Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fbi money pac/greendot issues


  • This topic is locked This topic is locked
18 replies to this topic

#1 haplo99

haplo99

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 October 2012 - 05:31 PM

My daughters computer has been infected with this virus. Normally I would try removing this myself but after seeing so many warnings about not doing anything to mess around with it, I thought I would ask for help directly in getting rid of this

the computer is a sony vaio running windows 7 64bit. I can get in with safe mode, but logging on normally locks me out with the FBI warning

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 31 October 2012 - 05:58 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 October 2012 - 07:55 PM

ok, here are the logs as requested

this is the security check one

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 20
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


this is attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2012 7:38:55 PM
System Uptime: 10/31/2012 8:45:18 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD Athlon™ II P360 Dual-Core Processor | N/A | 2294/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 415.479 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP11: 10/1/2012 6:01:01 AM - Windows Update
RP12: 10/11/2012 3:00:36 AM - Windows Update
RP13: 10/23/2012 10:51:02 AM - Scheduled Checkpoint
RP14: 10/24/2012 5:39:18 PM - Windows Update
RP15: 10/28/2012 2:37:29 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.2
Alps Pointing-device for VAIO
AMD USB Filter Driver
Application Manager for VAIO
ArcadeWeb
ArcSoft WebCam Companion 3
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Install Manager
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Disc MergeModules x64
D3DX10
Evernote
Facebook Messenger 2.1.4651.0
Fishdom: Spooky Splash
IMVU Inc Toolbar
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 20 (64-bit)
Junk Mail filter update
Media Gallery
Media Gallery MergeModules x64
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSI_SPF_x64
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Oasis2Service
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Pokki
Pokki Download Helper
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Setting Utility Series
Skype Toolbars
Skype™ 4.2
SmartWi Connection Utility
Sony Home Network Library
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO Care
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story MergeModules x64
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Power Management
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update 5
VAIO Wallpaper Contents
VMp MergeModule x64
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/31/2012 8:48:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
10/31/2012 8:46:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/31/2012 8:46:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/31/2012 8:46:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/31/2012 8:46:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/31/2012 8:46:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/31/2012 8:46:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/31/2012 8:45:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:54 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:45:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2012 8:45:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2012 8:45:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2012 8:45:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2012 8:25:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 8:24:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2012 6:13:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
10/31/2012 5:54:21 PM, Error: Service Control Manager [7034] - The VAIO Care Performance Service service terminated unexpectedly. It has done this 1 time(s).
10/28/2012 8:40:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
10/28/2012 2:30:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ee2066). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102812-28594-01.
.
==== End Of File ===========================


and dds.txt

DDS (Ver_2012-10-19.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by krystal at 20:49:11 on 2012-10-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.3298 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://sony.msn.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
BHO: Gaming support for ArcadeWeb: {9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} - C:\Users\krystal\AppData\Local\ArcadeWeb\arcadeweb32.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: IMVU Inc Toolbar: {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [Pokki] "C:\Users\krystal\AppData\Local\Pokki\v0.260.3.305\pokki.exe"
uRun: [Facebook Update] "C:\Users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [TimeDateMUICallback] C:\Users\krystal\AppData\Local\Microsoft\Windows\2955\TimeDateMUICallback.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\krystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\krystal\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\Users\krystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\krystal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{A35F455B-5668-4676-9BE3-74A32BB9A2C8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B02FDC54-E9F1-4386-BDB1-7A8FC64B2C6F} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-10-22 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-10-22 28800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-24 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-9-27 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-9-27 912504]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-9-24 242720]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-9-24 38456]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-5 1385632]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121023.002\IDSviA64.sys [2012-10-24 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-9-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-9-27 386168]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-15 202752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-9-27 130008]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-9-24 252416]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
S2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-9-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-9-24 422768]
S2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-9-24 67952]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-24 250808]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-15 6403072]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-15 188928]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-7 346144]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-9-24 574320]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-9-24 1203568]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-31 20:15:55 -------- d-----w- C:\Users\krystal\AppData\Roaming\hellomoto
2012-10-31 20:15:47 51200 ----a-w- C:\Users\krystal\ecftjgxwduvmzdjpin.exe
2012-10-31 20:15:46 51200 ----a-w- C:\Users\krystal\dtresfflsceez.exe
2012-10-31 20:15:45 51200 ----a-w- C:\Users\krystal\obsnwslxjacspgadmxxzjeiwq.exe
2012-10-30 15:54:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\offreg.dll
2012-10-30 15:53:55 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-30 15:53:49 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\mpengine.dll
2012-10-28 06:37:56 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-10-12 20:56:36 -------- d-----w- C:\Users\krystal\AppData\Local\CrashDumps
2012-10-10 19:33:36 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 19:33:35 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 19:33:34 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 19:33:34 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 19:26:48 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 19:26:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 19:26:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 19:26:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 19:26:28 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 19:26:28 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 19:26:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 19:26:24 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 19:26:24 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 19:26:24 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 19:26:23 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 19:26:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 18:50:53 -------- d-----w- C:\Users\krystal\AppData\Roaming\Playrix Entertainment
2012-10-09 18:50:02 -------- d-----w- C:\ProgramData\Premium
2012-10-09 18:49:52 -------- d-----w- C:\ProgramData\AlawarWrapper
2012-10-09 18:49:33 -------- d-----w- C:\Program Files (x86)\Alawar
2012-10-09 18:47:48 -------- d-----w- C:\ProgramData\InstallMate
2012-10-09 18:41:12 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-10-09 18:40:53 -------- d-----w- C:\Users\krystal\AppData\Local\ArcadeWeb
2012-10-07 05:19:22 -------- d-----w- C:\Users\krystal\AppData\Roaming\SoftGrid Client
2012-10-07 05:19:22 -------- d-----w- C:\Users\krystal\AppData\Local\SoftGrid Client
2012-10-07 05:18:24 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-10-07 05:17:58 -------- d-----w- C:\Users\krystal\AppData\Roaming\TP
2012-10-03 23:28:41 -------- d-----w- C:\Users\krystal\AppData\Local\Adobe
2012-10-02 15:55:39 -------- d-----w- C:\Program Files (x86)\Conduit
2012-10-02 15:55:07 -------- d-----w- C:\Users\krystal\AppData\Local\Conduit
2012-10-02 15:55:06 -------- d-----w- C:\Program Files (x86)\IMVU_Inc
.
==================== Find3M ====================
.
2012-10-09 02:12:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:12:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-25 04:19:39 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-24 19:06:48 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-09-24 19:06:42 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-09-24 19:06:42 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-09-24 19:06:32 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-09-24 19:06:30 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-09-24 19:06:26 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-09-24 18:43:07 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-24 18:40:59 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-24 18:35:41 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:50:37.77 ===============

Edited by haplo99, 31 October 2012 - 08:01 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 31 October 2012 - 08:14 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 October 2012 - 08:25 PM

ok, here's the first one from adwcleaner

# AdwCleaner v2.006 - Logfile created 10/31/2012 at 21:20:53
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : krystal - KRYSTAL-VAIO
# Boot Mode : Safe mode
# Running from : C:\Users\krystal\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6324 octets] - [31/10/2012 21:17:43]
AdwCleaner[S1].txt - [6161 octets] - [31/10/2012 21:18:49]
AdwCleaner[R2].txt - [632 octets] - [31/10/2012 21:20:53]

########## EOF - C:\AdwCleaner[R2].txt - [691 octets] ##########


and from rougekiller

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User : krystal [Admin rights]
Mode : Remove -- Date : 10/31/2012 21:22:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Pokki ("C:\Users\krystal\AppData\Local\Pokki\v0.260.3.305\pokki.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : TimeDateMUICallback (C:\Users\krystal\AppData\Local\Microsoft\Windows\2955\TimeDateMUICallback.exe) -> DELETED
[STARTUP][SUSP PATH] Facebook Messenger.lnk @krystal : C:\Users\krystal\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-55A0RT0 SATA Disk Device +++++
--- User ---
[MBR] 9f375d29249dc55cb4bd9b2f0055128c
[BSP] 0e13bb2d25f1e6431eb28a58d814e4fc : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9791 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20054016 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20258816 | Size: 467047 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



btw, thank you for taking your time to help with this, daughters going mad without her facebook

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 31 October 2012 - 08:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 October 2012 - 08:53 PM

the combofix log

ComboFix 12-10-31.03 - krystal 10/31/2012 21:36:56.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.3172 [GMT -4:00]
Running from: c:\users\krystal\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\krystal\AppData\Local\ArcadeWeb\arCAdeweb32.dll
c:\users\krystal\dtresfflsceez.exe
c:\users\krystal\ecftjgxwduvmzdjpin.exe
c:\users\krystal\obsnwslxjacspgadmxxzjeiwq.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 01:42 . 2012-11-01 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 01:42 . 2012-11-01 01:42 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-10-31 20:15 . 2012-10-31 20:16 -------- d-----w- c:\users\krystal\AppData\Roaming\hellomoto
2012-10-30 15:54 . 2012-10-30 15:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\offreg.dll
2012-10-30 15:53 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\mpengine.dll
2012-10-28 06:37 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-12 20:56 . 2012-10-12 20:57 -------- d-----w- c:\users\krystal\AppData\Local\CrashDumps
2012-10-10 19:33 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 19:33 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 19:33 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 19:33 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 19:26 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:26 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:26 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:26 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:26 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 19:26 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 19:26 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:26 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:26 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:26 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:26 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 19:26 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 18:50 . 2012-10-09 18:50 -------- d-----w- c:\users\krystal\AppData\Roaming\Playrix Entertainment
2012-10-09 18:49 . 2012-10-09 18:50 -------- d-----w- c:\programdata\AlawarWrapper
2012-10-09 18:49 . 2012-10-09 18:49 -------- d-----w- c:\program files (x86)\Alawar
2012-10-09 18:40 . 2012-11-01 01:42 -------- d-----w- c:\users\krystal\AppData\Local\ArcadeWeb
2012-10-07 05:19 . 2012-10-09 01:47 -------- d-----w- c:\users\krystal\AppData\Roaming\SoftGrid Client
2012-10-07 05:19 . 2012-10-07 05:19 -------- d-----w- c:\users\krystal\AppData\Local\SoftGrid Client
2012-10-07 05:18 . 2012-10-07 05:18 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-10-07 05:17 . 2012-10-07 05:19 -------- d-----w- c:\users\krystal\AppData\Roaming\TP
2012-10-03 23:28 . 2012-10-03 23:29 -------- d-----w- c:\users\krystal\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 02:12 . 2012-09-25 02:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:12 . 2012-09-25 02:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 17:38 . 2012-09-27 17:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 17:38 . 2012-09-27 17:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 17:38 . 2012-09-27 17:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 17:38 . 2012-09-27 17:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 17:38 . 2012-09-27 17:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 17:38 . 2012-09-27 17:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 17:38 . 2012-09-27 17:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 17:38 . 2012-09-27 17:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 17:38 . 2012-09-27 17:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 17:38 . 2012-09-27 17:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 17:38 . 2012-09-27 17:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 17:38 . 2012-09-27 17:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 17:38 . 2012-09-27 17:38 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 17:38 . 2012-09-27 17:38 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 17:38 . 2012-09-27 17:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 17:38 . 2012-09-27 17:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 17:38 . 2012-09-27 17:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 17:38 . 2012-09-27 17:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 17:38 . 2012-09-27 17:38 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 17:38 . 2012-09-27 17:38 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 17:38 . 2012-09-27 17:38 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 17:38 . 2012-09-27 17:38 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 17:38 . 2012-09-27 17:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 17:38 . 2012-09-27 17:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-27 17:38 . 2012-09-27 17:38 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 17:38 . 2012-09-27 17:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 17:38 . 2012-09-27 17:38 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 17:38 . 2012-09-27 17:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 17:38 . 2012-09-27 17:38 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 17:38 . 2012-09-27 17:38 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 17:38 . 2012-09-27 17:38 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 17:38 . 2012-09-27 17:38 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 17:38 . 2012-09-27 17:38 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 17:38 . 2012-09-27 17:38 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 17:38 . 2012-09-27 17:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 17:38 . 2012-09-27 17:38 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 17:38 . 2012-09-27 17:38 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 17:38 . 2012-09-27 17:38 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 17:38 . 2012-09-27 17:38 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 17:38 . 2012-09-27 17:38 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 17:38 . 2012-09-27 17:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 17:38 . 2012-09-27 17:38 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 17:38 . 2012-09-27 17:38 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 17:38 . 2012-09-27 17:38 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 17:38 . 2012-09-27 17:38 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 17:38 . 2012-09-27 17:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 17:38 . 2012-09-27 17:38 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 17:38 . 2012-09-27 17:38 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 17:38 . 2012-09-27 17:38 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 17:38 . 2012-09-27 17:38 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 17:38 . 2012-09-27 17:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 17:38 . 2012-09-27 17:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 17:38 . 2012-09-27 17:38 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 17:38 . 2012-09-27 17:38 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 17:38 . 2012-09-27 17:38 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 17:38 . 2012-09-27 17:38 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 17:38 . 2012-09-27 17:38 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 17:38 . 2012-09-27 17:38 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 17:38 . 2012-09-27 17:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 17:38 . 2012-09-27 17:38 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 17:38 . 2012-09-27 17:38 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 17:38 . 2012-09-27 17:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 17:38 . 2012-09-27 17:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 17:38 . 2012-09-27 17:38 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 17:38 . 2012-09-27 17:38 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-25 05:05 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-25 04:19 . 2012-09-24 19:51 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-24 19:06 . 2012-09-24 19:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-09-24 19:06 . 2012-09-24 19:06 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-09-24 18:43 . 2012-09-24 18:43 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-24 18:40 . 2012-09-24 18:41 455680 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 18:40 . 2012-09-24 18:41 182784 ----a-w- c:\windows\system32\javaws.exe
2012-09-24 18:40 . 2012-09-24 18:41 165888 ----a-w- c:\windows\system32\javaw.exe
2012-09-24 18:40 . 2012-09-24 18:41 165888 ----a-w- c:\windows\system32\java.exe
2012-08-18 11:19 . 2012-10-10 19:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-02-09 81328]
"Facebook Update"="c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-25 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
.
c:\users\krystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\krystal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-05 1385632]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121023.002\IDSvia64.sys [2012-09-21 513184]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-16 202752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-09-16 6403072]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-16 188928]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-04-07 346144]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 574320]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-01-22 1203568]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-07-01 73856]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-07-01 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-22 242720]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-03-09 12032]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 02:12]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832631602-1486818882-2827575348-1005Core.job
- c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 18:09]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832631602-1486818882-2827575348-1005UA.job
- c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} - c:\users\krystal\AppData\Local\ArcadeWeb\arcadeweb32.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Pokki - c:\users\krystal\AppData\Local\Pokki\v0.260.3.305\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 21:45:13
ComboFix-quarantined-files.txt 2012-11-01 01:45
.
Pre-Run: 446,742,753,280 bytes free
Post-Run: 447,133,335,552 bytes free
.
- - End Of File - - 37C4E1EF7661CCB2034047F09400917E




fingers crossed, after a quick play it seems to be working again, can log into windows normally and surf the web without anything nasty popping up at me

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 31 October 2012 - 08:56 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 31 October 2012 - 09:24 PM

tdsskiller log

22:00:08.0944 2476 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:00:09.0490 2476 ============================================================
22:00:09.0490 2476 Current date / time: 2012/10/31 22:00:09.0490
22:00:09.0490 2476 SystemInfo:
22:00:09.0490 2476
22:00:09.0490 2476 OS Version: 6.1.7600 ServicePack: 0.0
22:00:09.0490 2476 Product type: Workstation
22:00:09.0490 2476 ComputerName: KRYSTAL-VAIO
22:00:09.0490 2476 UserName: krystal
22:00:09.0490 2476 Windows directory: C:\Windows
22:00:09.0490 2476 System windows directory: C:\Windows
22:00:09.0490 2476 Running under WOW64
22:00:09.0490 2476 Processor architecture: Intel x64
22:00:09.0490 2476 Number of processors: 2
22:00:09.0490 2476 Page size: 0x1000
22:00:09.0490 2476 Boot type: Normal boot
22:00:09.0490 2476 ============================================================
22:00:12.0079 2476 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:12.0095 2476 ============================================================
22:00:12.0095 2476 \Device\Harddisk0\DR0:
22:00:12.0095 2476 MBR partitions:
22:00:12.0095 2476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1320000, BlocksNum 0x32000
22:00:12.0095 2476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1352000, BlocksNum 0x39033800
22:00:12.0095 2476 ============================================================
22:00:12.0126 2476 C: <-> \Device\Harddisk0\DR0\Partition2
22:00:12.0126 2476 ============================================================
22:00:12.0126 2476 Initialize success
22:00:12.0126 2476 ============================================================
22:00:18.0288 7104 ============================================================
22:00:18.0288 7104 Scan started
22:00:18.0288 7104 Mode: Manual;
22:00:18.0288 7104 ============================================================
22:00:20.0270 7104 ================ Scan system memory ========================
22:00:20.0270 7104 System memory - ok
22:00:20.0270 7104 ================ Scan services =============================
22:00:20.0519 7104 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:00:20.0535 7104 1394ohci - ok
22:00:20.0597 7104 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:00:20.0597 7104 ACDaemon - ok
22:00:20.0628 7104 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:00:20.0644 7104 ACPI - ok
22:00:20.0675 7104 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:00:20.0675 7104 AcpiPmi - ok
22:00:20.0831 7104 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:00:20.0831 7104 AdobeFlashPlayerUpdateSvc - ok
22:00:20.0878 7104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:00:20.0894 7104 adp94xx - ok
22:00:20.0925 7104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:00:20.0925 7104 adpahci - ok
22:00:20.0940 7104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:00:20.0940 7104 adpu320 - ok
22:00:20.0987 7104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:00:20.0987 7104 AeLookupSvc - ok
22:00:21.0034 7104 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:00:21.0050 7104 AFD - ok
22:00:21.0096 7104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:00:21.0096 7104 agp440 - ok
22:00:21.0128 7104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:00:21.0128 7104 ALG - ok
22:00:21.0159 7104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:00:21.0159 7104 aliide - ok
22:00:21.0190 7104 [ 8318A3B3CE74B851082AF2C0745E979E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:00:21.0190 7104 AMD External Events Utility - ok
22:00:21.0221 7104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:00:21.0221 7104 amdide - ok
22:00:21.0237 7104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:00:21.0237 7104 AmdK8 - ok
22:00:21.0377 7104 [ 2D597C853DB5EA1B1F6D98610039BB50 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
22:00:21.0533 7104 amdkmdag - ok
22:00:21.0580 7104 [ 04D770537E5AC5C4676B9A83CB21EC0A ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:00:21.0580 7104 amdkmdap - ok
22:00:21.0611 7104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:00:21.0611 7104 AmdPPM - ok
22:00:21.0674 7104 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:00:21.0674 7104 amdsata - ok
22:00:21.0689 7104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:00:21.0705 7104 amdsbs - ok
22:00:21.0720 7104 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:00:21.0720 7104 amdxata - ok
22:00:21.0752 7104 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
22:00:21.0752 7104 amd_sata - ok
22:00:21.0783 7104 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
22:00:21.0783 7104 amd_xata - ok
22:00:21.0830 7104 [ 2672A9DBAA6A8DEEA7EC8C7892E32A03 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:00:21.0830 7104 ApfiltrService - ok
22:00:21.0876 7104 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:00:21.0892 7104 AppID - ok
22:00:21.0908 7104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:00:21.0908 7104 AppIDSvc - ok
22:00:21.0939 7104 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:00:21.0939 7104 Appinfo - ok
22:00:21.0970 7104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:00:21.0970 7104 arc - ok
22:00:22.0001 7104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:00:22.0001 7104 arcsas - ok
22:00:22.0017 7104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:00:22.0017 7104 AsyncMac - ok
22:00:22.0048 7104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:00:22.0048 7104 atapi - ok
22:00:22.0126 7104 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:00:22.0157 7104 athr - ok
22:00:22.0220 7104 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:00:22.0235 7104 AtiPcie - ok
22:00:22.0298 7104 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:00:22.0329 7104 AudioEndpointBuilder - ok
22:00:22.0360 7104 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:00:22.0360 7104 AudioSrv - ok
22:00:22.0407 7104 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:00:22.0407 7104 AxInstSV - ok
22:00:22.0454 7104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:00:22.0469 7104 b06bdrv - ok
22:00:22.0516 7104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:00:22.0516 7104 b57nd60a - ok
22:00:22.0563 7104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:00:22.0563 7104 BDESVC - ok
22:00:22.0594 7104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:00:22.0594 7104 Beep - ok
22:00:22.0641 7104 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:00:22.0656 7104 BFE - ok
22:00:22.0844 7104 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys
22:00:22.0859 7104 BHDrvx64 - ok
22:00:22.0922 7104 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:00:22.0937 7104 BITS - ok
22:00:22.0953 7104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:00:22.0953 7104 blbdrive - ok
22:00:23.0000 7104 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:00:23.0000 7104 bowser - ok
22:00:23.0031 7104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:00:23.0031 7104 BrFiltLo - ok
22:00:23.0031 7104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:00:23.0046 7104 BrFiltUp - ok
22:00:23.0078 7104 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:00:23.0078 7104 BridgeMP - ok
22:00:23.0124 7104 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:00:23.0124 7104 Browser - ok
22:00:23.0140 7104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:00:23.0140 7104 Brserid - ok
22:00:23.0156 7104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:00:23.0156 7104 BrSerWdm - ok
22:00:23.0156 7104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:00:23.0156 7104 BrUsbMdm - ok
22:00:23.0171 7104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:00:23.0171 7104 BrUsbSer - ok
22:00:23.0202 7104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:00:23.0202 7104 BTHMODEM - ok
22:00:23.0234 7104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:00:23.0234 7104 bthserv - ok
22:00:23.0343 7104 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:00:23.0374 7104 btwdins - ok
22:00:23.0390 7104 catchme - ok
22:00:23.0436 7104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:00:23.0436 7104 cdfs - ok
22:00:23.0483 7104 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:00:23.0483 7104 cdrom - ok
22:00:23.0514 7104 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:00:23.0530 7104 CertPropSvc - ok
22:00:23.0577 7104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:00:23.0577 7104 circlass - ok
22:00:23.0608 7104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:00:23.0608 7104 CLFS - ok
22:00:23.0702 7104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:23.0702 7104 clr_optimization_v2.0.50727_32 - ok
22:00:23.0764 7104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:23.0780 7104 clr_optimization_v2.0.50727_64 - ok
22:00:23.0904 7104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:23.0951 7104 clr_optimization_v4.0.30319_32 - ok
22:00:24.0014 7104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:24.0014 7104 clr_optimization_v4.0.30319_64 - ok
22:00:24.0045 7104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:00:24.0045 7104 CmBatt - ok
22:00:24.0076 7104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:00:24.0076 7104 cmdide - ok
22:00:24.0123 7104 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:00:24.0138 7104 CNG - ok
22:00:24.0154 7104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:00:24.0154 7104 Compbatt - ok
22:00:24.0170 7104 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:00:24.0170 7104 CompositeBus - ok
22:00:24.0185 7104 COMSysApp - ok
22:00:24.0216 7104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:00:24.0216 7104 crcdisk - ok
22:00:24.0263 7104 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:00:24.0279 7104 CryptSvc - ok
22:00:24.0404 7104 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:00:24.0435 7104 cvhsvc - ok
22:00:24.0482 7104 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:00:24.0560 7104 DcomLaunch - ok
22:00:24.0622 7104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:00:24.0622 7104 defragsvc - ok
22:00:24.0669 7104 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:00:24.0669 7104 DfsC - ok
22:00:24.0731 7104 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:00:24.0731 7104 Dhcp - ok
22:00:24.0762 7104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:00:24.0778 7104 discache - ok
22:00:24.0794 7104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:00:24.0794 7104 Disk - ok
22:00:24.0840 7104 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:00:24.0856 7104 Dnscache - ok
22:00:24.0887 7104 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:00:24.0887 7104 dot3svc - ok
22:00:24.0903 7104 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:00:24.0903 7104 DPS - ok
22:00:24.0934 7104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:00:24.0934 7104 drmkaud - ok
22:00:24.0981 7104 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:00:24.0981 7104 DXGKrnl - ok
22:00:25.0028 7104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:00:25.0028 7104 EapHost - ok
22:00:25.0137 7104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:00:25.0199 7104 ebdrv - ok
22:00:25.0262 7104 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:00:25.0277 7104 eeCtrl - ok
22:00:25.0308 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:00:25.0308 7104 EFS - ok
22:00:25.0386 7104 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:00:25.0402 7104 ehRecvr - ok
22:00:25.0433 7104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:00:25.0433 7104 ehSched - ok
22:00:25.0480 7104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:00:25.0496 7104 elxstor - ok
22:00:25.0511 7104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:00:25.0511 7104 ErrDev - ok
22:00:25.0542 7104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:00:25.0558 7104 EventSystem - ok
22:00:25.0574 7104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:00:25.0589 7104 exfat - ok
22:00:25.0589 7104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:00:25.0589 7104 fastfat - ok
22:00:25.0636 7104 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:00:25.0636 7104 Fax - ok
22:00:25.0652 7104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:00:25.0652 7104 fdc - ok
22:00:25.0683 7104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:00:25.0683 7104 fdPHost - ok
22:00:25.0698 7104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:00:25.0698 7104 FDResPub - ok
22:00:25.0714 7104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:00:25.0714 7104 FileInfo - ok
22:00:25.0730 7104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:00:25.0745 7104 Filetrace - ok
22:00:25.0761 7104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:00:25.0761 7104 flpydisk - ok
22:00:25.0776 7104 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:00:25.0792 7104 FltMgr - ok
22:00:25.0854 7104 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:00:25.0886 7104 FontCache - ok
22:00:25.0932 7104 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:25.0932 7104 FontCache3.0.0.0 - ok
22:00:25.0948 7104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:00:25.0948 7104 FsDepends - ok
22:00:25.0995 7104 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:00:25.0995 7104 fssfltr - ok
22:00:26.0073 7104 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:00:26.0120 7104 fsssvc - ok
22:00:26.0166 7104 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:00:26.0166 7104 Fs_Rec - ok
22:00:26.0213 7104 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:00:26.0229 7104 fvevol - ok
22:00:26.0260 7104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:00:26.0260 7104 gagp30kx - ok
22:00:26.0307 7104 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:00:26.0338 7104 gpsvc - ok
22:00:26.0416 7104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:00:26.0416 7104 hcw85cir - ok
22:00:26.0432 7104 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:00:26.0447 7104 HdAudAddService - ok
22:00:26.0478 7104 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:00:26.0478 7104 HDAudBus - ok
22:00:26.0494 7104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:00:26.0494 7104 HidBatt - ok
22:00:26.0510 7104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:00:26.0510 7104 HidBth - ok
22:00:26.0525 7104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:00:26.0525 7104 HidIr - ok
22:00:26.0541 7104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:00:26.0556 7104 hidserv - ok
22:00:26.0588 7104 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:00:26.0588 7104 HidUsb - ok
22:00:26.0603 7104 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:00:26.0603 7104 hkmsvc - ok
22:00:26.0619 7104 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:00:26.0634 7104 HomeGroupListener - ok
22:00:26.0666 7104 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:00:26.0666 7104 HomeGroupProvider - ok
22:00:26.0712 7104 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:00:26.0712 7104 HpSAMD - ok
22:00:26.0759 7104 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:00:26.0790 7104 HTTP - ok
22:00:26.0822 7104 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:00:26.0822 7104 hwpolicy - ok
22:00:26.0837 7104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:00:26.0837 7104 i8042prt - ok
22:00:26.0884 7104 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:00:26.0900 7104 iaStorV - ok
22:00:26.0946 7104 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:26.0993 7104 idsvc - ok
22:00:27.0071 7104 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121023.002\IDSvia64.sys
22:00:27.0087 7104 IDSVia64 - ok
22:00:27.0102 7104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:00:27.0118 7104 iirsp - ok
22:00:27.0165 7104 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:00:27.0180 7104 IKEEXT - ok
22:00:27.0305 7104 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:00:27.0321 7104 IntcAzAudAddService - ok
22:00:27.0336 7104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:00:27.0336 7104 intelide - ok
22:00:27.0352 7104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:00:27.0368 7104 intelppm - ok
22:00:27.0399 7104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:00:27.0399 7104 IPBusEnum - ok
22:00:27.0414 7104 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:27.0414 7104 IpFilterDriver - ok
22:00:27.0430 7104 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:00:27.0446 7104 iphlpsvc - ok
22:00:27.0446 7104 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:00:27.0446 7104 IPMIDRV - ok
22:00:27.0477 7104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:00:27.0492 7104 IPNAT - ok
22:00:27.0524 7104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:00:27.0524 7104 IRENUM - ok
22:00:27.0539 7104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:00:27.0539 7104 isapnp - ok
22:00:27.0555 7104 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:00:27.0570 7104 iScsiPrt - ok
22:00:27.0586 7104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:00:27.0586 7104 kbdclass - ok
22:00:27.0602 7104 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:00:27.0602 7104 kbdhid - ok
22:00:27.0633 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:00:27.0633 7104 KeyIso - ok
22:00:27.0648 7104 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:00:27.0648 7104 KSecDD - ok
22:00:27.0664 7104 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:00:27.0680 7104 KSecPkg - ok
22:00:27.0695 7104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:00:27.0695 7104 ksthunk - ok
22:00:27.0742 7104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:00:27.0742 7104 KtmRm - ok
22:00:27.0789 7104 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:00:27.0804 7104 LanmanServer - ok
22:00:27.0836 7104 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:27.0851 7104 LanmanWorkstation - ok
22:00:27.0882 7104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:00:27.0882 7104 lltdio - ok
22:00:27.0929 7104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:00:27.0929 7104 lltdsvc - ok
22:00:27.0960 7104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:00:27.0960 7104 lmhosts - ok
22:00:27.0992 7104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:00:27.0992 7104 LSI_FC - ok
22:00:28.0007 7104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:00:28.0007 7104 LSI_SAS - ok
22:00:28.0023 7104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:00:28.0023 7104 LSI_SAS2 - ok
22:00:28.0023 7104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:00:28.0023 7104 LSI_SCSI - ok
22:00:28.0054 7104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:00:28.0054 7104 luafv - ok
22:00:28.0085 7104 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:00:28.0085 7104 Mcx2Svc - ok
22:00:28.0116 7104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:00:28.0116 7104 megasas - ok
22:00:28.0132 7104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:00:28.0132 7104 MegaSR - ok
22:00:28.0148 7104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:00:28.0148 7104 MMCSS - ok
22:00:28.0163 7104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:00:28.0163 7104 Modem - ok
22:00:28.0179 7104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:00:28.0179 7104 monitor - ok
22:00:28.0194 7104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:00:28.0194 7104 mouclass - ok
22:00:28.0210 7104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
22:00:28.0210 7104 mouhid - ok
22:00:28.0226 7104 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:00:28.0226 7104 mountmgr - ok
22:00:28.0241 7104 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys
22:00:28.0241 7104 mpio - ok
22:00:28.0272 7104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:00:28.0272 7104 mpsdrv - ok
22:00:28.0335 7104 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:00:28.0366 7104 MpsSvc - ok
22:00:28.0382 7104 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:00:28.0382 7104 MRxDAV - ok
22:00:28.0428 7104 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:28.0428 7104 mrxsmb - ok
22:00:28.0460 7104 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:28.0460 7104 mrxsmb10 - ok
22:00:28.0491 7104 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:28.0491 7104 mrxsmb20 - ok
22:00:28.0522 7104 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys
22:00:28.0522 7104 msahci - ok
22:00:28.0538 7104 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:00:28.0538 7104 msdsm - ok
22:00:28.0569 7104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:00:28.0569 7104 MSDTC - ok
22:00:28.0584 7104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:00:28.0584 7104 Msfs - ok
22:00:28.0616 7104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:00:28.0616 7104 mshidkmdf - ok
22:00:28.0631 7104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:00:28.0631 7104 msisadrv - ok
22:00:28.0662 7104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:00:28.0662 7104 MSiSCSI - ok
22:00:28.0662 7104 msiserver - ok
22:00:28.0694 7104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:00:28.0694 7104 MSKSSRV - ok
22:00:28.0725 7104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:28.0725 7104 MSPCLOCK - ok
22:00:28.0740 7104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:00:28.0740 7104 MSPQM - ok
22:00:28.0772 7104 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:00:28.0772 7104 MsRPC - ok
22:00:28.0787 7104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:00:28.0787 7104 mssmbios - ok
22:00:28.0818 7104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:00:28.0818 7104 MSTEE - ok
22:00:28.0818 7104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:00:28.0834 7104 MTConfig - ok
22:00:28.0850 7104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:00:28.0850 7104 Mup - ok
22:00:28.0896 7104 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:00:28.0912 7104 napagent - ok
22:00:28.0943 7104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:00:28.0943 7104 NativeWifiP - ok
22:00:29.0006 7104 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121023.021\ENG64.SYS
22:00:29.0006 7104 NAVENG - ok
22:00:29.0084 7104 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121023.021\EX64.SYS
22:00:29.0162 7104 NAVEX15 - ok
22:00:29.0193 7104 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:00:29.0208 7104 NDIS - ok
22:00:29.0224 7104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:29.0240 7104 NdisCap - ok
22:00:29.0255 7104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:29.0255 7104 NdisTapi - ok
22:00:29.0286 7104 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:29.0286 7104 Ndisuio - ok
22:00:29.0286 7104 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:29.0286 7104 NdisWan - ok
22:00:29.0318 7104 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:00:29.0318 7104 NDProxy - ok
22:00:29.0333 7104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:00:29.0333 7104 NetBIOS - ok
22:00:29.0333 7104 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:00:29.0349 7104 NetBT - ok
22:00:29.0364 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:00:29.0364 7104 Netlogon - ok
22:00:29.0396 7104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:00:29.0396 7104 Netman - ok
22:00:29.0411 7104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:00:29.0427 7104 netprofm - ok
22:00:29.0458 7104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:29.0458 7104 NetTcpPortSharing - ok
22:00:29.0489 7104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:00:29.0489 7104 nfrd960 - ok
22:00:29.0567 7104 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
22:00:29.0583 7104 NIS - ok
22:00:29.0614 7104 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:00:29.0645 7104 NlaSvc - ok
22:00:29.0676 7104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:00:29.0708 7104 Npfs - ok
22:00:29.0770 7104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:00:29.0770 7104 nsi - ok
22:00:29.0817 7104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:00:29.0817 7104 nsiproxy - ok
22:00:29.0910 7104 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:00:29.0973 7104 Ntfs - ok
22:00:29.0988 7104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:00:29.0988 7104 Null - ok
22:00:30.0020 7104 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:00:30.0020 7104 nvraid - ok
22:00:30.0035 7104 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:00:30.0035 7104 nvstor - ok
22:00:30.0082 7104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:00:30.0082 7104 nv_agp - ok
22:00:30.0160 7104 [ 07571684567859DA796A566CC78FFA74 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
22:00:30.0160 7104 Oasis2Service - ok
22:00:30.0176 7104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:00:30.0176 7104 ohci1394 - ok
22:00:30.0222 7104 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:30.0222 7104 ose - ok
22:00:30.0394 7104 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:30.0519 7104 osppsvc - ok
22:00:30.0566 7104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:00:30.0566 7104 p2pimsvc - ok
22:00:30.0612 7104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:00:30.0612 7104 p2psvc - ok
22:00:30.0644 7104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:00:30.0644 7104 Parport - ok
22:00:30.0659 7104 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:00:30.0659 7104 partmgr - ok
22:00:30.0675 7104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:00:30.0675 7104 PcaSvc - ok
22:00:30.0690 7104 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys
22:00:30.0706 7104 pci - ok
22:00:30.0722 7104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:00:30.0722 7104 pciide - ok
22:00:30.0737 7104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:00:30.0737 7104 pcmcia - ok
22:00:30.0753 7104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:00:30.0753 7104 pcw - ok
22:00:30.0784 7104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:00:30.0784 7104 PEAUTH - ok
22:00:30.0878 7104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:00:30.0893 7104 PerfHost - ok
22:00:30.0971 7104 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:00:31.0018 7104 pla - ok
22:00:31.0065 7104 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:00:31.0080 7104 PlugPlay - ok
22:00:31.0174 7104 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:00:31.0190 7104 PMBDeviceInfoProvider - ok
22:00:31.0236 7104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:00:31.0236 7104 PNRPAutoReg - ok
22:00:31.0268 7104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:00:31.0268 7104 PNRPsvc - ok
22:00:31.0314 7104 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:00:31.0314 7104 PolicyAgent - ok
22:00:31.0346 7104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:00:31.0346 7104 Power - ok
22:00:31.0377 7104 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:00:31.0377 7104 PptpMiniport - ok
22:00:31.0408 7104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:00:31.0408 7104 Processor - ok
22:00:31.0439 7104 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:00:31.0439 7104 ProfSvc - ok
22:00:31.0455 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:31.0470 7104 ProtectedStorage - ok
22:00:31.0486 7104 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:00:31.0502 7104 Psched - ok
22:00:31.0517 7104 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:00:31.0517 7104 PxHlpa64 - ok
22:00:31.0564 7104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:00:31.0595 7104 ql2300 - ok
22:00:31.0626 7104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:00:31.0626 7104 ql40xx - ok
22:00:31.0642 7104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:00:31.0658 7104 QWAVE - ok
22:00:31.0673 7104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:00:31.0673 7104 QWAVEdrv - ok
22:00:31.0673 7104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:00:31.0689 7104 RasAcd - ok
22:00:31.0720 7104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:31.0736 7104 RasAgileVpn - ok
22:00:31.0751 7104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:00:31.0767 7104 RasAuto - ok
22:00:31.0782 7104 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:31.0798 7104 Rasl2tp - ok
22:00:31.0814 7104 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:00:31.0814 7104 RasMan - ok
22:00:31.0829 7104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:31.0845 7104 RasPppoe - ok
22:00:31.0860 7104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:00:31.0860 7104 RasSstp - ok
22:00:31.0876 7104 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:00:31.0892 7104 rdbss - ok
22:00:31.0907 7104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:00:31.0907 7104 rdpbus - ok
22:00:31.0923 7104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:31.0923 7104 RDPCDD - ok
22:00:31.0970 7104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:00:31.0970 7104 RDPENCDD - ok
22:00:31.0985 7104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:00:31.0985 7104 RDPREFMP - ok
22:00:32.0032 7104 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:00:32.0032 7104 RDPWD - ok
22:00:32.0063 7104 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:00:32.0063 7104 rdyboost - ok
22:00:32.0110 7104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:00:32.0110 7104 RemoteAccess - ok
22:00:32.0141 7104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:00:32.0141 7104 RemoteRegistry - ok
22:00:32.0172 7104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:00:32.0172 7104 RpcEptMapper - ok
22:00:32.0204 7104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:00:32.0204 7104 RpcLocator - ok
22:00:32.0219 7104 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:00:32.0235 7104 RpcSs - ok
22:00:32.0266 7104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:00:32.0266 7104 rspndr - ok
22:00:32.0297 7104 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:00:32.0297 7104 RSUSBSTOR - ok
22:00:32.0328 7104 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:00:32.0328 7104 RTHDMIAzAudService - ok
22:00:32.0360 7104 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:00:32.0375 7104 RTL8167 - ok
22:00:32.0391 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:00:32.0391 7104 SamSs - ok
22:00:32.0438 7104 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:00:32.0438 7104 sbp2port - ok
22:00:32.0469 7104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:00:32.0469 7104 SCardSvr - ok
22:00:32.0500 7104 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:00:32.0500 7104 scfilter - ok
22:00:32.0562 7104 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:00:32.0594 7104 Schedule - ok
22:00:32.0625 7104 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:00:32.0625 7104 SCPolicySvc - ok
22:00:32.0672 7104 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:00:32.0672 7104 SDRSVC - ok
22:00:32.0734 7104 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:00:32.0734 7104 SeaPort - ok
22:00:32.0765 7104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:00:32.0781 7104 secdrv - ok
22:00:32.0812 7104 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:00:32.0812 7104 seclogon - ok
22:00:32.0828 7104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:00:32.0828 7104 SENS - ok
22:00:32.0843 7104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:00:32.0859 7104 SensrSvc - ok
22:00:32.0874 7104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:00:32.0874 7104 Serenum - ok
22:00:32.0874 7104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:00:32.0874 7104 Serial - ok
22:00:32.0890 7104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:00:32.0890 7104 sermouse - ok
22:00:32.0921 7104 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:00:32.0921 7104 SessionEnv - ok
22:00:32.0937 7104 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
22:00:32.0937 7104 SFEP - ok
22:00:32.0952 7104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:00:32.0952 7104 sffdisk - ok
22:00:32.0952 7104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:00:32.0952 7104 sffp_mmc - ok
22:00:32.0968 7104 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:00:32.0968 7104 sffp_sd - ok
22:00:32.0968 7104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:00:32.0968 7104 sfloppy - ok
22:00:33.0030 7104 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:00:33.0046 7104 Sftfs - ok
22:00:33.0124 7104 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:00:33.0124 7104 sftlist - ok
22:00:33.0155 7104 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:00:33.0171 7104 Sftplay - ok
22:00:33.0186 7104 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:00:33.0186 7104 Sftredir - ok
22:00:33.0202 7104 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:00:33.0202 7104 Sftvol - ok
22:00:33.0218 7104 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:00:33.0218 7104 sftvsa - ok
22:00:33.0264 7104 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:00:33.0280 7104 SharedAccess - ok
22:00:33.0311 7104 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:33.0327 7104 ShellHWDetection - ok
22:00:33.0358 7104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:00:33.0374 7104 SiSRaid2 - ok
22:00:33.0389 7104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:00:33.0389 7104 SiSRaid4 - ok
22:00:33.0389 7104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:00:33.0405 7104 Smb - ok
22:00:33.0436 7104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:00:33.0436 7104 SNMPTRAP - ok
22:00:33.0530 7104 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:00:33.0530 7104 SOHCImp - ok
22:00:33.0561 7104 [ C1CD71C672EA281A424FBCF24AC99553 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
22:00:33.0561 7104 SOHDms - ok
22:00:33.0592 7104 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:00:33.0592 7104 SOHDs - ok
22:00:33.0639 7104 [ E2E40C0D24456B6EB440BE01AF829829 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
22:00:33.0639 7104 SpfService - ok
22:00:33.0670 7104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:00:33.0670 7104 spldr - ok
22:00:33.0732 7104 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:00:33.0748 7104 Spooler - ok
22:00:33.0873 7104 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:00:33.0982 7104 sppsvc - ok
22:00:34.0013 7104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:00:34.0013 7104 sppuinotify - ok
22:00:34.0107 7104 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
22:00:34.0138 7104 SRTSP - ok
22:00:34.0169 7104 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
22:00:34.0169 7104 SRTSPX - ok
22:00:34.0200 7104 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:00:34.0216 7104 srv - ok
22:00:34.0247 7104 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:00:34.0263 7104 srv2 - ok
22:00:34.0294 7104 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:00:34.0294 7104 srvnet - ok
22:00:34.0341 7104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:00:34.0341 7104 SSDPSRV - ok
22:00:34.0356 7104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:00:34.0356 7104 SstpSvc - ok
22:00:34.0388 7104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:00:34.0388 7104 stexstor - ok
22:00:34.0419 7104 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:00:34.0419 7104 stisvc - ok
22:00:34.0434 7104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:00:34.0434 7104 swenum - ok
22:00:34.0450 7104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:00:34.0466 7104 swprv - ok
22:00:34.0481 7104 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
22:00:34.0481 7104 SymDS - ok
22:00:34.0544 7104 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
22:00:34.0559 7104 SymEFA - ok
22:00:34.0590 7104 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:00:34.0590 7104 SymEvent - ok
22:00:34.0622 7104 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
22:00:34.0622 7104 SymIRON - ok
22:00:34.0653 7104 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
22:00:34.0653 7104 SymNetS - ok
22:00:34.0731 7104 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:00:34.0793 7104 SysMain - ok
22:00:34.0809 7104 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:34.0809 7104 TabletInputService - ok
22:00:34.0840 7104 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:00:34.0840 7104 TapiSrv - ok
22:00:34.0856 7104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:00:34.0856 7104 TBS - ok
22:00:35.0043 7104 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:00:35.0105 7104 Tcpip - ok
22:00:35.0246 7104 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:00:35.0261 7104 TCPIP6 - ok
22:00:35.0308 7104 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:00:35.0308 7104 tcpipreg - ok
22:00:35.0339 7104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:00:35.0339 7104 TDPIPE - ok
22:00:35.0370 7104 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:00:35.0386 7104 TDTCP - ok
22:00:35.0402 7104 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:00:35.0402 7104 tdx - ok
22:00:35.0417 7104 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:00:35.0417 7104 TermDD - ok
22:00:35.0448 7104 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:00:35.0464 7104 TermService - ok
22:00:35.0480 7104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:00:35.0480 7104 Themes - ok
22:00:35.0511 7104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:00:35.0511 7104 THREADORDER - ok
22:00:35.0526 7104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:00:35.0526 7104 TrkWks - ok
22:00:35.0573 7104 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:35.0589 7104 TrustedInstaller - ok
22:00:35.0604 7104 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:35.0604 7104 tssecsrv - ok
22:00:35.0651 7104 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:00:35.0651 7104 tunnel - ok
22:00:35.0682 7104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:00:35.0682 7104 uagp35 - ok
22:00:35.0698 7104 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:00:35.0714 7104 udfs - ok
22:00:35.0745 7104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:00:35.0745 7104 UI0Detect - ok
22:00:35.0776 7104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:00:35.0776 7104 uliagpkx - ok
22:00:35.0807 7104 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:00:35.0807 7104 umbus - ok
22:00:35.0807 7104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:00:35.0807 7104 UmPass - ok
22:00:35.0838 7104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:00:35.0838 7104 upnphost - ok
22:00:35.0854 7104 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:35.0870 7104 usbccgp - ok
22:00:35.0901 7104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:00:35.0901 7104 usbcir - ok
22:00:35.0932 7104 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:00:35.0932 7104 usbehci - ok
22:00:35.0963 7104 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:00:35.0963 7104 usbfilter - ok
22:00:35.0994 7104 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:00:36.0010 7104 usbhub - ok
22:00:36.0026 7104 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:00:36.0026 7104 usbohci - ok
22:00:36.0057 7104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:00:36.0057 7104 usbprint - ok
22:00:36.0088 7104 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:36.0088 7104 USBSTOR - ok
22:00:36.0119 7104 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:00:36.0119 7104 usbuhci - ok
22:00:36.0166 7104 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:00:36.0166 7104 usbvideo - ok
22:00:36.0197 7104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:00:36.0197 7104 UxSms - ok
22:00:36.0244 7104 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
22:00:36.0260 7104 VAIO Entertainment TV Device Arbitration Service - ok
22:00:36.0291 7104 [ CB5B94EE1775FA4CD6B133F1745003C6 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
22:00:36.0306 7104 VAIO Event Service - ok
22:00:36.0384 7104 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:00:36.0416 7104 VAIO Power Management - ok
22:00:36.0431 7104 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:00:36.0431 7104 VaultSvc - ok
22:00:36.0478 7104 [ 917FB366B6CF2834CDBF9256D18A8FF0 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:00:36.0494 7104 VCFw - ok
22:00:36.0556 7104 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:00:36.0556 7104 VcmIAlzMgr - ok
22:00:36.0587 7104 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:00:36.0603 7104 VcmINSMgr - ok
22:00:36.0634 7104 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:00:36.0634 7104 VcmXmlIfHelper - ok
22:00:36.0681 7104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:00:36.0681 7104 vdrvroot - ok
22:00:36.0728 7104 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:00:36.0743 7104 vds - ok
22:00:36.0759 7104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:36.0759 7104 vga - ok
22:00:36.0774 7104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:00:36.0774 7104 VgaSave - ok
22:00:36.0790 7104 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:00:36.0790 7104 vhdmp - ok
22:00:36.0790 7104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:00:36.0806 7104 viaide - ok
22:00:36.0821 7104 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:00:36.0821 7104 volmgr - ok
22:00:36.0837 7104 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:00:36.0837 7104 volmgrx - ok
22:00:36.0852 7104 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:00:36.0868 7104 volsnap - ok
22:00:36.0884 7104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:00:36.0884 7104 vsmraid - ok
22:00:36.0946 7104 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:00:36.0977 7104 VSS - ok
22:00:37.0040 7104 [ 8AB3DA5EA4F94EE38680B3ACED11D57D ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
22:00:37.0071 7104 VUAgent - ok
22:00:37.0086 7104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:37.0086 7104 vwifibus - ok
22:00:37.0118 7104 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:37.0133 7104 vwififlt - ok
22:00:37.0149 7104 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:00:37.0149 7104 vwifimp - ok
22:00:37.0180 7104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:00:37.0180 7104 W32Time - ok
22:00:37.0242 7104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:00:37.0242 7104 WacomPen - ok
22:00:37.0274 7104 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:00:37.0274 7104 WANARP - ok
22:00:37.0289 7104 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:00:37.0289 7104 Wanarpv6 - ok
22:00:37.0367 7104 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:00:37.0414 7104 WatAdminSvc - ok
22:00:37.0476 7104 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:00:37.0539 7104 wbengine - ok
22:00:37.0554 7104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:00:37.0570 7104 WbioSrvc - ok
22:00:37.0601 7104 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:00:37.0601 7104 wcncsvc - ok
22:00:37.0617 7104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:37.0617 7104 WcsPlugInService - ok
22:00:37.0664 7104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:00:37.0664 7104 Wd - ok
22:00:37.0695 7104 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:00:37.0710 7104 Wdf01000 - ok
22:00:37.0742 7104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:00:37.0742 7104 WdiServiceHost - ok
22:00:37.0757 7104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:00:37.0757 7104 WdiSystemHost - ok
22:00:37.0804 7104 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:00:37.0820 7104 WebClient - ok
22:00:37.0851 7104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:00:37.0866 7104 Wecsvc - ok
22:00:37.0866 7104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:00:37.0882 7104 wercplsupport - ok
22:00:37.0913 7104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:00:37.0913 7104 WerSvc - ok
22:00:37.0929 7104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:37.0929 7104 WfpLwf - ok
22:00:37.0960 7104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:00:37.0960 7104 WIMMount - ok
22:00:37.0976 7104 WinDefend - ok
22:00:37.0976 7104 WinHttpAutoProxySvc - ok
22:00:38.0038 7104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:00:38.0054 7104 Winmgmt - ok
22:00:38.0132 7104 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:00:38.0178 7104 WinRM - ok
22:00:38.0241 7104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:00:38.0256 7104 Wlansvc - ok
22:00:38.0303 7104 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:00:38.0303 7104 wlcrasvc - ok
22:00:38.0397 7104 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:38.0459 7104 wlidsvc - ok
22:00:38.0506 7104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:00:38.0506 7104 WmiAcpi - ok
22:00:38.0537 7104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:00:38.0537 7104 wmiApSrv - ok
22:00:38.0568 7104 WMPNetworkSvc - ok
22:00:38.0600 7104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:00:38.0600 7104 WPCSvc - ok
22:00:38.0615 7104 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:00:38.0615 7104 WPDBusEnum - ok
22:00:38.0646 7104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:00:38.0646 7104 ws2ifsl - ok
22:00:38.0693 7104 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:00:38.0693 7104 wscsvc - ok
22:00:38.0709 7104 WSearch - ok
22:00:38.0802 7104 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:00:38.0880 7104 wuauserv - ok
22:00:38.0896 7104 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:00:38.0896 7104 WudfPf - ok
22:00:38.0943 7104 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:38.0943 7104 WUDFRd - ok
22:00:38.0974 7104 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:00:38.0974 7104 wudfsvc - ok
22:00:39.0005 7104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:00:39.0005 7104 WwanSvc - ok
22:00:39.0036 7104 ================ Scan global ===============================
22:00:39.0068 7104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:39.0130 7104 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:00:39.0161 7104 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:00:39.0192 7104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:39.0208 7104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:39.0224 7104 [Global] - ok
22:00:39.0224 7104 ================ Scan MBR ==================================
22:00:39.0239 7104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:39.0598 7104 \Device\Harddisk0\DR0 - ok
22:00:39.0598 7104 ================ Scan VBR ==================================
22:00:39.0614 7104 [ A7A6AA94CBE648B27AECA8D236358582 ] \Device\Harddisk0\DR0\Partition1
22:00:39.0614 7104 \Device\Harddisk0\DR0\Partition1 - ok
22:00:39.0645 7104 [ D8F61960E7546482B94826074CA7B0EC ] \Device\Harddisk0\DR0\Partition2
22:00:39.0645 7104 \Device\Harddisk0\DR0\Partition2 - ok
22:00:39.0645 7104 ============================================================
22:00:39.0645 7104 Scan finished
22:00:39.0645 7104 ============================================================
22:00:39.0660 2480 Detected object count: 0
22:00:39.0660 2480 Actual detected object count: 0


and aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 22:02:44
-----------------------------
22:02:44.571 OS Version: Windows x64 6.1.7600
22:02:44.571 Number of processors: 2 586 0x603
22:02:44.571 ComputerName: KRYSTAL-VAIO UserName: krystal
22:02:47.394 Initialize success
22:06:26.656 AVAST engine defs: 12103101
22:06:51.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
22:06:51.148 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
22:06:51.163 Disk 0 MBR read successfully
22:06:51.163 Disk 0 MBR scan
22:06:51.179 Disk 0 Windows 7 default MBR code
22:06:51.241 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9791 MB offset 2048
22:06:51.257 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20054016
22:06:51.319 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467047 MB offset 20258816
22:06:51.366 Disk 0 scanning C:\Windows\system32\drivers
22:07:02.286 Service scanning
22:07:51.192 Modules scanning
22:07:51.192 Disk 0 trace - called modules:
22:07:51.270 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:07:51.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042b1790]
22:07:51.785 3 CLASSPNP.SYS[fffff88000e4143f] -> nt!IofCallDriver -> [0xfffffa800428a780]
22:07:51.801 5 amd_xata.sys[fffff8800109f7a8] -> nt!IofCallDriver -> [0xfffffa8004286d20]
22:07:51.816 7 ACPI.sys[fffff88000e7e781] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004286340]
22:07:53.361 AVAST engine scan C:\Windows
22:07:57.900 AVAST engine scan C:\Windows\system32
22:11:16.130 AVAST engine scan C:\Windows\system32\drivers
22:11:35.864 AVAST engine scan C:\Users\krystal
22:20:46.997 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
22:20:47.450 The log file has been saved successfully to "E:\aswMBR.txt"


on that one, the fix MBR button is turned on, but as you didn't say anything, was leery of letting it

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 01 November 2012 - 08:44 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2012 - 09:28 AM

ComboFix 12-10-31.03 - krystal 11/01/2012 10:16:35.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2310 [GMT -4:00]
Running from: c:\users\krystal\Desktop\ComboFix.exe
Command switches used :: c:\users\krystal\Desktop\CFscript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 14:23 . 2012-11-01 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 14:23 . 2012-11-01 14:23 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-11-01 01:59 . 2012-11-01 01:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\offreg.dll
2012-10-31 20:15 . 2012-10-31 20:16 -------- d-----w- c:\users\krystal\AppData\Roaming\hellomoto
2012-10-30 15:53 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0674BA3-DB47-403D-907C-CCCC73087F28}\mpengine.dll
2012-10-28 06:37 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-12 20:56 . 2012-11-01 14:19 -------- d-----w- c:\users\krystal\AppData\Local\CrashDumps
2012-10-10 19:33 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 19:33 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 19:33 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 19:33 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 19:26 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:26 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:26 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:26 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:26 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 19:26 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 19:26 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:26 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:26 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:26 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:26 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 19:26 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 18:50 . 2012-10-09 18:50 -------- d-----w- c:\users\krystal\AppData\Roaming\Playrix Entertainment
2012-10-09 18:49 . 2012-10-09 18:50 -------- d-----w- c:\programdata\AlawarWrapper
2012-10-09 18:49 . 2012-10-09 18:49 -------- d-----w- c:\program files (x86)\Alawar
2012-10-09 18:40 . 2012-11-01 01:42 -------- d-----w- c:\users\krystal\AppData\Local\ArcadeWeb
2012-10-07 05:19 . 2012-10-09 01:47 -------- d-----w- c:\users\krystal\AppData\Roaming\SoftGrid Client
2012-10-07 05:19 . 2012-10-07 05:19 -------- d-----w- c:\users\krystal\AppData\Local\SoftGrid Client
2012-10-07 05:18 . 2012-10-07 05:18 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-10-07 05:17 . 2012-10-07 05:19 -------- d-----w- c:\users\krystal\AppData\Roaming\TP
2012-10-03 23:28 . 2012-10-03 23:29 -------- d-----w- c:\users\krystal\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 02:12 . 2012-09-25 02:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:12 . 2012-09-25 02:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 17:38 . 2012-09-27 17:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 17:38 . 2012-09-27 17:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 17:38 . 2012-09-27 17:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 17:38 . 2012-09-27 17:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 17:38 . 2012-09-27 17:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 17:38 . 2012-09-27 17:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 17:38 . 2012-09-27 17:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 17:38 . 2012-09-27 17:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 17:38 . 2012-09-27 17:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 17:38 . 2012-09-27 17:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 17:38 . 2012-09-27 17:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 17:38 . 2012-09-27 17:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 17:38 . 2012-09-27 17:38 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 17:38 . 2012-09-27 17:38 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 17:38 . 2012-09-27 17:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 17:38 . 2012-09-27 17:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 17:38 . 2012-09-27 17:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 17:38 . 2012-09-27 17:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 17:38 . 2012-09-27 17:38 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 17:38 . 2012-09-27 17:38 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 17:38 . 2012-09-27 17:38 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 17:38 . 2012-09-27 17:38 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 17:38 . 2012-09-27 17:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 17:38 . 2012-09-27 17:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-27 17:38 . 2012-09-27 17:38 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 17:38 . 2012-09-27 17:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 17:38 . 2012-09-27 17:38 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 17:38 . 2012-09-27 17:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 17:38 . 2012-09-27 17:38 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 17:38 . 2012-09-27 17:38 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 17:38 . 2012-09-27 17:38 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 17:38 . 2012-09-27 17:38 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 17:38 . 2012-09-27 17:38 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 17:38 . 2012-09-27 17:38 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 17:38 . 2012-09-27 17:38 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 17:38 . 2012-09-27 17:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 17:38 . 2012-09-27 17:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 17:38 . 2012-09-27 17:38 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 17:38 . 2012-09-27 17:38 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 17:38 . 2012-09-27 17:38 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 17:38 . 2012-09-27 17:38 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 17:38 . 2012-09-27 17:38 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 17:38 . 2012-09-27 17:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 17:38 . 2012-09-27 17:38 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 17:38 . 2012-09-27 17:38 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 17:38 . 2012-09-27 17:38 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 17:38 . 2012-09-27 17:38 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 17:38 . 2012-09-27 17:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 17:38 . 2012-09-27 17:38 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 17:38 . 2012-09-27 17:38 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 17:38 . 2012-09-27 17:38 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 17:38 . 2012-09-27 17:38 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 17:38 . 2012-09-27 17:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 17:38 . 2012-09-27 17:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 17:38 . 2012-09-27 17:38 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 17:38 . 2012-09-27 17:38 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 17:38 . 2012-09-27 17:38 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 17:38 . 2012-09-27 17:38 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 17:38 . 2012-09-27 17:38 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 17:38 . 2012-09-27 17:38 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 17:38 . 2012-09-27 17:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 17:38 . 2012-09-27 17:38 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 17:38 . 2012-09-27 17:38 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 17:38 . 2012-09-27 17:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 17:38 . 2012-09-27 17:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 17:38 . 2012-09-27 17:38 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 17:38 . 2012-09-27 17:38 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-25 05:05 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-25 04:19 . 2012-09-24 19:51 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-24 19:06 . 2012-09-24 19:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-09-24 19:06 . 2012-09-24 19:06 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-09-24 19:06 . 2012-09-24 19:06 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-09-24 18:43 . 2012-09-24 18:43 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-24 18:40 . 2012-09-24 18:41 455680 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 18:40 . 2012-09-24 18:41 182784 ----a-w- c:\windows\system32\javaws.exe
2012-09-24 18:40 . 2012-09-24 18:41 165888 ----a-w- c:\windows\system32\javaw.exe
2012-09-24 18:40 . 2012-09-24 18:41 165888 ----a-w- c:\windows\system32\java.exe
2012-08-18 11:19 . 2012-10-10 19:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}]
c:\users\krystal\AppData\Local\ArcadeWeb\arcadeweb32.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-02-09 81328]
"Facebook Update"="c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-25 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
.
c:\users\krystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\krystal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 574320]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-07-01 73856]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-07-01 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-05 1385632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121023.002\IDSvia64.sys [2012-09-21 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-16 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-09-16 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-16 188928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-22 242720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-04-07 346144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-03-09 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-01-22 1203568]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 28170511
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 28170511
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 02:12]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832631602-1486818882-2827575348-1005Core.job
- c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 18:09]
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832631602-1486818882-2827575348-1005UA.job
- c:\users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-01 10:26:31
ComboFix-quarantined-files.txt 2012-11-01 14:26
ComboFix2.txt 2012-11-01 01:45
.
Pre-Run: 446,871,064,576 bytes free
Post-Run: 446,819,737,600 bytes free
.
- - End Of File - - 3A0E0CB58E0876DA787460EFF2F04165


as far as I can tell the computer seems to be running fairly well now

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 01 November 2012 - 09:38 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.3.2
ArcadeWeb
Ask Toolbar
Ask Toolbar Updater
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
IMVU Inc Toolbar
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2012 - 10:28 AM

malwarebytes log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
krystal :: KRYSTAL-VAIO [administrator]

11/1/2012 11:14:40 AM
mbam-log-2012-11-01 (11-14-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222092
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|ArcadeWeb Uninstaller Finish (Adware.Gamevance) -> Data: C:\Users\krystal\AppData\Local\Temp\awun.exe -q -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\krystal\AppData\Local\Temp\awun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

(end)


hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:43 AM, on 11/1/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Users\krystal\Desktop\mark\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: IMVU.lnk = krystal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12069 bytes


the imvu toolbar and ask toolbars I couldn't find in the uninstalls or in revo

other than that, the computer seems to be running fine

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 01 November 2012 - 10:59 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
      O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\krystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Startup: IMVU.lnk = krystal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 haplo99

haplo99
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2012 - 12:06 PM

only one threat found

C:\Qoobox\Quarantine\C\Users\krystal\AppData\Local\ArcadeWeb\arCAdeweb32.dll.vir a variant of Win32/Adware.Gamevance.CL application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users