 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:48:38.0382 6564 wcncsvc - ok
08:48:38.0398 6564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:48:38.0398 6564 WcsPlugInService - ok
08:48:38.0429 6564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:48:38.0429 6564 Wd - ok
08:48:38.0476 6564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:48:38.0476 6564 Wdf01000 - ok
08:48:38.0491 6564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:48:38.0507 6564 WdiServiceHost - ok
08:48:38.0507 6564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:48:38.0507 6564 WdiSystemHost - ok
08:48:38.0554 6564 [ FE31110E39A0B11ABAE1BA43A2DC94F9 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
08:48:38.0554 6564 wdkmd - ok
08:48:38.0585 6564 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
08:48:38.0585 6564 WebClient - ok
08:48:38.0616 6564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:48:38.0632 6564 Wecsvc - ok
08:48:38.0647 6564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:48:38.0647 6564 wercplsupport - ok
08:48:38.0679 6564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:48:38.0694 6564 WerSvc - ok
08:48:38.0741 6564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:48:38.0741 6564 WfpLwf - ok
08:48:38.0835 6564 [ 8686E96E13F41AC9806A79CA8004FEEE ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
08:48:38.0897 6564 WiMAXAppSrv - ok
08:48:38.0913 6564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:48:38.0928 6564 WIMMount - ok
08:48:38.0959 6564 WinDefend - ok
08:48:38.0959 6564 WinHttpAutoProxySvc - ok
08:48:39.0037 6564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:48:39.0037 6564 Winmgmt - ok
08:48:39.0100 6564 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
08:48:39.0147 6564 WinRM - ok
08:48:39.0193 6564 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:48:39.0209 6564 WinUsb - ok
08:48:39.0240 6564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:48:39.0271 6564 Wlansvc - ok
08:48:39.0318 6564 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:48:39.0318 6564 wlcrasvc - ok
08:48:39.0443 6564 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:48:39.0505 6564 wlidsvc - ok
08:48:39.0537 6564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:48:39.0537 6564 WmiAcpi - ok
08:48:39.0583 6564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:48:39.0583 6564 wmiApSrv - ok
08:48:39.0599 6564 WMPNetworkSvc - ok
08:48:39.0630 6564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:48:39.0630 6564 WPCSvc - ok
08:48:39.0646 6564 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:48:39.0646 6564 WPDBusEnum - ok
08:48:39.0677 6564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:48:39.0677 6564 ws2ifsl - ok
08:48:39.0708 6564 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
08:48:39.0724 6564 wscsvc - ok
08:48:39.0724 6564 WSearch - ok
08:48:39.0802 6564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:48:39.0864 6564 wuauserv - ok
08:48:39.0880 6564 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:48:39.0880 6564 WudfPf - ok
08:48:39.0895 6564 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:39.0895 6564 WUDFRd - ok
08:48:39.0927 6564 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:48:39.0942 6564 wudfsvc - ok
08:48:39.0958 6564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:48:39.0958 6564 WwanSvc - ok
08:48:40.0067 6564 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:48:40.0067 6564 YahooAUService - ok
08:48:40.0145 6564 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:48:40.0145 6564 yukonw7 - ok
08:48:40.0207 6564 ================ Scan global ===============================
08:48:40.0239 6564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:48:40.0270 6564 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
08:48:40.0270 6564 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
08:48:40.0301 6564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:48:40.0332 6564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:48:40.0348 6564 [Global] - ok
08:48:40.0348 6564 ================ Scan MBR ==================================
08:48:40.0363 6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:48:40.0909 6564 \Device\Harddisk0\DR0 - ok
08:48:40.0909 6564 ================ Scan VBR ==================================
08:48:40.0909 6564 [ FA5088A1C6885A3BD9A09E4EC43D0DF1 ] \Device\Harddisk0\DR0\Partition1
08:48:40.0909 6564 \Device\Harddisk0\DR0\Partition1 - ok
08:48:40.0956 6564 [ 8B41304DAD8CBEBDEFE763DB6D978C4A ] \Device\Harddisk0\DR0\Partition2
08:48:40.0956 6564 \Device\Harddisk0\DR0\Partition2 - ok
08:48:40.0956 6564 ============================================================
08:48:40.0956 6564 Scan finished
08:48:40.0956 6564 ============================================================
08:48:40.0972 4728 Detected object count: 0
08:48:40.0972 4728 Actual detected object count: 0


And combofix log:

ComboFix 12-10-04.02 - Laura 10/06/2012 8:58.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2189 [GMT -5:00]
Running from: c:\users\Laura\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 14:09 . 2012-10-06 14:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-06 14:09 . 2012-10-06 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 02:17 . 2012-09-20 02:17 -------- d-----w- c:\users\Laura\AppData\Local\Microsoft_Corporation
2012-09-12 14:30 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:30 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 15:23 . 2012-04-22 18:10 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:23 . 2011-09-14 01:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 08:04 . 2011-06-20 04:09 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-07-26 08:21 . 2012-07-26 08:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 17:31 . 2012-08-17 17:36 3146752 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Tango"="c:\program files (x86)\Tango\Tango.exe" [2011-11-04 13489992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120111.003\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-09 836608]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-05-28 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 09329661
*NewlyCreated* - 29235252
*NewlyCreated* - ASWMBR
*Deregistered* - 09329661
*Deregistered* - 29235252
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:23]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 21:49]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 21:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 156.154.70.11 156.154.71.11
FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\
FF - prefs.js: browser.startup.homepage - hxxp://sony.msn.com/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-06 09:36:56
ComboFix-quarantined-files.txt 2012-10-06 14:36
ComboFix2.txt 2012-10-05 17:11
ComboFix3.txt 2012-01-29 18:18
.
Pre-Run: 428,003,049,472 bytes free
Post-Run: 427,948,974,080 bytes free
.
- - End Of File - - 2CFA8FB70E3C9A299ADAC04243F8E990


The tssdkiller did not find anything so i did not get the option to select "cure" or "skip". Is that okay?

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 06 October 2012 - 12:20 PM

Please do this next:

Posted Image Delete your existing copy of OTL and download a new copy from HERE

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - prefs.js..extensions.enabledAddons: oyikkydxih@oyikkydxih.org:1.0
    [2012/04/01 11:23:51 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\extensions\oyikkydxih@oyikkydxih.org.xpi
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • OTL Fix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 LawDogg

LawDogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 06 October 2012 - 08:13 PM

OTL Fix log:

All processes killed
========== OTL ==========
Prefs.js: oyikkydxih@oyikkydxih.org:1.0 removed from extensions.enabledAddons
C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\extensions\oyikkydxih@oyikkydxih.org.xpi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laura
->Temp folder emptied: 403291 bytes
->Temporary Internet Files folder emptied: 33587981 bytes
->Java cache emptied: 185822 bytes
->FireFox cache emptied: 99643054 bytes
->Flash cache emptied: 55436 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 308341 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
RecycleBin emptied: 601088 bytes

Total Files Cleaned = 129.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062012_191239

Files\Folders moved on Reboot...
C:\Users\Laura\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


MBMA Log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Laura :: LAURA-VAIO [administrator]

Protection: Enabled

10/6/2012 7:22:21 PM
mbam-log-2012-10-06 (19-22-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333282
Time elapsed: 40 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 07 October 2012 - 08:36 AM

How is the computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the installer you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 LawDogg

LawDogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 October 2012 - 11:27 AM

The computer is running great! I am no longer redirected when I search with Google or any other search engine. It seems like it's running a little faster, which is great. Thanks so much for taking the time to help me. I asked for help at my school and no one seemed like they had the time. Here is the log of the eset online scanner:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4592139405cfdc4ebbdd6a2830f16422
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-07 04:19:43
# local_time=2012-10-07 11:19:43 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 15237136 15237136 0 0
# compatibility_mode=3587 16777214 85 73 13581647 167685546 0 0
# compatibility_mode=5893 16776574 100 94 21928391 101164810 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146407
# found=2
# cleaned=0
# scan_time=5422
C:\Users\Laura\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120403091815142.rsc Win32/Boaxxe.C trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10062012_191239\C_Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ltmpt4v1.default\extensions\oyikkydxih@oyikkydxih.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 07 October 2012 - 02:52 PM

Great! Those ESET detections are already in quarantine, so all I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 LawDogg

LawDogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 October 2012 - 03:25 PM

Thank you, thank you, thank you!!! I am extremely grateful for the help. I have to take an online exam tomorrow morning and I did NOT want anything to redirect while taking it. Thanks so much. I have uninstalled Combofix, updated what needed to be updated, and deleted the other logs. I read the tips and will try to keep up with updating, scanning, and backing up my files.

Thanks again for all of your help!

LawDogg

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 07 October 2012 - 04:36 PM

You're welcome LawDogg. Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 09 October 2012 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users