Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found Svchost virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 PrabhuR

PrabhuR

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 12:05 AM

I ran Malwarebytes and it found the svchost.exe but it cannot remove it. It keeps coming back.

 

Here is the DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464
Run by Narayan at 20:54:08 on 2013-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3935.1973 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Free TV Bar c3 Toolbar: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files (x86)\Free_TV_Bar_c3\tbFree.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: Free TV Bar c3 Toolbar: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files (x86)\Free_TV_Bar_c3\tbFree.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Free TV Bar c3 Toolbar: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files (x86)\Free_TV_Bar_c3\tbFree.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_19\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Free TV Bar c3 Toolbar: {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files (x86)\Free_TV_Bar_c3\tbFree.dll
TB: Free TV Bar c3 Toolbar: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files (x86)\Free_TV_Bar_c3\tbFree.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [cdloader] "C:\Users\Narayan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_19\bin\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_19\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.bechtel.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\14175716D4F6F63756 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\54C6022516E63686F60213 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\54C6022516E63686F60233 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\54C62516E63686F613 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\A4F63786960213 : DHCPNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\E61627169716E6 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-25 55280]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-9 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-9 393216]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-27 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-13 682344]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-6-13 259192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-11-25 19968]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-9 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-11-9 139264]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-13 24176]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-3 59392]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-25 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-6-13 44736]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-18 1286784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-01 03:32:41    20480    ----a-w-    C:\Windows\svchost.exe
2013-02-28 04:54:51    --------    d-----w-    C:\Users\Narayan\AppData\Local\ElevatedDiagnostics
2013-02-26 04:06:54    7168    ----a-w-    C:\ProgramData\Microsoft\Windows\DRM\CFD9.tmp
2013-02-26 04:06:54    7168    ----a-w-    C:\ProgramData\Microsoft\Windows\DRM\CF99.tmp
2013-02-15 22:31:23    186584    ----a-w-    C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-14 11:06:40    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:06:40    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:02:59    678912    ----a-w-    C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 11:02:59    499200    ----a-w-    C:\Program Files\Internet Explorer\jsdbgui.dll
2013-02-14 11:02:59    387584    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 11:02:57    887808    ----a-w-    C:\Program Files\Internet Explorer\iedvtool.dll
2013-02-14 02:09:07    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-14 02:09:05    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:09:05    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 02:08:39    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-14 02:08:33    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-02-14 02:08:32    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-02-14 02:08:32    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-02-14 02:08:32    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-02-14 02:08:32    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 02:08:31    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-02-14 02:08:17    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 02:08:17    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-02-08 03:16:26    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 03:16:26    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-10 20:01:24    19896    ----a-w-    C:\Windows\System32\roboot64.exe
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
.
============= FINISH: 20:55:39.56 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 07:10 AM


Hello PrabhuR

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 12:20 PM

Here is the Security Check log.

 

 

 Results of screen317's Security Check version 0.99.60  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 

Here is the ADWcleaner log.

 

 

# AdwCleaner v2.113 - Logfile created 03/01/2013 at 09:04:53
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Narayan - NARAYAN-VAIO
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Narayan\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free_TV_Bar_c3
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Narayan\AppData\Local\APN
Folder Deleted : C:\Users\Narayan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Narayan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Narayan\AppData\LocalLow\Free_TV_Bar_c3
Folder Deleted : C:\Users\Narayan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Narayan\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Free_TV_Bar_c3
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B634FBA0-0A05-449F-8D94-4B681C7096AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Free_TV_Bar_c3
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B634FBA0-0A05-449F-8D94-4B681C7096AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B634FBA0-0A05-449F-8D94-4B681C7096AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar_c3 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Narayan\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.67] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.70] : keyword = "ask.com",
Deleted [l.73] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=45[...]
Deleted [l.74] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
 
*************************
 
AdwCleaner[S1].txt - [7877 octets] - [01/03/2013 09:04:53]
 
########## EOF - C:\AdwCleaner[S1].txt - [7937 octets] ##########

Here is the RogueKiller log.

 

 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Narayan [Admin rights]
Mode : Remove -- Date : 03/01/2013 09:13:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: FUJITSU MJA2320BH G1 +++++
--- User ---
[MBR] 558adcb25d8485f8aefe596f2487a08a
[BSP] 7f189fa95df0fd5680fb243d206cbd17 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11262 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23066624 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23271424 | Size: 293881 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 5e2027a00b791e78354002c859c5eeb9
[BSP] 7f189fa95df0fd5680fb243d206cbd17 : Windows 7/8 MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11262 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23066624 | Size: 100 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23271424 | Size: 293881 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 5e2027a00b791e78354002c859c5eeb9
[BSP] 7f189fa95df0fd5680fb243d206cbd17 : Windows 7/8 MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11262 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23066624 | Size: 100 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23271424 | Size: 293881 Mo
 
Finished : << RKreport[2]_D_03012013_02d0913.txt >>
RKreport[1]_S_03012013_02d0912.txt ; RKreport[2]_D_03012013_02d0913.txt

I had to run all 3 programs in safe mode, as normal windows kept restarting with BSOD.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 12:42 PM


Hello PrabhuR

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 01:59 PM

Here is the combofix log

 

 

ComboFix 13-03-01.01 - Narayan 03/01/2013  10:44:52.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3935.3218 [GMT -8:00]
Running from: c:\users\Narayan\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\programdata\Microsoft\Windows\DRM\CF99.tmp
c:\programdata\Microsoft\Windows\DRM\CFD9.tmp
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-01 to 2013-03-01  )))))))))))))))))))))))))))))))
.
.
2013-03-01 18:50 . 2013-03-01 18:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-28 04:54 . 2013-02-28 04:54    --------    d-----w-    c:\users\Narayan\AppData\Local\ElevatedDiagnostics
2013-02-15 22:31 . 2012-12-18 14:28    186584    ----a-w-    c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-14 11:06 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:06 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:02 . 2013-01-09 01:13    499200    ----a-w-    c:\program files\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-08 22:05    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-08 22:04    387584    ----a-w-    c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-09 01:14    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-14 11:02 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-14 02:09 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 02:09 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:09 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:08 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 02:08 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 02:08 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 02:08 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 02:08 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 02:08 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 02:08 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 02:08 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 02:08 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 05:06 . 2013-02-09 05:06    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 11:12 . 2010-01-24 16:06    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 03:16 . 2012-10-11 03:31    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 03:16 . 2011-05-18 03:24    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-14 02:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:03    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:03    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2010-10-13 19:15    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-10 20:01 . 2013-01-21 03:46    19896    ----a-w-    c:\windows\system32\roboot64.exe
2012-12-07 13:20 . 2013-01-10 03:16    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 03:16    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 03:16    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 03:16    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\SysWow64\cero.rs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Narayan\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2957040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.5.0_19\bin\jusched.exe" [2009-05-04 75264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-05 02:32    98304    ----a-w-    c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-10-21 35104]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-22 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 19:53    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 03:16]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-Symantec Antvirus
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-01  10:54:59
ComboFix-quarantined-files.txt  2013-03-01 18:54
.
Pre-Run: 211,159,121,920 bytes free
Post-Run: 213,605,679,104 bytes free
.
- - End Of File - - 413BDDC84433BAD4F829CF5832BC30F1


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 02:38 PM


Hello PrabhuR

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 04:03 PM

I still had to do it from safe mode. Here is the log.

 

 

ComboFix 13-03-01.01 - Narayan 03/01/2013  12:44:55.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3935.2999 [GMT -8:00]
Running from: c:\users\Narayan\Desktop\ComboFix.exe
Command switches used :: c:\users\Narayan\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-01 to 2013-03-01  )))))))))))))))))))))))))))))))
.
.
2013-03-01 20:49 . 2013-03-01 20:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-28 04:54 . 2013-02-28 04:54    --------    d-----w-    c:\users\Narayan\AppData\Local\ElevatedDiagnostics
2013-02-15 22:31 . 2012-12-18 14:28    186584    ----a-w-    c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-14 11:06 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:06 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:02 . 2013-01-09 01:13    499200    ----a-w-    c:\program files\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-08 22:05    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-08 22:04    387584    ----a-w-    c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-09 01:14    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-14 11:02 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-14 02:09 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 02:09 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:09 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:08 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 02:08 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 02:08 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 02:08 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 02:08 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 02:08 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 02:08 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 02:08 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 02:08 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 05:06 . 2013-02-09 05:06    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 11:12 . 2010-01-24 16:06    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 03:16 . 2012-10-11 03:31    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 03:16 . 2011-05-18 03:24    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-14 02:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:03    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:03    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2010-10-13 19:15    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-10 20:01 . 2013-01-21 03:46    19896    ----a-w-    c:\windows\system32\roboot64.exe
2012-12-07 13:20 . 2013-01-10 03:16    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 03:16    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 03:16    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 03:16    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\SysWow64\cero.rs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Narayan\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2957040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.5.0_19\bin\jusched.exe" [2009-05-04 75264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-05 02:32    98304    ----a-w-    c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-10-21 35104]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-22 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 19:53    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 03:16]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-01  12:51:29
ComboFix-quarantined-files.txt  2013-03-01 20:51
ComboFix2.txt  2013-03-01 18:55
.
Pre-Run: 213,666,918,400 bytes free
Post-Run: 213,369,430,016 bytes free
.
- - End Of File - - 8F2B484DF5A21FB6C5EE0C7D00C2BB89


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 04:19 PM



Hello PrabhuR


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything after

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo






I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 04:45 PM

Here is the TDSSKiller log.

 

 

13:32:54.0476 2024  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:32:54.0757 2024  ============================================================
13:32:54.0757 2024  Current date / time: 2013/03/01 13:32:54.0757
13:32:54.0757 2024  SystemInfo:
13:32:54.0757 2024  
13:32:54.0757 2024  OS Version: 6.1.7601 ServicePack: 1.0
13:32:54.0757 2024  Product type: Workstation
13:32:54.0757 2024  ComputerName: NARAYAN-VAIO
13:32:54.0757 2024  UserName: Narayan
13:32:54.0757 2024  Windows directory: C:\Windows
13:32:54.0757 2024  System windows directory: C:\Windows
13:32:54.0757 2024  Running under WOW64
13:32:54.0757 2024  Processor architecture: Intel x64
13:32:54.0757 2024  Number of processors: 2
13:32:54.0757 2024  Page size: 0x1000
13:32:54.0757 2024  Boot type: Safe boot with network
13:32:54.0757 2024  ============================================================
13:32:54.0850 2024  BG loaded
13:32:55.0802 2024  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1080D9, SectorsPerTrack: 0x22, TracksPerCylinder: 0x11, Type 'K0', Flags 0x00000040
13:32:55.0802 2024  ============================================================
13:32:55.0802 2024  \Device\Harddisk0\DR0:
13:32:55.0802 2024  MBR partitions:
13:32:55.0802 2024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15FF800, BlocksNum 0x32000
13:32:55.0802 2024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1631800, BlocksNum 0x23DFCAB0
13:32:55.0802 2024  ============================================================
13:32:55.0833 2024  C: <-> \Device\Harddisk0\DR0\Partition2
13:32:55.0833 2024  ============================================================
13:32:55.0833 2024  Initialize success
13:32:55.0833 2024  ============================================================
13:33:28.0344 1340  ============================================================
13:33:28.0344 1340  Scan started
13:33:28.0344 1340  Mode: Manual; SigCheck; TDLFS; 
13:33:28.0344 1340  ============================================================
13:33:28.0515 1340  ================ Scan system memory ========================
13:33:28.0515 1340  System memory - ok
13:33:28.0515 1340  ================ Scan services =============================
13:33:28.0640 1340  [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:33:45.0067 1340  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
13:33:45.0067 1340  !SASCORE - detected UnsignedFile.Multi.Generic (1)
13:33:45.0239 1340  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:33:45.0317 1340  1394ohci - ok
13:33:45.0426 1340  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:33:45.0504 1340  ACDaemon - ok
13:33:45.0551 1340  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:33:45.0582 1340  ACPI - ok
13:33:45.0613 1340  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:33:45.0707 1340  AcpiPmi - ok
13:33:45.0816 1340  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:45.0847 1340  AdobeARMservice - ok
13:33:46.0003 1340  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:33:46.0019 1340  AdobeFlashPlayerUpdateSvc - ok
13:33:46.0065 1340  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:33:46.0143 1340  adp94xx - ok
13:33:46.0175 1340  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:33:46.0206 1340  adpahci - ok
13:33:46.0237 1340  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:33:46.0268 1340  adpu320 - ok
13:33:46.0299 1340  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:33:46.0455 1340  AeLookupSvc - ok
13:33:46.0518 1340  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:33:46.0565 1340  AFD - ok
13:33:46.0627 1340  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:33:46.0643 1340  agp440 - ok
13:33:46.0689 1340  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:33:46.0767 1340  ALG - ok
13:33:46.0783 1340  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:33:46.0830 1340  aliide - ok
13:33:46.0861 1340  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:33:46.0877 1340  amdide - ok
13:33:46.0908 1340  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:33:46.0970 1340  AmdK8 - ok
13:33:46.0986 1340  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:33:47.0048 1340  AmdPPM - ok
13:33:47.0079 1340  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:33:47.0111 1340  amdsata - ok
13:33:47.0126 1340  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:33:47.0157 1340  amdsbs - ok
13:33:47.0189 1340  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:33:47.0204 1340  amdxata - ok
13:33:47.0220 1340  [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
13:33:47.0251 1340  ApfiltrService - ok
13:33:47.0282 1340  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:33:47.0454 1340  AppID - ok
13:33:47.0501 1340  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:33:47.0579 1340  AppIDSvc - ok
13:33:47.0641 1340  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:33:47.0719 1340  Appinfo - ok
13:33:47.0781 1340  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:33:47.0797 1340  arc - ok
13:33:47.0828 1340  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:33:47.0844 1340  arcsas - ok
13:33:47.0875 1340  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:33:47.0891 1340  ArcSoftKsUFilter - ok
13:33:47.0922 1340  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:48.0015 1340  AsyncMac - ok
13:33:48.0078 1340  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:33:48.0093 1340  atapi - ok
13:33:48.0171 1340  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:33:48.0265 1340  athr - ok
13:33:48.0421 1340  [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:48.0686 1340  atikmdag - ok
13:33:48.0749 1340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:33:48.0889 1340  AudioEndpointBuilder - ok
13:33:48.0920 1340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:33:48.0998 1340  AudioSrv - ok
13:33:49.0045 1340  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:33:49.0170 1340  AxInstSV - ok
13:33:49.0201 1340  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:33:49.0279 1340  b06bdrv - ok
13:33:49.0310 1340  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:49.0357 1340  b57nd60a - ok
13:33:49.0451 1340  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:33:49.0482 1340  BBSvc - ok
13:33:49.0529 1340  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:33:49.0560 1340  BDESVC - ok
13:33:49.0575 1340  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:33:49.0669 1340  Beep - ok
13:33:49.0716 1340  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:33:49.0794 1340  BFE - ok
13:33:49.0856 1340  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
13:33:50.0028 1340  BITS - ok
13:33:50.0059 1340  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:33:50.0106 1340  blbdrive - ok
13:33:50.0153 1340  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:33:50.0199 1340  bowser - ok
13:33:50.0215 1340  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:33:50.0293 1340  BrFiltLo - ok
13:33:50.0324 1340  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:33:50.0340 1340  BrFiltUp - ok
13:33:50.0355 1340  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:33:50.0433 1340  BridgeMP - ok
13:33:50.0496 1340  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:33:50.0574 1340  Browser - ok
13:33:50.0605 1340  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:33:50.0683 1340  Brserid - ok
13:33:50.0714 1340  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:50.0745 1340  BrSerWdm - ok
13:33:50.0777 1340  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:50.0823 1340  BrUsbMdm - ok
13:33:50.0855 1340  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:50.0901 1340  BrUsbSer - ok
13:33:50.0948 1340  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:33:51.0011 1340  BthEnum - ok
13:33:51.0042 1340  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:33:51.0089 1340  BTHMODEM - ok
13:33:51.0120 1340  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:33:51.0167 1340  BthPan - ok
13:33:51.0229 1340  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:33:51.0307 1340  BTHPORT - ok
13:33:51.0338 1340  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:33:51.0416 1340  bthserv - ok
13:33:51.0447 1340  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:33:51.0494 1340  BTHUSB - ok
13:33:51.0525 1340  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
13:33:51.0541 1340  btwaudio - ok
13:33:51.0572 1340  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
13:33:51.0588 1340  btwavdt - ok
13:33:51.0650 1340  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:33:51.0713 1340  btwdins - ok
13:33:51.0744 1340  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
13:33:51.0759 1340  btwl2cap - ok
13:33:51.0791 1340  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\drivers\btwrchid.sys
13:33:51.0806 1340  btwrchid - ok
13:33:51.0806 1340  catchme - ok
13:33:51.0869 1340  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:33:51.0884 1340  ccEvtMgr - ok
13:33:51.0900 1340  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:33:51.0915 1340  ccSetMgr - ok
13:33:51.0931 1340  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:33:52.0009 1340  cdfs - ok
13:33:52.0056 1340  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:33:52.0087 1340  cdrom - ok
13:33:52.0118 1340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:33:52.0196 1340  CertPropSvc - ok
13:33:52.0227 1340  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:33:52.0274 1340  circlass - ok
13:33:52.0321 1340  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:33:52.0368 1340  CLFS - ok
13:33:52.0446 1340  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:52.0461 1340  clr_optimization_v2.0.50727_32 - ok
13:33:52.0508 1340  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:52.0539 1340  clr_optimization_v2.0.50727_64 - ok
13:33:52.0633 1340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:52.0680 1340  clr_optimization_v4.0.30319_32 - ok
13:33:52.0727 1340  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:52.0742 1340  clr_optimization_v4.0.30319_64 - ok
13:33:52.0789 1340  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:33:52.0820 1340  CmBatt - ok
13:33:52.0851 1340  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:33:52.0883 1340  cmdide - ok
13:33:52.0929 1340  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:33:52.0992 1340  CNG - ok
13:33:53.0023 1340  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:33:53.0039 1340  Compbatt - ok
13:33:53.0054 1340  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:33:53.0101 1340  CompositeBus - ok
13:33:53.0117 1340  COMSysApp - ok
13:33:53.0163 1340  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:33:53.0179 1340  crcdisk - ok
13:33:53.0241 1340  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:33:53.0288 1340  CryptSvc - ok
13:33:53.0351 1340  [ 15C2AFD86D8A58354FC100434C78B621 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
13:33:53.0397 1340  dc3d - ok
13:33:53.0444 1340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:33:53.0553 1340  DcomLaunch - ok
13:33:53.0600 1340  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:33:53.0694 1340  defragsvc - ok
13:33:53.0725 1340  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:33:53.0803 1340  DfsC - ok
13:33:53.0850 1340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:33:53.0912 1340  Dhcp - ok
13:33:53.0943 1340  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:33:54.0021 1340  discache - ok
13:33:54.0053 1340  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:33:54.0068 1340  Disk - ok
13:33:54.0115 1340  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:33:54.0162 1340  Dnscache - ok
13:33:54.0209 1340  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:33:54.0302 1340  dot3svc - ok
13:33:54.0349 1340  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:33:54.0396 1340  Dot4 - ok
13:33:54.0443 1340  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
13:33:54.0489 1340  Dot4Print - ok
13:33:54.0505 1340  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:33:54.0552 1340  dot4usb - ok
13:33:54.0583 1340  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:33:54.0661 1340  DPS - ok
13:33:54.0692 1340  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:33:54.0723 1340  drmkaud - ok
13:33:54.0770 1340  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:33:54.0848 1340  DXGKrnl - ok
13:33:54.0864 1340  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:33:54.0957 1340  EapHost - ok
13:33:55.0067 1340  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:33:55.0223 1340  ebdrv - ok
13:33:55.0301 1340  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:33:55.0363 1340  eeCtrl - ok
13:33:55.0410 1340  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:33:55.0457 1340  EFS - ok
13:33:55.0550 1340  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:33:55.0613 1340  ehRecvr - ok
13:33:55.0644 1340  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:33:55.0691 1340  ehSched - ok
13:33:55.0737 1340  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:33:55.0784 1340  elxstor - ok
13:33:55.0847 1340  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:33:55.0878 1340  ErrDev - ok
13:33:55.0925 1340  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:33:56.0018 1340  EventSystem - ok
13:33:56.0065 1340  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:33:56.0143 1340  exfat - ok
13:33:56.0174 1340  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:33:56.0268 1340  fastfat - ok
13:33:56.0330 1340  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:33:56.0393 1340  Fax - ok
13:33:56.0408 1340  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:33:56.0455 1340  fdc - ok
13:33:56.0502 1340  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:33:56.0564 1340  fdPHost - ok
13:33:56.0564 1340  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:33:56.0642 1340  FDResPub - ok
13:33:56.0689 1340  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:33:56.0705 1340  FileInfo - ok
13:33:56.0720 1340  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:33:56.0798 1340  Filetrace - ok
13:33:56.0814 1340  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:33:56.0845 1340  flpydisk - ok
13:33:56.0892 1340  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:33:56.0923 1340  FltMgr - ok
13:33:56.0985 1340  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:33:57.0095 1340  FontCache - ok
13:33:57.0141 1340  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:57.0157 1340  FontCache3.0.0.0 - ok
13:33:57.0188 1340  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:33:57.0204 1340  FsDepends - ok
13:33:57.0266 1340  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
13:33:57.0282 1340  fssfltr - ok
13:33:57.0391 1340  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:33:57.0516 1340  fsssvc - ok
13:33:57.0563 1340  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:33:57.0578 1340  Fs_Rec - ok
13:33:57.0641 1340  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:33:57.0672 1340  fvevol - ok
13:33:57.0703 1340  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:33:57.0719 1340  gagp30kx - ok
13:33:57.0781 1340  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:33:57.0890 1340  gpsvc - ok
13:33:57.0953 1340  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:57.0984 1340  gupdate - ok
13:33:58.0015 1340  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:58.0031 1340  gupdatem - ok
13:33:58.0077 1340  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:33:58.0093 1340  gusvc - ok
13:33:58.0124 1340  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:33:58.0187 1340  hcw85cir - ok
13:33:58.0249 1340  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:33:58.0280 1340  HdAudAddService - ok
13:33:58.0296 1340  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:33:58.0358 1340  HDAudBus - ok
13:33:58.0389 1340  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:33:58.0405 1340  HidBatt - ok
13:33:58.0436 1340  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:33:58.0483 1340  HidBth - ok
13:33:58.0499 1340  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:33:58.0545 1340  HidIr - ok
13:33:58.0561 1340  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
13:33:58.0655 1340  hidserv - ok
13:33:58.0686 1340  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:33:58.0701 1340  HidUsb - ok
13:33:58.0748 1340  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:33:58.0826 1340  hkmsvc - ok
13:33:58.0873 1340  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:33:58.0935 1340  HomeGroupListener - ok
13:33:58.0967 1340  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:33:59.0013 1340  HomeGroupProvider - ok
13:33:59.0201 1340  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:33:59.0216 1340  hpqcxs08 - ok
13:33:59.0263 1340  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:33:59.0279 1340  hpqddsvc - ok
13:33:59.0325 1340  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:33:59.0357 1340  HpSAMD - ok
13:33:59.0419 1340  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:33:59.0528 1340  HTTP - ok
13:33:59.0559 1340  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:33:59.0591 1340  hwpolicy - ok
13:33:59.0622 1340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:33:59.0653 1340  i8042prt - ok
13:33:59.0700 1340  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:33:59.0731 1340  IAANTMON - ok
13:33:59.0762 1340  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:33:59.0793 1340  iaStor - ok
13:33:59.0840 1340  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:33:59.0887 1340  iaStorV - ok
13:33:59.0965 1340  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:34:00.0027 1340  idsvc - ok
13:34:00.0215 1340  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:34:00.0511 1340  igfx - ok
13:34:00.0573 1340  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:34:00.0589 1340  iirsp - ok
13:34:00.0651 1340  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:34:00.0745 1340  IKEEXT - ok
13:34:00.0807 1340  [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:34:00.0901 1340  IntcAzAudAddService - ok
13:34:00.0948 1340  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:34:01.0010 1340  IntcHdmiAddService - ok
13:34:01.0041 1340  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:34:01.0057 1340  intelide - ok
13:34:01.0088 1340  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
13:34:01.0135 1340  intelppm - ok
13:34:01.0166 1340  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:34:01.0229 1340  IPBusEnum - ok
13:34:01.0275 1340  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:01.0353 1340  IpFilterDriver - ok
13:34:01.0447 1340  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:34:01.0541 1340  iphlpsvc - ok
13:34:01.0603 1340  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:34:01.0634 1340  IPMIDRV - ok
13:34:01.0665 1340  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:34:01.0743 1340  IPNAT - ok
13:34:01.0775 1340  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:34:01.0868 1340  IRENUM - ok
13:34:01.0915 1340  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:34:01.0931 1340  isapnp - ok
13:34:01.0946 1340  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:34:01.0977 1340  iScsiPrt - ok
13:34:01.0993 1340  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:34:02.0009 1340  kbdclass - ok
13:34:02.0040 1340  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:34:02.0087 1340  kbdhid - ok
13:34:02.0102 1340  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:34:02.0133 1340  KeyIso - ok
13:34:02.0165 1340  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:34:02.0196 1340  KSecDD - ok
13:34:02.0243 1340  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:34:02.0274 1340  KSecPkg - ok
13:34:02.0305 1340  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:34:02.0399 1340  ksthunk - ok
13:34:02.0461 1340  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:34:02.0555 1340  KtmRm - ok
13:34:02.0601 1340  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:34:02.0679 1340  LanmanServer - ok
13:34:02.0726 1340  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:34:02.0804 1340  LanmanWorkstation - ok
13:34:02.0929 1340  [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:34:03.0069 1340  LiveUpdate - ok
13:34:03.0085 1340  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:34:03.0163 1340  lltdio - ok
13:34:03.0210 1340  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:34:03.0303 1340  lltdsvc - ok
13:34:03.0319 1340  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:34:03.0397 1340  lmhosts - ok
13:34:03.0428 1340  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:34:03.0444 1340  LSI_FC - ok
13:34:03.0475 1340  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:34:03.0506 1340  LSI_SAS - ok
13:34:03.0522 1340  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:34:03.0537 1340  LSI_SAS2 - ok
13:34:03.0584 1340  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:34:03.0600 1340  LSI_SCSI - ok
13:34:03.0631 1340  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:34:03.0725 1340  luafv - ok
13:34:03.0771 1340  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:34:03.0787 1340  MBAMProtector - ok
13:34:03.0896 1340  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:34:03.0927 1340  MBAMScheduler - ok
13:34:03.0990 1340  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:34:04.0052 1340  MBAMService - ok
13:34:04.0099 1340  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:34:04.0146 1340  Mcx2Svc - ok
13:34:04.0161 1340  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:34:04.0193 1340  megasas - ok
13:34:04.0224 1340  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:34:04.0255 1340  MegaSR - ok
13:34:04.0317 1340  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:34:04.0333 1340  Microsoft Office Groove Audit Service - ok
13:34:04.0380 1340  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:34:04.0473 1340  MMCSS - ok
13:34:04.0505 1340  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:34:04.0583 1340  Modem - ok
13:34:04.0614 1340  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:34:04.0661 1340  monitor - ok
13:34:04.0692 1340  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:34:04.0723 1340  mouclass - ok
13:34:04.0754 1340  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:34:04.0801 1340  mouhid - ok
13:34:04.0848 1340  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:34:04.0863 1340  mountmgr - ok
13:34:04.0926 1340  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:34:04.0941 1340  mpio - ok
13:34:04.0973 1340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:34:05.0035 1340  mpsdrv - ok
13:34:05.0097 1340  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:34:05.0175 1340  MpsSvc - ok
13:34:05.0222 1340  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:34:05.0285 1340  MRxDAV - ok
13:34:05.0331 1340  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:05.0378 1340  mrxsmb - ok
13:34:05.0441 1340  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:05.0472 1340  mrxsmb10 - ok
13:34:05.0519 1340  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:05.0550 1340  mrxsmb20 - ok
13:34:05.0597 1340  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:34:05.0612 1340  msahci - ok
13:34:05.0643 1340  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:34:05.0659 1340  msdsm - ok
13:34:05.0690 1340  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:34:05.0737 1340  MSDTC - ok
13:34:05.0784 1340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:34:05.0846 1340  Msfs - ok
13:34:05.0862 1340  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:34:05.0955 1340  mshidkmdf - ok
13:34:05.0987 1340  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:34:06.0002 1340  msisadrv - ok
13:34:06.0033 1340  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:34:06.0127 1340  MSiSCSI - ok
13:34:06.0127 1340  msiserver - ok
13:34:06.0174 1340  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:34:06.0252 1340  MSKSSRV - ok
13:34:06.0267 1340  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:06.0345 1340  MSPCLOCK - ok
13:34:06.0377 1340  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:34:06.0455 1340  MSPQM - ok
13:34:06.0501 1340  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:34:06.0533 1340  MsRPC - ok
13:34:06.0595 1340  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:34:06.0611 1340  mssmbios - ok
13:34:06.0673 1340  MSSQL$DDNI - ok
13:34:06.0704 1340  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:34:06.0735 1340  MSSQLServerADHelper100 - ok
13:34:06.0782 1340  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:34:06.0860 1340  MSTEE - ok
13:34:06.0891 1340  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:34:06.0923 1340  MTConfig - ok
13:34:06.0954 1340  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:34:06.0969 1340  Mup - ok
13:34:07.0032 1340  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:34:07.0141 1340  napagent - ok
13:34:07.0188 1340  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:34:07.0235 1340  NativeWifiP - ok
13:34:07.0391 1340  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130213.033\ENG64.SYS
13:34:07.0422 1340  NAVENG - ok
13:34:07.0500 1340  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130213.033\EX64.SYS
13:34:07.0625 1340  NAVEX15 - ok
13:34:07.0687 1340  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:34:07.0749 1340  NDIS - ok
13:34:07.0796 1340  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:34:07.0874 1340  NdisCap - ok
13:34:07.0890 1340  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:07.0952 1340  NdisTapi - ok
13:34:07.0999 1340  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:08.0077 1340  Ndisuio - ok
13:34:08.0124 1340  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:08.0202 1340  NdisWan - ok
13:34:08.0233 1340  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:34:08.0311 1340  NDProxy - ok
13:34:08.0389 1340  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:34:08.0405 1340  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:08.0405 1340  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:08.0436 1340  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:34:08.0514 1340  NetBIOS - ok
13:34:08.0561 1340  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:34:08.0639 1340  NetBT - ok
13:34:08.0670 1340  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:34:08.0685 1340  Netlogon - ok
13:34:08.0732 1340  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:34:08.0810 1340  Netman - ok
13:34:08.0826 1340  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:34:08.0919 1340  netprofm - ok
13:34:08.0951 1340  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:08.0966 1340  NetTcpPortSharing - ok
13:34:08.0997 1340  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:34:09.0029 1340  nfrd960 - ok
13:34:09.0075 1340  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:34:09.0122 1340  NlaSvc - ok
13:34:09.0138 1340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:34:09.0216 1340  Npfs - ok
13:34:09.0231 1340  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:34:09.0325 1340  nsi - ok
13:34:09.0341 1340  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:34:09.0403 1340  nsiproxy - ok
13:34:09.0481 1340  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:34:09.0575 1340  Ntfs - ok
13:34:09.0606 1340  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:34:09.0684 1340  Null - ok
13:34:09.0715 1340  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:34:09.0746 1340  nvraid - ok
13:34:09.0793 1340  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:34:09.0824 1340  nvstor - ok
13:34:09.0887 1340  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:34:09.0902 1340  nv_agp - ok
13:34:10.0011 1340  [ 07D0A535A44DD048EE346853B0BB9349 ] Oasis2Service   C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
13:34:10.0043 1340  Oasis2Service ( UnsignedFile.Multi.Generic ) - warning
13:34:10.0043 1340  Oasis2Service - detected UnsignedFile.Multi.Generic (1)
13:34:10.0105 1340  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:34:10.0152 1340  odserv - ok
13:34:10.0183 1340  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:34:10.0214 1340  ohci1394 - ok
13:34:10.0245 1340  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:10.0277 1340  ose - ok
13:34:10.0323 1340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:34:10.0386 1340  p2pimsvc - ok
13:34:10.0433 1340  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:34:10.0479 1340  p2psvc - ok
13:34:10.0495 1340  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:34:10.0511 1340  Parport - ok
13:34:10.0557 1340  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:34:10.0589 1340  partmgr - ok
13:34:10.0635 1340  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:34:10.0682 1340  PcaSvc - ok
13:34:10.0713 1340  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:34:10.0745 1340  pci - ok
13:34:10.0791 1340  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:34:10.0807 1340  pciide - ok
13:34:10.0838 1340  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:34:10.0869 1340  pcmcia - ok
13:34:10.0901 1340  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:34:10.0932 1340  pcw - ok
13:34:10.0963 1340  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:34:11.0057 1340  PEAUTH - ok
13:34:11.0135 1340  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:34:11.0213 1340  PerfHost - ok
13:34:11.0306 1340  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:34:11.0431 1340  pla - ok
13:34:11.0478 1340  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:34:11.0540 1340  PlugPlay - ok
13:34:11.0618 1340  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
13:34:11.0681 1340  PMBDeviceInfoProvider - ok
13:34:11.0759 1340  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:34:11.0790 1340  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:11.0790 1340  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:11.0821 1340  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:34:11.0868 1340  PNRPAutoReg - ok
13:34:11.0899 1340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:34:11.0930 1340  PNRPsvc - ok
13:34:11.0993 1340  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:34:12.0102 1340  PolicyAgent - ok
13:34:12.0149 1340  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:34:12.0242 1340  Power - ok
13:34:12.0289 1340  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:34:12.0351 1340  PptpMiniport - ok
13:34:12.0383 1340  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:34:12.0414 1340  Processor - ok
13:34:12.0461 1340  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:34:12.0507 1340  ProfSvc - ok
13:34:12.0523 1340  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:34:12.0539 1340  ProtectedStorage - ok
13:34:12.0585 1340  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:34:12.0679 1340  Psched - ok
13:34:12.0710 1340  [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:34:12.0726 1340  PxHlpa64 - ok
13:34:12.0788 1340  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:34:12.0866 1340  ql2300 - ok
13:34:12.0897 1340  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:34:12.0929 1340  ql40xx - ok
13:34:12.0975 1340  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:34:13.0022 1340  QWAVE - ok
13:34:13.0038 1340  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:34:13.0085 1340  QWAVEdrv - ok
13:34:13.0116 1340  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:34:13.0194 1340  RasAcd - ok
13:34:13.0241 1340  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:34:13.0303 1340  RasAgileVpn - ok
13:34:13.0365 1340  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:34:13.0443 1340  RasAuto - ok
13:34:13.0490 1340  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:13.0568 1340  Rasl2tp - ok
13:34:13.0615 1340  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:34:13.0693 1340  RasMan - ok
13:34:13.0724 1340  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:13.0818 1340  RasPppoe - ok
13:34:13.0833 1340  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:34:13.0896 1340  RasSstp - ok
13:34:13.0958 1340  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:34:14.0052 1340  rdbss - ok
13:34:14.0083 1340  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:34:14.0130 1340  rdpbus - ok
13:34:14.0161 1340  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:34:14.0239 1340  RDPCDD - ok
13:34:14.0255 1340  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:34:14.0333 1340  RDPENCDD - ok
13:34:14.0379 1340  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:34:14.0442 1340  RDPREFMP - ok
13:34:14.0473 1340  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:34:14.0535 1340  RDPWD - ok
13:34:14.0567 1340  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:34:14.0598 1340  rdyboost - ok
13:34:14.0629 1340  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:34:14.0707 1340  RemoteAccess - ok
13:34:14.0738 1340  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:34:14.0832 1340  RemoteRegistry - ok
13:34:14.0863 1340  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:34:14.0910 1340  RFCOMM - ok
13:34:14.0941 1340  [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk        C:\Windows\system32\drivers\rimssn64.sys
13:34:15.0003 1340  rimsptsk - ok
13:34:15.0081 1340  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:34:15.0113 1340  RimUsb - ok
13:34:15.0144 1340  [ 71E182A0DE1CECB3F912960716345405 ] risdptsk        C:\Windows\system32\drivers\risdsn64.sys
13:34:15.0191 1340  risdptsk - ok
13:34:15.0253 1340  [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
13:34:15.0269 1340  Roxio UPnP Renderer 10 - ok
13:34:15.0315 1340  [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
13:34:15.0347 1340  Roxio Upnp Server 10 - ok
13:34:15.0378 1340  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:34:15.0456 1340  RpcEptMapper - ok
13:34:15.0487 1340  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:34:15.0534 1340  RpcLocator - ok
13:34:15.0581 1340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:34:15.0659 1340  RpcSs - ok
13:34:15.0690 1340  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:34:15.0752 1340  rspndr - ok
13:34:15.0815 1340  [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
13:34:15.0830 1340  RtkAudioService - ok
13:34:15.0908 1340  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:34:15.0924 1340  SamSs - ok
13:34:16.0017 1340  [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:34:16.0033 1340  SASDIFSV - ok
13:34:16.0049 1340  [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:34:16.0064 1340  SASKUTIL - ok
13:34:16.0111 1340  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:34:16.0142 1340  sbp2port - ok
13:34:16.0189 1340  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:34:16.0267 1340  SCardSvr - ok
13:34:16.0329 1340  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:34:16.0407 1340  scfilter - ok
13:34:16.0470 1340  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:34:16.0595 1340  Schedule - ok
13:34:16.0626 1340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:34:16.0688 1340  SCPolicySvc - ok
13:34:16.0751 1340  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
13:34:16.0782 1340  sdbus - ok
13:34:16.0813 1340  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:34:16.0860 1340  SDRSVC - ok
13:34:16.0969 1340  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:34:17.0000 1340  SeaPort - ok
13:34:17.0031 1340  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:34:17.0125 1340  secdrv - ok
13:34:17.0156 1340  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:34:17.0250 1340  seclogon - ok
13:34:17.0297 1340  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
13:34:17.0375 1340  SENS - ok
13:34:17.0390 1340  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:34:17.0437 1340  SensrSvc - ok
13:34:17.0484 1340  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:34:17.0515 1340  Serenum - ok
13:34:17.0546 1340  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
13:34:17.0577 1340  Serial - ok
13:34:17.0640 1340  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:34:17.0671 1340  sermouse - ok
13:34:17.0749 1340  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:34:17.0827 1340  SessionEnv - ok
13:34:17.0858 1340  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
13:34:17.0874 1340  SFEP - ok
13:34:17.0936 1340  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:34:17.0967 1340  sffdisk - ok
13:34:17.0999 1340  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:34:18.0045 1340  sffp_mmc - ok
13:34:18.0077 1340  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:34:18.0108 1340  sffp_sd - ok
13:34:18.0155 1340  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:34:18.0170 1340  sfloppy - ok
13:34:18.0248 1340  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:34:18.0342 1340  SharedAccess - ok
13:34:18.0404 1340  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:34:18.0513 1340  ShellHWDetection - ok
13:34:18.0560 1340  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:34:18.0576 1340  SiSRaid2 - ok
13:34:18.0607 1340  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:34:18.0623 1340  SiSRaid4 - ok
13:34:18.0716 1340  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:34:18.0747 1340  SkypeUpdate - ok
13:34:18.0810 1340  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:34:18.0888 1340  Smb - ok
13:34:18.0997 1340  [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
13:34:19.0153 1340  SmcService - ok
13:34:19.0184 1340  [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
13:34:19.0215 1340  SNAC - ok
13:34:19.0278 1340  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:34:19.0309 1340  SNMPTRAP - ok
13:34:19.0403 1340  [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
13:34:19.0418 1340  SOHCImp - ok
13:34:19.0434 1340  [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
13:34:19.0449 1340  SOHDBSvr - ok
13:34:19.0481 1340  [ 556681BE668D71DC162391A45422B52C ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
13:34:19.0527 1340  SOHDms - ok
13:34:19.0574 1340  [ 72B46103E4111439109ACF5882627C24 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
13:34:19.0590 1340  SOHDs - ok
13:34:19.0621 1340  [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
13:34:19.0652 1340  SOHPlMgr - ok
13:34:19.0683 1340  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:34:19.0699 1340  spldr - ok
13:34:19.0761 1340  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:34:19.0824 1340  Spooler - ok
13:34:19.0980 1340  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:34:20.0183 1340  sppsvc - ok
13:34:20.0245 1340  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:34:20.0339 1340  sppuinotify - ok
13:34:20.0417 1340  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$DDNI   C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE
13:34:20.0448 1340  SQLAgent$DDNI - ok
13:34:20.0510 1340  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:34:20.0541 1340  SQLBrowser - ok
13:34:20.0588 1340  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:34:20.0619 1340  SQLWriter - ok
13:34:20.0666 1340  [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP           C:\Windows\system32\Drivers\SRTSP64.SYS
13:34:20.0729 1340  SRTSP - ok
13:34:20.0760 1340  [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
13:34:20.0822 1340  SRTSPL - ok
13:34:20.0853 1340  [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
13:34:20.0869 1340  SRTSPX - ok
13:34:20.0931 1340  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:34:21.0025 1340  srv - ok
13:34:21.0087 1340  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:34:21.0119 1340  srv2 - ok
13:34:21.0165 1340  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:34:21.0212 1340  SrvHsfHDA - ok
13:34:21.0275 1340  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:34:21.0353 1340  SrvHsfV92 - ok
13:34:21.0399 1340  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:34:21.0462 1340  SrvHsfWinac - ok
13:34:21.0509 1340  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:34:21.0555 1340  srvnet - ok
13:34:21.0602 1340  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:34:21.0680 1340  SSDPSRV - ok
13:34:21.0727 1340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:34:21.0789 1340  SstpSvc - ok
13:34:21.0821 1340  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:34:21.0836 1340  stexstor - ok
13:34:21.0914 1340  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:34:21.0992 1340  stisvc - ok
13:34:22.0039 1340  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:34:22.0055 1340  swenum - ok
13:34:22.0101 1340  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:34:22.0211 1340  swprv - ok
13:34:22.0320 1340  [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
13:34:22.0398 1340  Symantec AntiVirus - ok
13:34:22.0429 1340  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:34:22.0445 1340  SymEvent - ok
13:34:22.0538 1340  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:34:22.0647 1340  SysMain - ok
13:34:22.0694 1340  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:34:22.0741 1340  TabletInputService - ok
13:34:22.0772 1340  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:34:22.0866 1340  TapiSrv - ok
13:34:22.0897 1340  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:34:22.0975 1340  TBS - ok
13:34:23.0053 1340  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:34:23.0162 1340  Tcpip - ok
13:34:23.0209 1340  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:34:23.0287 1340  TCPIP6 - ok
13:34:23.0349 1340  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:34:23.0381 1340  tcpipreg - ok
13:34:23.0412 1340  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:34:23.0474 1340  TDPIPE - ok
13:34:23.0521 1340  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:34:23.0552 1340  TDTCP - ok
13:34:23.0599 1340  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:34:23.0661 1340  tdx - ok
13:34:23.0693 1340  [ 13657DC475DE564247745BF4DA23207C ] Teefer2         C:\Windows\system32\DRIVERS\teefer2.sys
13:34:23.0708 1340  Teefer2 - ok
13:34:23.0755 1340  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:34:23.0771 1340  TermDD - ok
13:34:23.0833 1340  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:34:23.0927 1340  TermService - ok
13:34:23.0958 1340  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:34:24.0005 1340  Themes - ok
13:34:24.0051 1340  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:34:24.0114 1340  THREADORDER - ok
13:34:24.0145 1340  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:34:24.0223 1340  TrkWks - ok
13:34:24.0285 1340  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:34:24.0363 1340  TrustedInstaller - ok
13:34:24.0426 1340  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:34:24.0504 1340  tssecsrv - ok
13:34:24.0566 1340  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:34:24.0597 1340  TsUsbFlt - ok
13:34:24.0660 1340  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:34:24.0722 1340  tunnel - ok
13:34:24.0738 1340  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:34:24.0753 1340  uagp35 - ok
13:34:24.0800 1340  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
13:34:24.0816 1340  uCamMonitor - ok
13:34:24.0878 1340  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:34:24.0972 1340  udfs - ok
13:34:25.0019 1340  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:34:25.0050 1340  UI0Detect - ok
13:34:25.0065 1340  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:34:25.0081 1340  uliagpkx - ok
13:34:25.0143 1340  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:34:25.0190 1340  umbus - ok
13:34:25.0221 1340  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:34:25.0253 1340  UmPass - ok
13:34:25.0299 1340  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:34:25.0393 1340  upnphost - ok
13:34:25.0424 1340  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:34:25.0455 1340  usbaudio - ok
13:34:25.0487 1340  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:34:25.0549 1340  usbccgp - ok
13:34:25.0580 1340  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:34:25.0611 1340  usbcir - ok
13:34:25.0643 1340  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:34:25.0658 1340  usbehci - ok
13:34:25.0705 1340  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:34:25.0736 1340  usbhub - ok
13:34:25.0783 1340  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:34:25.0799 1340  usbohci - ok
13:34:25.0861 1340  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:34:25.0908 1340  usbprint - ok
13:34:25.0939 1340  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:34:25.0986 1340  usbscan - ok
13:34:26.0033 1340  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:34:26.0048 1340  USBSTOR - ok
13:34:26.0079 1340  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:34:26.0111 1340  usbuhci - ok
13:34:26.0173 1340  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:34:26.0204 1340  usbvideo - ok
13:34:26.0235 1340  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:34:26.0313 1340  UxSms - ok
13:34:26.0391 1340  [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
13:34:26.0407 1340  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
13:34:26.0407 1340  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
13:34:26.0469 1340  [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
13:34:26.0501 1340  VAIO Event Service - ok
13:34:26.0563 1340  [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
13:34:26.0610 1340  VAIO Power Management - ok
13:34:26.0641 1340  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:34:26.0657 1340  VaultSvc - ok
13:34:26.0719 1340  [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
13:34:26.0766 1340  VCFw - ok
13:34:26.0813 1340  [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
13:34:26.0875 1340  VcmIAlzMgr - ok
13:34:26.0922 1340  [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
13:34:26.0953 1340  VcmINSMgr - ok
13:34:27.0047 1340  [ DFE10C68EF4684F7754FCCA39A4CC6BA ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
13:34:27.0078 1340  VcmXmlIfHelper - ok
13:34:27.0109 1340  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
13:34:27.0125 1340  VCService - ok
13:34:27.0140 1340  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:34:27.0171 1340  vdrvroot - ok
13:34:27.0234 1340  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:34:27.0343 1340  vds - ok
13:34:27.0374 1340  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:34:27.0390 1340  vga - ok
13:34:27.0421 1340  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:34:27.0499 1340  VgaSave - ok
13:34:27.0530 1340  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:34:27.0546 1340  vhdmp - ok
13:34:27.0577 1340  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:34:27.0608 1340  viaide - ok
13:34:27.0639 1340  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:34:27.0655 1340  volmgr - ok
13:34:27.0702 1340  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:34:27.0733 1340  volmgrx - ok
13:34:27.0764 1340  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:34:27.0795 1340  volsnap - ok
13:34:27.0827 1340  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:34:27.0858 1340  vsmraid - ok
13:34:27.0936 1340  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:34:28.0092 1340  VSS - ok
13:34:28.0185 1340  [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
13:34:28.0263 1340  VUAgent - ok
13:34:28.0310 1340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:34:28.0341 1340  vwifibus - ok
13:34:28.0388 1340  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:34:28.0419 1340  vwififlt - ok
13:34:28.0466 1340  [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc        C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
13:34:28.0497 1340  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
13:34:28.0497 1340  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
13:34:28.0560 1340  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:34:28.0638 1340  W32Time - ok
13:34:28.0685 1340  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:34:28.0716 1340  WacomPen - ok
13:34:28.0747 1340  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:34:28.0825 1340  WANARP - ok
13:34:28.0841 1340  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:34:28.0903 1340  Wanarpv6 - ok
13:34:28.0997 1340  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:34:29.0075 1340  WatAdminSvc - ok
13:34:29.0153 1340  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:34:29.0277 1340  wbengine - ok
13:34:29.0340 1340  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:34:29.0387 1340  WbioSrvc - ok
13:34:29.0449 1340  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:34:29.0511 1340  wcncsvc - ok
13:34:29.0543 1340  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:34:29.0589 1340  WcsPlugInService - ok
13:34:29.0621 1340  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:34:29.0636 1340  Wd - ok
13:34:29.0714 1340  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:34:29.0777 1340  Wdf01000 - ok
13:34:29.0823 1340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:34:29.0933 1340  WdiServiceHost - ok
13:34:29.0964 1340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:34:29.0995 1340  WdiSystemHost - ok
13:34:30.0026 1340  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:34:30.0089 1340  WebClient - ok
13:34:30.0120 1340  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:34:30.0213 1340  Wecsvc - ok
13:34:30.0245 1340  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:34:30.0323 1340  wercplsupport - ok
13:34:30.0354 1340  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:34:30.0432 1340  WerSvc - ok
13:34:30.0479 1340  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:34:30.0541 1340  WfpLwf - ok
13:34:30.0557 1340  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:34:30.0572 1340  WIMMount - ok
13:34:30.0603 1340  WinDefend - ok
13:34:30.0635 1340  WinHttpAutoProxySvc - ok
13:34:30.0666 1340  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:34:30.0759 1340  Winmgmt - ok
13:34:30.0853 1340  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:34:31.0009 1340  WinRM - ok
13:34:31.0118 1340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:34:31.0181 1340  Wlansvc - ok
13:34:31.0259 1340  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:34:31.0274 1340  wlcrasvc - ok
13:34:31.0383 1340  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:34:31.0508 1340  wlidsvc - ok
13:34:31.0571 1340  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:34:31.0602 1340  WmiAcpi - ok
13:34:31.0664 1340  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:34:31.0711 1340  wmiApSrv - ok
13:34:31.0742 1340  WMPNetworkSvc - ok
13:34:31.0789 1340  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:34:31.0805 1340  WPCSvc - ok
13:34:31.0851 1340  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:34:31.0914 1340  WPDBusEnum - ok
13:34:31.0945 1340  [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS             C:\Windows\system32\drivers\wpsdrvnt.sys
13:34:31.0961 1340  WPS - ok
13:34:31.0992 1340  [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper       C:\Windows\system32\drivers\WpsHelper.sys
13:34:32.0007 1340  WpsHelper - ok
13:34:32.0054 1340  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:34:32.0132 1340  ws2ifsl - ok
13:34:32.0179 1340  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
13:34:32.0226 1340  wscsvc - ok
13:34:32.0273 1340  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
13:34:32.0319 1340  WSDPrintDevice - ok
13:34:32.0335 1340  WSearch - ok
13:34:32.0444 1340  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:34:32.0569 1340  wuauserv - ok
13:34:32.0631 1340  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:34:32.0694 1340  WudfPf - ok
13:34:32.0709 1340  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:34:32.0756 1340  WUDFRd - ok
13:34:32.0819 1340  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:34:32.0850 1340  wudfsvc - ok
13:34:32.0897 1340  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:34:32.0943 1340  WwanSvc - ok
13:34:33.0006 1340  [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
13:34:33.0068 1340  yukonw7 - ok
13:34:33.0084 1340  ================ Scan global ===============================
13:34:33.0131 1340  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:34:33.0193 1340  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:34:33.0224 1340  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:34:33.0255 1340  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:34:33.0271 1340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:34:33.0271 1340  [Global] - ok
13:34:33.0271 1340  ================ Scan MBR ==================================
13:34:33.0287 1340  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:34:33.0287 1340  Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:34:33.0349 1340  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:34:33.0349 1340  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:34:33.0443 1340  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:34:33.0443 1340  \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:34:33.0443 1340  ================ Scan VBR ==================================
13:34:33.0443 1340  [ 97C59A137F5D9A574799BAE14840233E ] \Device\Harddisk0\DR0\Partition1
13:34:33.0443 1340  \Device\Harddisk0\DR0\Partition1 - ok
13:34:33.0474 1340  [ 85AB73C32E59F4E6DB60A27C5DDB4279 ] \Device\Harddisk0\DR0\Partition2
13:34:33.0474 1340  \Device\Harddisk0\DR0\Partition2 - ok
13:34:33.0474 1340  ================ Scan active images ========================
13:34:33.0489 1340  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
13:34:33.0489 1340  C:\Windows\System32\drivers\crashdmp.sys - ok
13:34:33.0489 1340  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] C:\Windows\System32\drivers\iaStor.sys
13:34:33.0489 1340  C:\Windows\System32\drivers\iaStor.sys - ok
13:34:33.0505 1340  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
13:34:33.0505 1340  C:\Windows\System32\drivers\dumpfve.sys - ok
13:34:33.0521 1340  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
13:34:33.0521 1340  C:\Windows\System32\drivers\null.sys - ok
13:34:33.0521 1340  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
13:34:33.0521 1340  C:\Windows\System32\drivers\beep.sys - ok
13:34:33.0536 1340  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
13:34:33.0536 1340  C:\Windows\System32\drivers\videoprt.sys - ok
13:34:33.0536 1340  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
13:34:33.0536 1340  C:\Windows\System32\drivers\watchdog.sys - ok
13:34:33.0552 1340  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
13:34:33.0552 1340  C:\Windows\System32\drivers\vga.sys - ok
13:34:33.0552 1340  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
13:34:33.0552 1340  C:\Windows\System32\drivers\RDPENCDD.sys - ok
13:34:33.0567 1340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
13:34:33.0567 1340  C:\Windows\System32\drivers\msfs.sys - ok
13:34:33.0567 1340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
13:34:33.0567 1340  C:\Windows\System32\drivers\npfs.sys - ok
13:34:33.0583 1340  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
13:34:33.0583 1340  C:\Windows\System32\drivers\tdi.sys - ok
13:34:33.0583 1340  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
13:34:33.0583 1340  C:\Windows\System32\drivers\tdx.sys - ok
13:34:33.0614 1340  [ 6CAB753B203F39B4CE05FF10013DE2EF ] C:\Windows\System32\drivers\WPSDRVnt.sys
13:34:33.0614 1340  C:\Windows\System32\drivers\WPSDRVnt.sys - ok
13:34:33.0614 1340  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
13:34:33.0614 1340  C:\Windows\System32\drivers\afd.sys - ok
13:34:33.0630 1340  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
13:34:33.0630 1340  C:\Windows\System32\drivers\netbt.sys - ok
13:34:33.0630 1340  [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
13:34:33.0630 1340  C:\Windows\System32\drivers\ws2ifsl.sys - ok
13:34:33.0645 1340  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
13:34:33.0645 1340  C:\Windows\System32\drivers\wfplwf.sys - ok
13:34:33.0645 1340  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
13:34:33.0645 1340  C:\Windows\System32\drivers\pacer.sys - ok
13:34:33.0661 1340  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
13:34:33.0661 1340  C:\Windows\System32\drivers\vwififlt.sys - ok
13:34:33.0661 1340  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
13:34:33.0661 1340  C:\Windows\System32\drivers\netbios.sys - ok
13:34:33.0677 1340  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
13:34:33.0677 1340  C:\Windows\System32\drivers\rdbss.sys - ok
13:34:33.0677 1340  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
13:34:33.0677 1340  C:\Windows\System32\drivers\nsiproxy.sys - ok
13:34:33.0692 1340  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
13:34:33.0692 1340  C:\Windows\System32\drivers\dfsc.sys - ok
13:34:33.0708 1340  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
13:34:33.0708 1340  C:\Windows\System32\drivers\tunnel.sys - ok
13:34:33.0708 1340  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
13:34:33.0708 1340  C:\Windows\System32\smss.exe - ok
13:34:33.0723 1340  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
13:34:33.0723 1340  C:\Windows\System32\ntdll.dll - ok
13:34:33.0723 1340  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
13:34:33.0723 1340  C:\Windows\System32\autochk.exe - ok
13:34:33.0739 1340  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
13:34:33.0739 1340  C:\Windows\System32\drivers\usbport.sys - ok
13:34:33.0739 1340  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
13:34:33.0739 1340  C:\Windows\System32\drivers\usbuhci.sys - ok
13:34:33.0755 1340  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
13:34:33.0755 1340  C:\Windows\System32\drivers\usbehci.sys - ok
13:34:33.0770 1340  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
13:34:33.0770 1340  C:\Windows\System32\drivers\hdaudbus.sys - ok
13:34:33.0770 1340  [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] C:\Windows\System32\drivers\yk62x64.sys
13:34:33.0770 1340  C:\Windows\System32\drivers\yk62x64.sys - ok
13:34:33.0786 1340  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] C:\Windows\System32\drivers\athrx.sys
13:34:33.0786 1340  C:\Windows\System32\drivers\athrx.sys - ok
13:34:33.0786 1340  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
13:34:33.0786 1340  C:\Windows\System32\difxapi.dll - ok
13:34:33.0801 1340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
13:34:33.0801 1340  C:\Windows\System32\drivers\vwifibus.sys - ok
13:34:33.0817 1340  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
13:34:33.0817 1340  C:\Windows\System32\Wldap32.dll - ok
13:34:33.0817 1340  [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
13:34:33.0817 1340  C:\Windows\System32\drivers\1394ohci.sys - ok
13:34:33.0833 1340  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
13:34:33.0833 1340  C:\Windows\System32\nsi.dll - ok
13:34:33.0833 1340  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
13:34:33.0833 1340  C:\Windows\System32\comdlg32.dll - ok
13:34:33.0848 1340  [ 71E182A0DE1CECB3F912960716345405 ] C:\Windows\System32\drivers\risdsn64.sys
13:34:33.0848 1340  C:\Windows\System32\drivers\risdsn64.sys - ok
13:34:33.0848 1340  [ 87BEA2616EFDEC6A1CB3BFCFB09D816A ] C:\Windows\System32\urlmon.dll
13:34:33.0848 1340  C:\Windows\System32\urlmon.dll - ok
13:34:33.0864 1340  [ 258AADB43E3F3468B5CF8CB0F84872C2 ] C:\Windows\System32\drivers\rimssn64.sys
13:34:33.0864 1340  C:\Windows\System32\drivers\rimssn64.sys - ok
13:34:33.0864 1340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
13:34:33.0864 1340  C:\Windows\System32\drivers\i8042prt.sys - ok
13:34:33.0879 1340  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
13:34:33.0879 1340  C:\Windows\System32\drivers\kbdclass.sys - ok
13:34:33.0895 1340  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
13:34:33.0895 1340  C:\Windows\System32\gdi32.dll - ok
13:34:33.0895 1340  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
13:34:33.0895 1340  C:\Windows\System32\normaliz.dll - ok
13:34:33.0911 1340  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
13:34:33.0911 1340  C:\Windows\System32\msctf.dll - ok
13:34:33.0911 1340  [ 56BD886820C4AEDF493CFCDF1CCFB004 ] C:\Windows\System32\drivers\Apfiltr.sys
13:34:33.0911 1340  C:\Windows\System32\drivers\Apfiltr.sys - ok
13:34:33.0926 1340  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
13:34:33.0926 1340  C:\Windows\System32\drivers\mouclass.sys - ok
13:34:33.0926 1340  [ 70F9C476B62DE4F2823E918A6C181ADE ] C:\Windows\System32\drivers\SFEP.sys
13:34:33.0926 1340  C:\Windows\System32\drivers\SFEP.sys - ok
13:34:33.0942 1340  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
13:34:33.0942 1340  C:\Windows\System32\lpk.dll - ok
13:34:33.0942 1340  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
13:34:33.0942 1340  C:\Windows\System32\drivers\cdrom.sys - ok
13:34:33.0957 1340  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
13:34:33.0957 1340  C:\Windows\System32\sechost.dll - ok
13:34:33.0957 1340  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
13:34:33.0957 1340  C:\Windows\System32\drivers\blbdrive.sys - ok
13:34:33.0973 1340  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
13:34:33.0973 1340  C:\Windows\System32\shell32.dll - ok
13:34:33.0973 1340  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
13:34:33.0973 1340  C:\Windows\System32\drivers\CompositeBus.sys - ok
13:34:34.0004 1340  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
13:34:34.0004 1340  C:\Windows\System32\drivers\mssmbios.sys - ok
13:34:34.0004 1340  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
13:34:34.0004 1340  C:\Windows\System32\drivers\agilevpn.sys - ok
13:34:34.0020 1340  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
13:34:34.0020 1340  C:\Windows\System32\drivers\rasl2tp.sys - ok
13:34:34.0020 1340  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
13:34:34.0020 1340  C:\Windows\System32\drivers\ndistapi.sys - ok
13:34:34.0035 1340  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
13:34:34.0035 1340  C:\Windows\System32\drivers\ndiswan.sys - ok
13:34:34.0035 1340  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
13:34:34.0035 1340  C:\Windows\System32\drivers\raspppoe.sys - ok
13:34:34.0051 1340  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
13:34:34.0051 1340  C:\Windows\System32\drivers\raspptp.sys - ok
13:34:34.0051 1340  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
13:34:34.0051 1340  C:\Windows\System32\drivers\rassstp.sys - ok
13:34:34.0067 1340  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
13:34:34.0067 1340  C:\Windows\System32\drivers\termdd.sys - ok
13:34:34.0082 1340  [ 13657DC475DE564247745BF4DA23207C ] C:\Windows\System32\drivers\Teefer2.sys
13:34:34.0082 1340  C:\Windows\System32\drivers\Teefer2.sys - ok
13:34:34.0082 1340  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
13:34:34.0082 1340  C:\Windows\System32\drivers\ks.sys - ok
13:34:34.0098 1340  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
13:34:34.0098 1340  C:\Windows\System32\drivers\swenum.sys - ok
13:34:34.0098 1340  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
13:34:34.0098 1340  C:\Windows\System32\drivers\umbus.sys - ok
13:34:34.0113 1340  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
13:34:34.0113 1340  C:\Windows\System32\drivers\usbhub.sys - ok
13:34:34.0113 1340  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
13:34:34.0113 1340  C:\Windows\System32\clbcatq.dll - ok
13:34:34.0129 1340  [ 435E9C764E1EF70058580996452BE6A2 ] C:\Windows\System32\wininet.dll
13:34:34.0129 1340  C:\Windows\System32\wininet.dll - ok
13:34:34.0145 1340  [ F431C3C86FCCC1C53814F043A6CAD825 ] C:\Windows\System32\iertutil.dll
13:34:34.0145 1340  C:\Windows\System32\iertutil.dll - ok
13:34:34.0145 1340  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
13:34:34.0145 1340  C:\Windows\System32\advapi32.dll - ok
13:34:34.0160 1340  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
13:34:34.0160 1340  C:\Windows\System32\imagehlp.dll - ok
13:34:34.0160 1340  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
13:34:34.0160 1340  C:\Windows\System32\kernel32.dll - ok
13:34:34.0176 1340  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
13:34:34.0176 1340  C:\Windows\System32\oleaut32.dll - ok
13:34:34.0191 1340  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
13:34:34.0191 1340  C:\Windows\System32\setupapi.dll - ok
13:34:34.0191 1340  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
13:34:34.0191 1340  C:\Windows\System32\usp10.dll - ok
13:34:34.0207 1340  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
13:34:34.0207 1340  C:\Windows\System32\shlwapi.dll - ok
13:34:34.0223 1340  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
13:34:34.0223 1340  C:\Windows\System32\ws2_32.dll - ok
13:34:34.0238 1340  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
13:34:34.0238 1340  C:\Windows\System32\rpcrt4.dll - ok
13:34:34.0238 1340  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
13:34:34.0238 1340  C:\Windows\System32\psapi.dll - ok
13:34:34.0254 1340  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
13:34:34.0254 1340  C:\Windows\System32\imm32.dll - ok
13:34:34.0269 1340  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
13:34:34.0269 1340  C:\Windows\System32\ole32.dll - ok
13:34:34.0269 1340  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
13:34:34.0269 1340  C:\Windows\System32\user32.dll - ok
13:34:34.0269 1340  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
13:34:34.0269 1340  C:\Windows\System32\msvcrt.dll - ok
13:34:34.0285 1340  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
13:34:34.0285 1340  C:\Windows\System32\crypt32.dll - ok
13:34:34.0285 1340  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
13:34:34.0285 1340  C:\Windows\System32\cfgmgr32.dll - ok
13:34:34.0301 1340  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
13:34:34.0301 1340  C:\Windows\System32\devobj.dll - ok
13:34:34.0301 1340  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
13:34:34.0301 1340  C:\Windows\System32\wintrust.dll - ok
13:34:34.0316 1340  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
13:34:34.0316 1340  C:\Windows\System32\comctl32.dll - ok
13:34:34.0332 1340  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
13:34:34.0332 1340  C:\Windows\System32\KernelBase.dll - ok
13:34:34.0332 1340  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
13:34:34.0332 1340  C:\Windows\System32\drivers\ndproxy.sys - ok
13:34:34.0347 1340  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
13:34:34.0347 1340  C:\Windows\System32\msasn1.dll - ok
13:34:34.0363 1340  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
13:34:34.0363 1340  C:\Windows\System32\drivers\usbccgp.sys - ok
13:34:34.0379 1340  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
13:34:34.0379 1340  C:\Windows\System32\drivers\usbd.sys - ok
13:34:34.0394 1340  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
13:34:34.0394 1340  C:\Windows\SysWOW64\normaliz.dll - ok
13:34:34.0410 1340  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
13:34:34.0410 1340  C:\Windows\System32\drivers\dxapi.sys - ok
13:34:34.0410 1340  [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
13:34:34.0410 1340  C:\Windows\System32\win32k.sys - ok
13:34:34.0425 1340  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
13:34:34.0425 1340  C:\Windows\System32\csrss.exe - ok
13:34:34.0425 1340  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
13:34:34.0425 1340  C:\Windows\System32\csrsrv.dll - ok
13:34:34.0441 1340  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
13:34:34.0441 1340  C:\Windows\System32\basesrv.dll - ok
13:34:34.0457 1340  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
13:34:34.0457 1340  C:\Windows\System32\winsrv.dll - ok
13:34:34.0472 1340  [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys
13:34:34.0472 1340  C:\Windows\System32\drivers\dxg.sys - ok
13:34:34.0472 1340  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
13:34:34.0472 1340  C:\Windows\System32\tsddd.dll - ok
13:34:34.0472 1340  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
13:34:34.0472 1340  C:\Windows\System32\sxssrv.dll - ok
13:34:34.0488 1340  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
13:34:34.0488 1340  C:\Windows\System32\wininit.exe - ok
13:34:34.0488 1340  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
13:34:34.0488 1340  C:\Windows\System32\profapi.dll - ok
13:34:34.0519 1340  [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll
13:34:34.0519 1340  C:\Windows\System32\vga.dll - ok
13:34:34.0519 1340  [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll
13:34:34.0519 1340  C:\Windows\System32\framebuf.dll - ok
13:34:34.0535 1340  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
13:34:34.0535 1340  C:\Windows\System32\RpcRtRemote.dll - ok
13:34:34.0535 1340  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
13:34:34.0535 1340  C:\Windows\System32\winlogon.exe - ok
13:34:34.0550 1340  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
13:34:34.0550 1340  C:\Windows\System32\KBDUS.DLL - ok
13:34:34.0550 1340  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
13:34:34.0550 1340  C:\Windows\System32\winsta.dll - ok
13:34:34.0566 1340  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
13:34:34.0566 1340  C:\Windows\System32\WlS0WndH.dll - ok
13:34:34.0581 1340  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
13:34:34.0581 1340  C:\Windows\System32\sxs.dll - ok
13:34:34.0581 1340  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
13:34:34.0581 1340  C:\Windows\System32\cryptbase.dll - ok
13:34:34.0597 1340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
13:34:34.0597 1340  C:\Windows\System32\services.exe - ok
13:34:34.0597 1340  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
13:34:34.0597 1340  C:\Windows\System32\lsass.exe - ok
13:34:34.0613 1340  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
13:34:34.0613 1340  C:\Windows\System32\lsm.exe - ok
13:34:34.0613 1340  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
13:34:34.0613 1340  C:\Windows\System32\sspisrv.dll - ok
13:34:34.0628 1340  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
13:34:34.0628 1340  C:\Windows\System32\sspicli.dll - ok
13:34:34.0644 1340  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
13:34:34.0644 1340  C:\Windows\System32\lsasrv.dll - ok
13:34:34.0644 1340  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
13:34:34.0644 1340  C:\Windows\System32\sysntfy.dll - ok
13:34:34.0659 1340  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
13:34:34.0659 1340  C:\Windows\System32\wmsgapi.dll - ok
13:34:34.0659 1340  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
13:34:34.0659 1340  C:\Windows\System32\scext.dll - ok
13:34:34.0675 1340  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
13:34:34.0675 1340  C:\Windows\System32\secur32.dll - ok
13:34:34.0675 1340  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
13:34:34.0675 1340  C:\Windows\System32\scesrv.dll - ok
13:34:34.0691 1340  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
13:34:34.0691 1340  C:\Windows\System32\srvcli.dll - ok
13:34:34.0706 1340  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
13:34:34.0706 1340  C:\Windows\System32\samsrv.dll - ok
13:34:34.0706 1340  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
13:34:34.0706 1340  C:\Windows\System32\cryptdll.dll - ok
13:34:34.0722 1340  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
13:34:34.0722 1340  C:\Windows\System32\wevtapi.dll - ok
13:34:34.0722 1340  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
13:34:34.0722 1340  C:\Windows\System32\cngaudit.dll - ok
13:34:34.0737 1340  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
13:34:34.0737 1340  C:\Windows\System32\authz.dll - ok
13:34:34.0737 1340  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
13:34:34.0737 1340  C:\Windows\System32\ncrypt.dll - ok
13:34:34.0753 1340  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
13:34:34.0753 1340  C:\Windows\System32\bcrypt.dll - ok
13:34:34.0769 1340  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
13:34:34.0769 1340  C:\Windows\System32\msprivs.dll - ok
13:34:34.0769 1340  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
13:34:34.0769 1340  C:\Windows\System32\netjoin.dll - ok
13:34:34.0784 1340  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
13:34:34.0784 1340  C:\Windows\System32\negoexts.dll - ok
13:34:34.0784 1340  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
13:34:34.0784 1340  C:\Windows\System32\kerberos.dll - ok
13:34:34.0800 1340  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
13:34:34.0800 1340  C:\Windows\System32\cryptsp.dll - ok
13:34:34.0800 1340  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
13:34:34.0800 1340  C:\Windows\System32\mswsock.dll - ok
13:34:34.0815 1340  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
13:34:34.0815 1340  C:\Windows\System32\wship6.dll - ok
13:34:34.0831 1340  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
13:34:34.0831 1340  C:\Windows\System32\msv1_0.dll - ok
13:34:34.0847 1340  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
13:34:34.0847 1340  C:\Windows\System32\netlogon.dll - ok
13:34:34.0847 1340  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
13:34:34.0847 1340  C:\Windows\System32\dnsapi.dll - ok
13:34:34.0862 1340  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
13:34:34.0862 1340  C:\Windows\System32\logoncli.dll - ok
13:34:34.0862 1340  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
13:34:34.0862 1340  C:\Windows\System32\schannel.dll - ok
13:34:34.0878 1340  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
13:34:34.0878 1340  C:\Windows\System32\wdigest.dll - ok
13:34:34.0893 1340  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
13:34:34.0893 1340  C:\Windows\System32\rsaenh.dll - ok
13:34:34.0909 1340  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
13:34:34.0909 1340  C:\Windows\System32\TSpkg.dll - ok
13:34:34.0909 1340  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
13:34:34.0909 1340  C:\Windows\System32\pku2u.dll - ok
13:34:34.0925 1340  [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
13:34:34.0925 1340  C:\Windows\System32\LIVESSP.DLL - ok
13:34:34.0925 1340  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
13:34:34.0925 1340  C:\Windows\System32\bcryptprimitives.dll - ok
13:34:34.0940 1340  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
13:34:34.0940 1340  C:\Windows\System32\efslsaext.dll - ok
13:34:34.0956 1340  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
13:34:34.0956 1340  C:\Windows\System32\credssp.dll - ok
13:34:34.0956 1340  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
13:34:34.0956 1340  C:\Windows\System32\ubpm.dll - ok
13:34:34.0971 1340  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
13:34:34.0971 1340  C:\Windows\System32\scecli.dll - ok
13:34:34.0971 1340  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
13:34:34.0971 1340  C:\Windows\System32\svchost.exe - ok
13:34:34.0987 1340  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
13:34:34.0987 1340  C:\Windows\System32\umpnpmgr.dll - ok
13:34:34.0987 1340  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
13:34:34.0987 1340  C:\Windows\System32\SPInf.dll - ok
13:34:35.0003 1340  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
13:34:35.0003 1340  C:\Windows\System32\devrtl.dll - ok
13:34:35.0018 1340  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
13:34:35.0018 1340  C:\Windows\System32\userenv.dll - ok
13:34:35.0018 1340  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
13:34:35.0018 1340  C:\Windows\System32\gpapi.dll - ok
13:34:35.0034 1340  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
13:34:35.0034 1340  C:\Windows\System32\umpo.dll - ok
13:34:35.0034 1340  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
13:34:35.0034 1340  C:\Windows\System32\pcwum.dll - ok
13:34:35.0049 1340  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
13:34:35.0049 1340  C:\Windows\System32\powrprof.dll - ok
13:34:35.0049 1340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
13:34:35.0049 1340  C:\Windows\System32\rpcss.dll - ok
13:34:35.0065 1340  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
13:34:35.0065 1340  C:\Windows\System32\RpcEpMap.dll - ok
13:34:35.0081 1340  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
13:34:35.0081 1340  C:\Windows\System32\WSHTCPIP.DLL - ok
13:34:35.0081 1340  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
13:34:35.0081 1340  C:\Windows\System32\wshqos.dll - ok
13:34:35.0096 1340  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
13:34:35.0096 1340  C:\Windows\System32\FirewallAPI.dll - ok
13:34:35.0096 1340  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
13:34:35.0096 1340  C:\Windows\System32\LogonUI.exe - ok
13:34:35.0112 1340  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
13:34:35.0112 1340  C:\Windows\System32\version.dll - ok
13:34:35.0112 1340  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
13:34:35.0112 1340  C:\Windows\System32\authui.dll - ok
13:34:35.0127 1340  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
13:34:35.0127 1340  C:\Windows\System32\wevtsvc.dll - ok
13:34:35.0143 1340  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
13:34:35.0143 1340  C:\Windows\System32\cryptui.dll - ok
13:34:35.0143 1340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
13:34:35.0143 1340  C:\Windows\System32\wlansvc.dll - ok
13:34:35.0159 1340  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
13:34:35.0159 1340  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
13:34:35.0159 1340  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
13:34:35.0159 1340  C:\Windows\System32\profsvc.dll - ok
13:34:35.0174 1340  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
13:34:35.0174 1340  C:\Windows\System32\atl.dll - ok
13:34:35.0174 1340  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
13:34:35.0174 1340  C:\Windows\System32\adtschema.dll - ok
13:34:35.0190 1340  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
13:34:35.0190 1340  C:\Windows\System32\drivers\nwifi.sys - ok
13:34:35.0205 1340  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
13:34:35.0205 1340  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
13:34:35.0205 1340  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
13:34:35.0205 1340  C:\Windows\System32\drivers\fltMgr.sys - ok
13:34:35.0221 1340  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
13:34:35.0221 1340  C:\Windows\System32\drivers\ndisuio.sys - ok
13:34:35.0221 1340  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
13:34:35.0221 1340  C:\Windows\System32\shacct.dll - ok
13:34:35.0237 1340  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
13:34:35.0237 1340  C:\Windows\System32\PSHED.DLL - ok
13:34:35.0237 1340  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
13:34:35.0237 1340  C:\Windows\System32\lmhsvc.dll - ok
13:34:35.0252 1340  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
13:34:35.0252 1340  C:\Windows\System32\samlib.dll - ok
13:34:35.0268 1340  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
13:34:35.0268 1340  C:\Windows\System32\IPHLPAPI.DLL - ok
13:34:35.0268 1340  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
13:34:35.0268 1340  C:\Windows\System32\propsys.dll - ok
13:34:35.0283 1340  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
13:34:35.0283 1340  C:\Windows\System32\winnsi.dll - ok
13:34:35.0283 1340  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
13:34:35.0283 1340  C:\Windows\System32\nrpsrv.dll - ok
13:34:35.0299 1340  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
13:34:35.0299 1340  C:\Windows\System32\keyiso.dll - ok
13:34:35.0299 1340  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
13:34:35.0299 1340  C:\Windows\System32\nsisvc.dll - ok
13:34:35.0315 1340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
13:34:35.0315 1340  C:\Windows\System32\dhcpcore.dll - ok
13:34:35.0330 1340  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
13:34:35.0330 1340  C:\Windows\System32\eapsvc.dll - ok
13:34:35.0330 1340  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
13:34:35.0330 1340  C:\Windows\System32\eapphost.dll - ok
13:34:35.0346 1340  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
13:34:35.0346 1340  C:\Windows\System32\dhcpcore6.dll - ok
13:34:35.0346 1340  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
13:34:35.0346 1340  C:\Windows\System32\dnsrslvr.dll - ok
13:34:35.0361 1340  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
13:34:35.0361 1340  C:\Windows\System32\uxtheme.dll - ok
13:34:35.0361 1340  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
13:34:35.0361 1340  C:\Windows\System32\FWPUCLNT.DLL - ok
13:34:35.0377 1340  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
13:34:35.0377 1340  C:\Windows\System32\umb.dll - ok
13:34:35.0393 1340  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
13:34:35.0393 1340  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
13:34:35.0393 1340  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
13:34:35.0393 1340  C:\Windows\System32\dnsext.dll - ok
13:34:35.0408 1340  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
13:34:35.0408 1340  C:\Windows\System32\dhcpcsvc.dll - ok
13:34:35.0408 1340  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
13:34:35.0408 1340  C:\Windows\System32\wtsapi32.dll - ok
13:34:35.0424 1340  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
13:34:35.0424 1340  C:\Windows\System32\dhcpcsvc6.dll - ok
13:34:35.0424 1340  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
13:34:35.0424 1340  C:\Windows\System32\dsrole.dll - ok
13:34:35.0439 1340  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
13:34:35.0439 1340  C:\Windows\System32\wlanmsm.dll - ok
13:34:35.0455 1340  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
13:34:35.0455 1340  C:\Windows\System32\wlansec.dll - ok
13:34:35.0455 1340  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
13:34:35.0455 1340  C:\Windows\System32\onex.dll - ok
13:34:35.0471 1340  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
13:34:35.0471 1340  C:\Windows\System32\dui70.dll - ok
13:34:35.0486 1340  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
13:34:35.0486 1340  C:\Windows\System32\eappprxy.dll - ok
13:34:35.0486 1340  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
13:34:35.0486 1340  C:\Windows\System32\eappcfg.dll - ok
13:34:35.0502 1340  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
13:34:35.0502 1340  C:\Windows\System32\wlgpclnt.dll - ok
13:34:35.0517 1340  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
13:34:35.0517 1340  C:\Windows\System32\duser.dll - ok
13:34:35.0517 1340  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
13:34:35.0517 1340  C:\Windows\System32\l2gpstore.dll - ok
13:34:35.0533 1340  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
13:34:35.0533 1340  C:\Windows\System32\wlanutil.dll - ok
13:34:35.0533 1340  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
13:34:35.0533 1340  C:\Windows\System32\WinSCard.dll - ok
13:34:35.0549 1340  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
13:34:35.0549 1340  C:\Windows\System32\SndVolSSO.dll - ok
13:34:35.0549 1340  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
13:34:35.0549 1340  C:\Windows\System32\hid.dll - ok
13:34:35.0564 1340  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
13:34:35.0564 1340  C:\Windows\System32\msxml6.dll - ok
13:34:35.0580 1340  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
13:34:35.0580 1340  C:\Windows\System32\MMDevAPI.dll - ok
13:34:35.0580 1340  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
13:34:35.0580 1340  C:\Windows\System32\dwmapi.dll - ok
13:34:35.0595 1340  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
13:34:35.0595 1340  C:\Windows\System32\xmllite.dll - ok
13:34:35.0595 1340  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
13:34:35.0595 1340  C:\Windows\System32\WindowsCodecs.dll - ok
13:34:35.0611 1340  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
13:34:35.0611 1340  C:\Windows\System32\winbrand.dll - ok
13:34:35.0611 1340  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
13:34:35.0611 1340  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
13:34:35.0627 1340  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
13:34:35.0627 1340  C:\Windows\System32\VaultCredProvider.dll - ok
13:34:35.0642 1340  [ 27D036FB3D22CA8A6662FE960D1A937D ] C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:34:35.0642 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe - ok
13:34:35.0642 1340  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
13:34:35.0642 1340  C:\Windows\SysWOW64\ntdll.dll - ok
13:34:35.0658 1340  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
13:34:35.0658 1340  C:\Windows\System32\UXInit.dll - ok
13:34:35.0658 1340  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
13:34:35.0658 1340  C:\Windows\System32\wow64.dll - ok
13:34:35.0673 1340  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
13:34:35.0673 1340  C:\Windows\System32\wow64win.dll - ok
13:34:35.0689 1340  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
13:34:35.0689 1340  C:\Windows\System32\wow64cpu.dll - ok
13:34:35.0689 1340  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
13:34:35.0689 1340  C:\Windows\SysWOW64\kernel32.dll - ok
13:34:35.0705 1340  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
13:34:35.0705 1340  C:\Windows\SysWOW64\KernelBase.dll - ok
13:34:35.0705 1340  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
13:34:35.0705 1340  C:\Windows\SysWOW64\ole32.dll - ok
13:34:35.0720 1340  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
13:34:35.0720 1340  C:\Windows\SysWOW64\msvcrt.dll - ok
13:34:35.0720 1340  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
13:34:35.0720 1340  C:\Windows\SysWOW64\gdi32.dll - ok
13:34:35.0736 1340  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
13:34:35.0736 1340  C:\Windows\SysWOW64\user32.dll - ok
13:34:35.0736 1340  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
13:34:35.0736 1340  C:\Windows\SysWOW64\advapi32.dll - ok
13:34:35.0751 1340  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
13:34:35.0751 1340  C:\Windows\SysWOW64\sechost.dll - ok
13:34:35.0767 1340  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
13:34:35.0767 1340  C:\Windows\System32\wkscli.dll - ok
13:34:35.0767 1340  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
13:34:35.0767 1340  C:\Windows\SysWOW64\rpcrt4.dll - ok
13:34:35.0783 1340  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
13:34:35.0783 1340  C:\Windows\System32\netcfgx.dll - ok
13:34:35.0783 1340  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
13:34:35.0783 1340  C:\Windows\System32\netutils.dll - ok
13:34:35.0798 1340  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
13:34:35.0798 1340  C:\Windows\SysWOW64\sspicli.dll - ok
13:34:35.0798 1340  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
13:34:35.0798 1340  C:\Windows\System32\samcli.dll - ok
13:34:35.0814 1340  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
13:34:35.0814 1340  C:\Windows\System32\imageres.dll - ok
13:34:35.0814 1340  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
13:34:35.0814 1340  C:\Windows\SysWOW64\cryptbase.dll - ok
13:34:35.0829 1340  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
13:34:35.0829 1340  C:\Windows\SysWOW64\lpk.dll - ok
13:34:35.0829 1340  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
13:34:35.0829 1340  C:\Windows\SysWOW64\usp10.dll - ok
13:34:35.0845 1340  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\SysWOW64\msvcp71.dll
13:34:35.0845 1340  C:\Windows\SysWOW64\msvcp71.dll - ok
13:34:35.0861 1340  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\SysWOW64\msvcr71.dll
13:34:35.0861 1340  C:\Windows\SysWOW64\msvcr71.dll - ok
13:34:35.0861 1340  [ 9711E3AC95D00D38E4F90E58AC26FCC0 ] C:\Program Files (x86)\Common Files\Symantec Shared\ccL60U.dll
13:34:35.0861 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccL60U.dll - ok
13:34:35.0876 1340  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
13:34:35.0876 1340  C:\Windows\SysWOW64\oleaut32.dll - ok
13:34:35.0876 1340  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
13:34:35.0876 1340  C:\Windows\SysWOW64\imm32.dll - ok
13:34:35.0892 1340  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
13:34:35.0892 1340  C:\Windows\SysWOW64\msctf.dll - ok
13:34:35.0892 1340  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
13:34:35.0892 1340  C:\Windows\SysWOW64\ws2_32.dll - ok
13:34:35.0907 1340  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
13:34:35.0907 1340  C:\Windows\SysWOW64\nsi.dll - ok
13:34:35.0907 1340  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
13:34:35.0907 1340  C:\Windows\SysWOW64\shlwapi.dll - ok
13:34:35.0923 1340  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
13:34:35.0923 1340  C:\Windows\SysWOW64\atl.dll - ok
13:34:35.0923 1340  [ B49B56B64F57699A1A663D2CF7D0A56F ] C:\Windows\SysWOW64\wininet.dll
13:34:35.0923 1340  C:\Windows\SysWOW64\wininet.dll - ok
13:34:35.0939 1340  [ D171EAA745A2C0C583CDDA13D9088EE4 ] C:\Windows\SysWOW64\iertutil.dll
13:34:35.0939 1340  C:\Windows\SysWOW64\iertutil.dll - ok
13:34:35.0954 1340  [ BE157C3800DA3010EFC48280ECF81C16 ] C:\Windows\SysWOW64\urlmon.dll
13:34:35.0954 1340  C:\Windows\SysWOW64\urlmon.dll - ok
13:34:35.0954 1340  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
13:34:35.0954 1340  C:\Windows\SysWOW64\shell32.dll - ok
13:34:35.0970 1340  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
13:34:35.0970 1340  C:\Windows\SysWOW64\winmm.dll - ok
13:34:35.0970 1340  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
13:34:35.0970 1340  C:\Windows\SysWOW64\dbghelp.dll - ok
13:34:35.0985 1340  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
13:34:35.0985 1340  C:\Windows\SysWOW64\version.dll - ok
13:34:35.0985 1340  [ C759D29D21CB9B096987254E58F78FEB ] C:\Program Files (x86)\Common Files\Symantec Shared\ccVrTrst.dll
13:34:35.0985 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccVrTrst.dll - ok
13:34:36.0001 1340  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
13:34:36.0001 1340  C:\Windows\SysWOW64\setupapi.dll - ok
13:34:36.0017 1340  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
13:34:36.0017 1340  C:\Windows\SysWOW64\cfgmgr32.dll - ok
13:34:36.0017 1340  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
13:34:36.0017 1340  C:\Windows\SysWOW64\devobj.dll - ok
13:34:36.0032 1340  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
13:34:36.0032 1340  C:\Windows\SysWOW64\wsock32.dll - ok
13:34:36.0032 1340  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
13:34:36.0032 1340  C:\Windows\SysWOW64\crypt32.dll - ok
13:34:36.0048 1340  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
13:34:36.0048 1340  C:\Windows\SysWOW64\msasn1.dll - ok
13:34:36.0063 1340  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
13:34:36.0063 1340  C:\Windows\SysWOW64\wintrust.dll - ok
13:34:36.0063 1340  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
13:34:36.0063 1340  C:\Windows\SysWOW64\cryptsp.dll - ok
13:34:36.0079 1340  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
13:34:36.0079 1340  C:\Windows\SysWOW64\imagehlp.dll - ok
13:34:36.0079 1340  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
13:34:36.0079 1340  C:\Windows\SysWOW64\rsaenh.dll - ok
13:34:36.0095 1340  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
13:34:36.0095 1340  C:\Windows\SysWOW64\ncrypt.dll - ok
13:34:36.0095 1340  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
13:34:36.0095 1340  C:\Windows\SysWOW64\bcrypt.dll - ok
13:34:36.0110 1340  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
13:34:36.0110 1340  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
13:34:36.0110 1340  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
13:34:36.0110 1340  C:\Windows\SysWOW64\userenv.dll - ok
13:34:36.0126 1340  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
13:34:36.0126 1340  C:\Windows\SysWOW64\profapi.dll - ok
13:34:36.0141 1340  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
13:34:36.0141 1340  C:\Windows\SysWOW64\gpapi.dll - ok
13:34:36.0141 1340  [ 60769600E847E02070582740C74287DE ] C:\Program Files (x86)\Common Files\Symantec Shared\ccSvc.dll
13:34:36.0141 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccSvc.dll - ok
13:34:36.0157 1340  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
13:34:36.0157 1340  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
13:34:36.0157 1340  [ 0DEA3A71652C8DE274906AAF6176181F ] C:\Program Files (x86)\Common Files\Symantec Shared\ccSet.dll
13:34:36.0157 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccSet.dll - ok
13:34:36.0173 1340  [ 5F8EE20C57AA975A8A739E930EA1D60D ] C:\PROGRA~2\COMMON~1\SYMANT~1\ccSetPlg.dll
13:34:36.0173 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\ccSetPlg.dll - ok
13:34:36.0173 1340  [ BC45AD913BB22E3692E925BA701B9393 ] C:\PROGRA~2\COMMON~1\SYMANT~1\SAVSUB~1\SUBENG.dll
13:34:36.0173 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\SAVSUB~1\SUBENG.dll - ok
13:34:36.0188 1340  [ AD8203DD964780DE60F05902B82444D5 ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\SUBRES.loc
13:34:36.0188 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\SUBRES.loc - ok
13:34:36.0204 1340  [ 7EA83F592AD6C50E473AA3E3A99F24E9 ] C:\PROGRA~2\COMMON~1\SYMANT~1\ccEvtPlg.dll
13:34:36.0204 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\ccEvtPlg.dll - ok
13:34:36.0204 1340  [ 5A7C943AB6FCC92D81A12F71E76CCC43 ] C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtCli.dll
13:34:36.0204 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtCli.dll - ok
13:34:36.0219 1340  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
13:34:36.0219 1340  C:\Windows\System32\BFE.DLL - ok
13:34:36.0219 1340  [ E0CF5A3DF3BA2858D240068D0D975EC0 ] C:\PROGRA~2\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll
13:34:36.0219 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll - ok
13:34:36.0251 1340  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
13:34:36.0251 1340  C:\Windows\System32\slc.dll - ok
13:34:36.0251 1340  [ 15794FF346C14F3F9F3CEB89605E06F5 ] C:\PROGRA~2\COMMON~1\SYMANT~1\ccSetEvt.dll
13:34:36.0251 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\ccSetEvt.dll - ok
13:34:36.0266 1340  [ 1F1D608ABCC34CA2A5369C95B47605F0 ] C:\Windows\SysWOW64\atl71.dll
13:34:36.0266 1340  C:\Windows\SysWOW64\atl71.dll - ok
13:34:36.0266 1340  [ 28498E17C443993681A7A1C9EE42F709 ] C:\Program Files (x86)\Common Files\Symantec Shared\ccProSub.dll
13:34:36.0266 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccProSub.dll - ok
13:34:36.0282 1340  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
13:34:36.0282 1340  C:\Windows\SysWOW64\clbcatq.dll - ok
13:34:36.0282 1340  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
13:34:36.0282 1340  C:\Windows\System32\drivers\bowser.sys - ok
13:34:36.0297 1340  [ 85CD9F6F54ECA175333F689508395165 ] C:\PROGRA~2\COMMON~1\SYMANT~1\SAVSUB~1\SUBCONN.dll
13:34:36.0297 1340  C:\PROGRA~2\COMMON~1\SYMANT~1\SAVSUB~1\SUBCONN.dll - ok
13:34:36.0297 1340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
13:34:36.0297 1340  C:\Windows\System32\drivers\mpsdrv.sys - ok
13:34:36.0313 1340  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
13:34:36.0313 1340  C:\Windows\System32\MPSSVC.dll - ok
13:34:36.0329 1340  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
13:34:36.0329 1340  C:\Windows\System32\drivers\mrxsmb.sys - ok
13:34:36.0329 1340  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
13:34:36.0329 1340  C:\Windows\System32\drivers\mrxsmb10.sys - ok
13:34:36.0344 1340  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
13:34:36.0344 1340  C:\Windows\System32\wfapigp.dll - ok
13:34:36.0360 1340  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
13:34:36.0360 1340  C:\Windows\System32\drivers\mrxsmb20.sys - ok
13:34:36.0360 1340  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
13:34:36.0360 1340  C:\Windows\System32\mscms.dll - ok
13:34:36.0375 1340  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
13:34:36.0375 1340  C:\Windows\System32\wkssvc.dll - ok
13:34:36.0391 1340  [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
13:34:36.0391 1340  C:\Program Files\SUPERAntiSpyware\SASCore64.exe - ok
13:34:36.0391 1340  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
13:34:36.0391 1340  C:\Windows\System32\pcasvc.dll - ok
13:34:36.0407 1340  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
13:34:36.0407 1340  C:\Windows\System32\snmptrap.exe - ok
13:34:36.0407 1340  [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
13:34:36.0407 1340  C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
13:34:36.0422 1340  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
13:34:36.0422 1340  C:\Windows\System32\ntmarta.dll - ok
13:34:36.0422 1340  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
13:34:36.0422 1340  C:\Windows\System32\provsvc.dll - ok
13:34:36.0438 1340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
13:34:36.0438 1340  C:\Windows\System32\sstpsvc.dll - ok
13:34:36.0453 1340  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
13:34:36.0453 1340  C:\Windows\System32\IKEEXT.DLL - ok
13:34:36.0453 1340  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
13:34:36.0453 1340  C:\Windows\System32\netman.dll - ok
13:34:36.0469 1340  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
13:34:36.0469 1340  C:\Windows\System32\cryptsvc.dll - ok
13:34:36.0469 1340  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
13:34:36.0469 1340  C:\Windows\System32\cryptnet.dll - ok
13:34:36.0485 1340  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
13:34:36.0485 1340  C:\Windows\System32\nlasvc.dll - ok
13:34:36.0485 1340  [ BA2FB8F8AB24D0279CAA98A4C118150E ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
13:34:36.0485 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe - ok
13:34:36.0500 1340  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
13:34:36.0500 1340  C:\Windows\System32\ncsi.dll - ok
13:34:36.0516 1340  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
13:34:36.0516 1340  C:\Windows\System32\winhttp.dll - ok
13:34:36.0516 1340  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
13:34:36.0516 1340  C:\Windows\System32\webio.dll - ok
13:34:36.0531 1340  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
13:34:36.0531 1340  C:\Windows\System32\vpnikeapi.dll - ok
13:34:36.0531 1340  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
13:34:36.0531 1340  C:\Windows\System32\ssdpapi.dll - ok
13:34:36.0547 1340  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
13:34:36.0547 1340  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
13:34:36.0563 1340  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
13:34:36.0563 1340  C:\Windows\SysWOW64\netapi32.dll - ok
13:34:36.0578 1340  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
13:34:36.0578 1340  C:\Windows\SysWOW64\netutils.dll - ok
13:34:36.0578 1340  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
13:34:36.0578 1340  C:\Windows\SysWOW64\srvcli.dll - ok
13:34:36.0594 1340  [ 5837F5AE5FAED44D14B8F8B20AB30BBA ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SAVSubmitter.dll
13:34:36.0594 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SAVSubmitter.dll - ok
13:34:36.0594 1340  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
13:34:36.0594 1340  C:\Windows\SysWOW64\wkscli.dll - ok
13:34:36.0609 1340  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
13:34:36.0609 1340  C:\Windows\SysWOW64\mpr.dll - ok
13:34:36.0609 1340  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
13:34:36.0609 1340  C:\Windows\SysWOW64\psapi.dll - ok
13:34:36.0625 1340  [ E94F83BD32339A188DDBF863DBE39ECC ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\I2ldvp3.dll
13:34:36.0625 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\I2ldvp3.dll - ok
13:34:36.0625 1340  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
13:34:36.0625 1340  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
13:34:36.0641 1340  [ 49AB1F6E030B70A8710D9975EAF70871 ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\SAVSubmitterRes.dll
13:34:36.0641 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\SAVSubmitterRes.dll - ok
13:34:36.0656 1340  [ 521B748A7F9923302CA18B7E6AA2EEAE ] C:\Windows\SysWOW64\activeds.dll
13:34:36.0656 1340  C:\Windows\SysWOW64\activeds.dll - ok
13:34:36.0656 1340  [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\SysWOW64\adsldpc.dll
13:34:36.0656 1340  C:\Windows\SysWOW64\adsldpc.dll - ok
13:34:36.0672 1340  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
13:34:36.0672 1340  C:\Windows\SysWOW64\Wldap32.dll - ok
13:34:36.0672 1340  [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
13:34:36.0672 1340  C:\Windows\SysWOW64\secur32.dll - ok
13:34:36.0687 1340  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
13:34:36.0687 1340  C:\Windows\SysWOW64\wtsapi32.dll - ok
13:34:36.0687 1340  [ 083E378ECEF552A9A32F7B176AB3550B ] C:\Program Files (x86)\Common Files\Symantec Shared\ccL608.dll
13:34:36.0687 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccL608.dll - ok
13:34:36.0703 1340  [ 893C44082C97F7AED3E7C180FA1F93D8 ] C:\Windows\System32\mpnotify.exe
13:34:36.0703 1340  C:\Windows\System32\mpnotify.exe - ok
13:34:36.0703 1340  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
13:34:36.0703 1340  C:\Windows\SysWOW64\shfolder.dll - ok
13:34:36.0719 1340  [ F0A86756AEF6C524B7C8BD5601CF4F0C ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\ActaRes.dll
13:34:36.0719 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\ActaRes.dll - ok
13:34:36.0734 1340  [ FFC68898BD2915256EA899B6FB657E6A ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\PScanRes.dll
13:34:36.0734 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\res\1033\PScanRes.dll - ok
13:34:36.0734 1340  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
13:34:36.0734 1340  C:\Program Files\Windows Defender\MpSvc.dll - ok
13:34:36.0750 1340  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
13:34:36.0750 1340  C:\Windows\System32\msi.dll - ok
13:34:36.0765 1340  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
13:34:36.0765 1340  C:\Windows\System32\wbem\WMIsvc.dll - ok
13:34:36.0765 1340  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
13:34:36.0765 1340  C:\Windows\System32\wbemcomn.dll - ok
13:34:36.0781 1340  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
13:34:36.0781 1340  C:\Windows\System32\sfc.dll - ok
13:34:36.0781 1340  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
13:34:36.0781 1340  C:\Windows\System32\wbem\WinMgmtR.dll - ok
13:34:36.0797 1340  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
13:34:36.0797 1340  C:\Windows\System32\sfc_os.dll - ok
13:34:36.0797 1340  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
13:34:36.0797 1340  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
13:34:36.0812 1340  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
13:34:36.0812 1340  C:\Program Files\Windows Defender\MpClient.dll - ok
13:34:36.0828 1340  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
13:34:36.0828 1340  C:\Windows\System32\wbem\fastprox.dll - ok
13:34:36.0828 1340  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
13:34:36.0828 1340  C:\Windows\System32\ntdsapi.dll - ok
13:34:36.0843 1340  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
13:34:36.0843 1340  C:\Windows\System32\wbem\wbemprox.dll - ok
13:34:36.0843 1340  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
13:34:36.0843 1340  C:\Windows\System32\msiltcfg.dll - ok
13:34:36.0859 1340  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
13:34:36.0859 1340  C:\Windows\System32\vssapi.dll - ok
13:34:36.0859 1340  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
13:34:36.0859 1340  C:\Windows\System32\vsstrace.dll - ok
13:34:36.0875 1340  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
13:34:36.0875 1340  C:\Windows\System32\wbem\wbemcore.dll - ok
13:34:36.0890 1340  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
13:34:36.0890 1340  C:\Windows\System32\mpr.dll - ok
13:34:36.0890 1340  [ 4B1401A5B7F2B131C34C547970D3321F ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SnacNp64.dll
13:34:36.0890 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SnacNp64.dll - ok
13:34:36.0906 1340  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
13:34:36.0906 1340  C:\Windows\System32\wbem\esscli.dll - ok
13:34:36.0906 1340  [ E4487CCF49941F2C4DED7013A44ED073 ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\NAVNTUTL.DLL
13:34:36.0906 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\NAVNTUTL.DLL - ok
13:34:36.0921 1340  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
13:34:36.0921 1340  C:\Windows\System32\wbem\wbemsvc.dll - ok
13:34:36.0921 1340  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
13:34:36.0921 1340  C:\Windows\System32\wbem\wmiutils.dll - ok
13:34:36.0953 1340  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
13:34:36.0953 1340  C:\Windows\System32\wbem\repdrvfs.dll - ok
13:34:36.0953 1340  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
13:34:36.0953 1340  C:\Windows\System32\dllhost.exe - ok
13:34:36.0968 1340  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
13:34:36.0968 1340  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
13:34:36.0968 1340  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
13:34:36.0968 1340  C:\Windows\SysWOW64\wbemcomn.dll - ok
13:34:36.0984 1340  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
13:34:36.0984 1340  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
13:34:36.0984 1340  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
13:34:36.0984 1340  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
13:34:36.0999 1340  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
13:34:36.0999 1340  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
13:34:37.0015 1340  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
13:34:37.0015 1340  C:\Windows\System32\IDStore.dll - ok
13:34:37.0015 1340  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
13:34:37.0015 1340  C:\Windows\SysWOW64\ntdsapi.dll - ok
13:34:37.0031 1340  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
13:34:37.0031 1340  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
13:34:37.0031 1340  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
13:34:37.0031 1340  C:\Windows\System32\ncobjapi.dll - ok
13:34:37.0046 1340  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
13:34:37.0046 1340  C:\Windows\System32\wbem\wbemess.dll - ok
13:34:37.0046 1340  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
13:34:37.0046 1340  C:\Windows\SysWOW64\wscisvif.dll - ok
13:34:37.0062 1340  [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
13:34:37.0062 1340  C:\Windows\SysWOW64\wscapi.dll - ok
13:34:37.0077 1340  [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll
13:34:37.0077 1340  C:\Windows\SysWOW64\wscproxystub.dll - ok
13:34:37.0077 1340  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
13:34:37.0077 1340  C:\Windows\SysWOW64\ntmarta.dll - ok
13:34:37.0093 1340  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
13:34:37.0093 1340  C:\Windows\System32\AtBroker.exe - ok
13:34:37.0093 1340  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
13:34:37.0093 1340  C:\Windows\SysWOW64\winsta.dll - ok
13:34:37.0109 1340  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
13:34:37.0109 1340  C:\Windows\System32\userinit.exe - ok
13:34:37.0109 1340  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
13:34:37.0109 1340  C:\Windows\explorer.exe - ok
13:34:37.0124 1340  [ AA5607632A1A84ABD82EAA5929800F62 ] C:\Program Files (x86)\Common Files\Symantec Shared\DefUtDCD.dll
13:34:37.0124 1340  C:\Program Files (x86)\Common Files\Symantec Shared\DefUtDCD.dll - ok
13:34:37.0140 1340  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
13:34:37.0140 1340  C:\Windows\System32\ExplorerFrame.dll - ok
13:34:37.0140 1340  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
13:34:37.0140 1340  C:\Windows\System32\apphelp.dll - ok
13:34:37.0155 1340  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
13:34:37.0155 1340  C:\Windows\SysWOW64\cryptnet.dll - ok
13:34:37.0155 1340  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
13:34:37.0155 1340  C:\Windows\SysWOW64\SensApi.dll - ok
13:34:37.0171 1340  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
13:34:37.0171 1340  C:\Windows\System32\EhStorShell.dll - ok
13:34:37.0171 1340  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
13:34:37.0171 1340  C:\Windows\System32\ntshrui.dll - ok
13:34:37.0187 1340  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
13:34:37.0187 1340  C:\Windows\System32\cscapi.dll - ok
13:34:37.0202 1340  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
13:34:37.0202 1340  C:\Windows\System32\IconCodecService.dll - ok
13:34:37.0202 1340  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
13:34:37.0202 1340  C:\Windows\System32\runonce.exe - ok
13:34:37.0218 1340  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
13:34:37.0218 1340  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
13:34:37.0218 1340  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
13:34:37.0218 1340  C:\Windows\SysWOW64\winnsi.dll - ok
13:34:37.0233 1340  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
13:34:37.0233 1340  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
13:34:37.0233 1340  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
13:34:37.0233 1340  C:\Windows\SysWOW64\runonce.exe - ok
13:34:37.0249 1340  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
13:34:37.0249 1340  C:\Windows\SysWOW64\cscapi.dll - ok
13:34:37.0265 1340  [ E524AC8EA995F3AEE9067C568C575BB4 ] C:\Program Files (x86)\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll
13:34:37.0265 1340  C:\Program Files (x86)\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll - ok
13:34:37.0265 1340  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
13:34:37.0265 1340  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
13:34:37.0280 1340  [ 0837F5D8956F532CA9D38A41A7F11108 ] C:\Program Files (x86)\Common Files\Symantec Shared\dec_abi.dll
13:34:37.0280 1340  C:\Program Files (x86)\Common Files\Symantec Shared\dec_abi.dll - ok
13:34:37.0280 1340  [ 850F8A91FEA1211E4F6362C58C444655 ] C:\Program Files (x86)\Common Files\Symantec Shared\ccScanW.dll
13:34:37.0280 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ccScanW.dll - ok
13:34:37.0296 1340  [ 25D7A040A493AB91052F9170D4DB80D4 ] C:\Program Files (x86)\Common Files\Symantec Shared\ecmldr32.DLL
13:34:37.0296 1340  C:\Program Files (x86)\Common Files\Symantec Shared\ecmldr32.DLL - ok
13:34:37.0296 1340  [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe
13:34:37.0296 1340  C:\Windows\System32\ctfmon.exe - ok
13:34:37.0311 1340  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
13:34:37.0311 1340  C:\Windows\System32\timedate.cpl - ok
13:34:37.0327 1340  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
13:34:37.0327 1340  C:\Windows\System32\MsCtfMonitor.dll - ok
13:34:37.0343 1340  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
13:34:37.0343 1340  C:\Windows\System32\msutb.dll - ok
13:34:37.0343 1340  [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
13:34:37.0343 1340  C:\Windows\System32\oleres.dll - ok
13:34:37.0358 1340  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
13:34:37.0358 1340  C:\Windows\System32\shdocvw.dll - ok
13:34:37.0358 1340  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
13:34:37.0358 1340  C:\Windows\System32\linkinfo.dll - ok
13:34:37.0374 1340  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
13:34:37.0374 1340  C:\Windows\System32\msftedit.dll - ok
13:34:37.0389 1340  [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
13:34:37.0389 1340  C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
13:34:37.0389 1340  [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
13:34:37.0389 1340  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
13:34:37.0405 1340  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
13:34:37.0405 1340  C:\Windows\System32\msls31.dll - ok
13:34:37.0405 1340  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
13:34:37.0405 1340  C:\Windows\System32\gameux.dll - ok
13:34:37.0421 1340  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
13:34:37.0421 1340  C:\Windows\System32\wer.dll - ok
13:34:37.0421 1340  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
13:34:37.0421 1340  C:\Windows\System32\DeviceCenter.dll - ok
13:34:37.0421 1340  [ 35126DDDE8241C4C4A5F15F6CDDF4434 ] C:\Windows\System32\ieframe.dll
13:34:37.0421 1340  C:\Windows\System32\ieframe.dll - ok
13:34:37.0436 1340  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
13:34:37.0436 1340  C:\Windows\System32\oleacc.dll - ok
13:34:37.0452 1340  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
13:34:37.0452 1340  C:\Windows\System32\thumbcache.dll - ok
13:34:37.0452 1340  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
13:34:37.0452 1340  C:\Windows\System32\networkexplorer.dll - ok
13:34:37.0467 1340  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
13:34:37.0467 1340  C:\Windows\System32\stobject.dll - ok
13:34:37.0467 1340  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
13:34:37.0467 1340  C:\Windows\System32\batmeter.dll - ok
13:34:37.0483 1340  [ 0100BCF23941C83462E4A70F94C3392E ] C:\Program Files\Internet Explorer\iexplore.exe
13:34:37.0483 1340  C:\Program Files\Internet Explorer\iexplore.exe - ok
13:34:37.0483 1340  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
13:34:37.0483 1340  C:\Windows\System32\prnfldr.dll - ok
13:34:37.0499 1340  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
13:34:37.0499 1340  C:\Windows\System32\winspool.drv - ok
13:34:37.0530 1340  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
13:34:37.0530 1340  C:\Windows\System32\es.dll - ok
13:34:37.0530 1340  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
13:34:37.0530 1340  C:\Windows\System32\winmm.dll - ok
13:34:37.0545 1340  [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
13:34:37.0545 1340  C:\Windows\System32\calc.exe - ok
13:34:37.0545 1340  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
13:34:37.0545 1340  C:\Windows\System32\wdmaud.drv - ok
13:34:37.0561 1340  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
13:34:37.0561 1340  C:\Windows\System32\ksuser.dll - ok
13:34:37.0561 1340  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
13:34:37.0561 1340  C:\Windows\System32\avrt.dll - ok
13:34:37.0577 1340  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
13:34:37.0577 1340  C:\Windows\System32\DXP.dll - ok
13:34:37.0577 1340  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
13:34:37.0577 1340  C:\Windows\System32\Syncreg.dll - ok
13:34:37.0592 1340  [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll
13:34:37.0592 1340  C:\Windows\System32\HelpPaneProxy.dll - ok
13:34:37.0592 1340  [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe
13:34:37.0592 1340  C:\Windows\HelpPane.exe - ok
13:34:37.0608 1340  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
13:34:37.0608 1340  C:\Windows\System32\AltTab.dll - ok
13:34:37.0608 1340  [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
13:34:37.0608 1340  C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - ok
13:34:37.0623 1340  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
13:34:37.0623 1340  C:\Windows\System32\pnidui.dll - ok
13:34:37.0639 1340  [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll
13:34:37.0639 1340  C:\Windows\System32\apds.dll - ok
13:34:37.0639 1340  [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
13:34:37.0639 1340  C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - ok
13:34:37.0655 1340  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
13:34:37.0655 1340  C:\Windows\System32\QUTIL.DLL - ok
13:34:37.0655 1340  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
13:34:37.0655 1340  C:\Windows\System32\ActionCenter.dll - ok
13:34:37.0670 1340  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
13:34:37.0670 1340  C:\Windows\System32\msxml3.dll - ok
13:34:37.0670 1340  [ BBAAE027C176402E221CADBFCAEB5407 ] C:\Windows\System32\zipfldr.dll
13:34:37.0670 1340  C:\Windows\System32\zipfldr.dll - ok
13:34:37.0686 1340  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
13:34:37.0686 1340  C:\Windows\System32\bthprops.cpl - ok
13:34:37.0701 1340  [ BECEEE04AAB6388B66D1FCBD2A9F19A1 ] C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
13:34:37.0701 1340  C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe - ok
13:34:37.0701 1340  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
13:34:37.0701 1340  C:\Windows\System32\rasapi32.dll - ok
13:34:37.0717 1340  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
13:34:37.0717 1340  C:\Windows\System32\FXSST.dll - ok
13:34:37.0733 1340  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
13:34:37.0733 1340  C:\Windows\System32\rasman.dll - ok
13:34:37.0733 1340  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
13:34:37.0733 1340  C:\Windows\System32\rtutils.dll - ok
13:34:37.0748 1340  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
13:34:37.0748 1340  C:\Windows\System32\nlaapi.dll - ok
13:34:37.0764 1340  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
13:34:37.0764 1340  C:\Windows\System32\FXSAPI.dll - ok
13:34:37.0764 1340  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
13:34:37.0764 1340  C:\Windows\System32\rasadhlp.dll - ok
13:34:37.0779 1340  [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
13:34:37.0779 1340  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
13:34:37.0779 1340  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
13:34:37.0779 1340  C:\Windows\System32\FXSRESM.dll - ok
13:34:37.0795 1340  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
13:34:37.0795 1340  C:\Windows\System32\netshell.dll - ok
13:34:37.0795 1340  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
13:34:37.0795 1340  C:\Windows\System32\UIAnimation.dll - ok
13:34:37.0811 1340  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
13:34:37.0811 1340  C:\Windows\System32\FXSSVC.exe - ok
13:34:37.0826 1340  [ 14DEB733ACB08A71CC0783ED02FF1F8D ] C:\Windows\System32\mshtml.dll
13:34:37.0826 1340  C:\Windows\System32\mshtml.dll - ok
13:34:37.0826 1340  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
13:34:37.0826 1340  C:\Windows\System32\netprofm.dll - ok
13:34:37.0842 1340  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
13:34:37.0842 1340  C:\Windows\System32\npmproxy.dll - ok
13:34:37.0842 1340  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
13:34:37.0842 1340  C:\Windows\System32\rasdlg.dll - ok
13:34:37.0857 1340  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
13:34:37.0857 1340  C:\Windows\System32\mprapi.dll - ok
13:34:37.0857 1340  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
13:34:37.0857 1340  C:\Windows\System32\dot3api.dll - ok
13:34:37.0873 1340  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
13:34:37.0873 1340  C:\Windows\System32\wlanhlp.dll - ok
13:34:37.0889 1340  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
13:34:37.0889 1340  C:\Windows\System32\wlanapi.dll - ok
13:34:37.0889 1340  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
13:34:37.0889 1340  C:\Windows\System32\hnetcfg.dll - ok
13:34:37.0904 1340  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
13:34:37.0904 1340  C:\Windows\System32\WWanAPI.dll - ok
13:34:37.0920 1340  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
13:34:37.0920 1340  C:\Windows\System32\wwapi.dll - ok
13:34:37.0920 1340  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
13:34:37.0920 1340  C:\Windows\System32\QAGENT.DLL - ok
13:34:37.0935 1340  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
13:34:37.0935 1340  C:\Windows\ehome\ehSSO.dll - ok
13:34:37.0951 1340  [ A0BFC858B3A45CF9BFFFC3C8C08ED7FC ] C:\Windows\System32\apss.dll
13:34:37.0951 1340  C:\Windows\System32\apss.dll - ok
13:34:37.0951 1340  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
13:34:37.0951 1340  C:\Windows\System32\WPDShServiceObj.dll - ok
13:34:37.0967 1340  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
13:34:37.0967 1340  C:\Windows\System32\PortableDeviceTypes.dll - ok
13:34:37.0967 1340  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
13:34:37.0967 1340  C:\Windows\System32\PortableDeviceApi.dll - ok
13:34:37.0982 1340  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
13:34:37.0982 1340  C:\Windows\System32\srchadmin.dll - ok
13:34:37.0982 1340  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
13:34:37.0982 1340  C:\Windows\System32\webcheck.dll - ok
13:34:37.0998 1340  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
13:34:37.0998 1340  C:\Windows\System32\mlang.dll - ok
13:34:37.0998 1340  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
13:34:37.0998 1340  C:\Windows\System32\SyncCenter.dll - ok
13:34:38.0013 1340  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
13:34:38.0013 1340  C:\Windows\System32\taskschd.dll - ok
13:34:38.0013 1340  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
13:34:38.0013 1340  C:\Windows\System32\imapi2.dll - ok
13:34:38.0045 1340  [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
13:34:38.0045 1340  C:\Windows\System32\mstask.dll - ok
13:34:38.0045 1340  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
13:34:38.0045 1340  C:\Windows\System32\hgcpl.dll - ok
13:34:38.0060 1340  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
13:34:38.0060 1340  C:\Windows\System32\actxprxy.dll - ok
13:34:38.0060 1340  [ 9EDB0A8337529D69F96DD1B2E70FA2F7 ] C:\Windows\System32\VAN.dll
13:34:38.0060 1340  C:\Windows\System32\VAN.dll - ok
13:34:38.0076 1340  [ 5D68F68E12B8BCD35ADE5A7B4FE5F456 ] C:\Windows\System32\wwanmm.dll
13:34:38.0076 1340  C:\Windows\System32\wwanmm.dll - ok
13:34:38.0076 1340  [ 18C27789FCFDDDB8D45C1EC4BC77CC8C ] C:\Windows\System32\RASMM.dll
13:34:38.0076 1340  C:\Windows\System32\RASMM.dll - ok
13:34:38.0091 1340  [ 448DE6CDB7976373B35CA03B6BF9BE48 ] C:\Windows\System32\WlanMM.dll
13:34:38.0091 1340  C:\Windows\System32\WlanMM.dll - ok
13:34:38.0091 1340  [ 66E4246FEF8C364611F9782AA0809F42 ] C:\Program Files\Internet Explorer\ieproxy.dll
13:34:38.0091 1340  C:\Program Files\Internet Explorer\ieproxy.dll - ok
13:34:38.0107 1340  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Narayan\Desktop\tdsskiller.exe
13:34:38.0107 1340  C:\Users\Narayan\Desktop\tdsskiller.exe - ok
13:34:38.0107 1340  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
13:34:38.0107 1340  C:\Windows\SysWOW64\winhttp.dll - ok
13:34:38.0123 1340  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
13:34:38.0123 1340  C:\Windows\SysWOW64\webio.dll - ok
13:34:38.0138 1340  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
13:34:38.0138 1340  C:\Windows\SysWOW64\uxtheme.dll - ok
13:34:38.0138 1340  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
13:34:38.0138 1340  C:\Windows\SysWOW64\credssp.dll - ok
13:34:38.0154 1340  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
13:34:38.0154 1340  C:\Windows\SysWOW64\mswsock.dll - ok
13:34:38.0154 1340  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
13:34:38.0154 1340  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
13:34:38.0169 1340  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
13:34:38.0169 1340  C:\Windows\SysWOW64\wship6.dll - ok
13:34:38.0169 1340  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
13:34:38.0169 1340  C:\Windows\SysWOW64\dnsapi.dll - ok
13:34:38.0185 1340  [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
13:34:38.0185 1340  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
13:34:38.0201 1340  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
13:34:38.0201 1340  C:\Windows\SysWOW64\rasadhlp.dll - ok
13:34:38.0201 1340  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\77224364.sys
13:34:38.0201 1340  C:\Windows\System32\drivers\77224364.sys - ok
13:34:38.0216 1340  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
13:34:38.0216 1340  C:\Windows\SysWOW64\msi.dll - ok
13:34:38.0216 1340  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
13:34:38.0216 1340  C:\Windows\SysWOW64\riched20.dll - ok
13:34:38.0232 1340  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
13:34:38.0232 1340  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
13:34:38.0232 1340  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
13:34:38.0232 1340  C:\Windows\SysWOW64\duser.dll - ok
13:34:38.0247 1340  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
13:34:38.0247 1340  C:\Windows\SysWOW64\dui70.dll - ok
13:34:38.0263 1340  [ 2CEFF13ACE25A40BD8D97654944297CD ] C:\Windows\svchost.exe
13:34:38.0263 1340  C:\Windows\svchost.exe - ok
13:34:38.0263 1340  [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
13:34:38.0263 1340  C:\Windows\SysWOW64\dsound.dll - ok
13:34:38.0279 1340  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
13:34:38.0279 1340  C:\Windows\SysWOW64\powrprof.dll - ok
13:34:38.0279 1340  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
13:34:38.0279 1340  C:\Windows\System32\conhost.exe - ok
13:34:38.0294 1340  [ 5A81822FDA6032F7865C7DA5EFEAAB7E ] C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ManagedUnloader.dll
13:34:38.0294 1340  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ManagedUnloader.dll - ok
13:34:38.0294 1340  [ 0E816EA3C5DCE94C95099E8B38E75E67 ] C:\Windows\SysWOW64\ieframe.dll
13:34:38.0294 1340  C:\Windows\SysWOW64\ieframe.dll - ok
13:34:38.0310 1340  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
13:34:38.0310 1340  C:\Windows\SysWOW64\oleacc.dll - ok
13:34:38.0325 1340  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
13:34:38.0325 1340  C:\Windows\SysWOW64\sxs.dll - ok
13:34:38.0325 1340  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
13:34:38.0325 1340  C:\Windows\SysWOW64\propsys.dll - ok
13:34:38.0341 1340  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
13:34:38.0341 1340  C:\Windows\SysWOW64\apphelp.dll - ok
13:34:38.0341 1340  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
13:34:38.0341 1340  C:\Windows\SysWOW64\rasapi32.dll - ok
13:34:38.0357 1340  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
13:34:38.0357 1340  C:\Windows\SysWOW64\rasman.dll - ok
13:34:38.0357 1340  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
13:34:38.0357 1340  C:\Windows\SysWOW64\rtutils.dll - ok
13:34:38.0372 1340  [ C97434C851C4821BD92D2831FDF1ECBE ] C:\Windows\SysWOW64\mshtml.dll
13:34:38.0372 1340  C:\Windows\SysWOW64\mshtml.dll - ok
13:34:38.0388 1340  [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
13:34:38.0388 1340  C:\Windows\SysWOW64\nlaapi.dll - ok
13:34:38.0388 1340  ============================================================
13:34:38.0388 1340  Scan finished
13:34:38.0388 1340  ============================================================
13:34:38.0403 1384  Detected object count: 8
13:34:38.0403 1384  Actual detected object count: 8
13:35:41.0147 1384  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0147 1384  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:41.0147 1384  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0147 1384  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:41.0147 1384  Oasis2Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0147 1384  Oasis2Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:41.0162 1384  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0162 1384  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:41.0162 1384  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0162 1384  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:41.0178 1384  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:41.0178 1384  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:35:42.0208 1384  \Device\Harddisk0\DR0\# - copied to quarantine
13:35:42.0223 1384  \Device\Harddisk0\DR0 - copied to quarantine
13:35:42.0301 1384  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:35:42.0301 1384  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:35:42.0317 1384  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:35:42.0317 1384  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:35:42.0332 1384  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:35:42.0332 1384  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:35:42.0332 1384  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:35:42.0332 1384  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:35:42.0348 1384  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:35:42.0364 1384  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:35:42.0364 1384  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:35:42.0364 1384  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:35:42.0426 1384  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:35:42.0426 1384  \Device\Harddisk0\DR0 - ok
13:35:42.0535 1384  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
13:35:42.0535 1384  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:35:42.0535 1384  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
13:36:42.0923 2020  Deinitialize success


#10 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 05:23 PM

Here is the first mbar log.

 

 

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
 
Database version: v2013.03.01.09
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Narayan :: NARAYAN-VAIO [administrator]
 
3/1/2013 1:58:30 PM
mbar-log-2013-03-01 (13-58-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30819
Time elapsed: 15 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
 
(end)
 
 
Here is the second one.
 
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
 
Database version: v2013.03.01.09
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Narayan :: NARAYAN-VAIO [administrator]
 
3/1/2013 2:18:31 PM
mbar-log-2013-03-01 (14-18-31).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30818
Time elapsed: 16 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 08:03 PM


Hello PrabhuR

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 08:38 PM

Here is the Combofix log.

 

 

ComboFix 13-03-01.01 - Narayan 03/01/2013  17:27:13.4.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3935.3244 [GMT -8:00]
Running from: c:\users\Narayan\Desktop\ComboFix.exe
Command switches used :: c:\users\Narayan\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Narayan\Desktop\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-02 to 2013-03-02  )))))))))))))))))))))))))))))))
.
.
2013-03-02 01:33 . 2013-03-02 01:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-28 04:54 . 2013-02-28 04:54    --------    d-----w-    c:\users\Narayan\AppData\Local\ElevatedDiagnostics
2013-02-15 22:31 . 2012-12-18 14:28    186584    ----a-w-    c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-14 11:06 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:06 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:02 . 2013-01-09 01:13    499200    ----a-w-    c:\program files\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-08 22:05    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-08 22:04    387584    ----a-w-    c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 11:02 . 2013-01-09 01:14    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-02-14 11:02 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-14 11:02 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-14 02:09 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 02:09 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:09 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:08 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 02:08 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 02:08 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 02:08 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 02:08 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 02:08 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 02:08 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 02:08 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 02:08 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 05:06 . 2013-02-09 05:06    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 11:12 . 2010-01-24 16:06    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 03:16 . 2012-10-11 03:31    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 03:16 . 2011-05-18 03:24    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-14 02:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:03    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:03    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:03    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2010-10-13 19:15    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-10 20:01 . 2013-01-21 03:46    19896    ----a-w-    c:\windows\system32\roboot64.exe
2012-12-07 13:20 . 2013-01-10 03:16    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 03:16    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 03:16    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 03:16    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 03:16    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 03:16    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 03:16    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 03:16    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 03:16    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 03:16    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 03:16    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 03:16    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 03:16    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 03:16    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 03:16    55296    ----a-w-    c:\windows\SysWow64\cero.rs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Narayan\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2957040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.5.0_19\bin\jusched.exe" [2009-05-04 75264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"568053D4-4B1F-4BED-8FE5-73F6A1EDFA02"="start" [X]
"2E388A19-6E24-476A-BE2B-F7F485625B19"="start" [X]
"Z1"="c:\users\Narayan\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-05 02:32    98304    ----a-w-    c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
R3 76448807;76448807;c:\windows\system32\drivers\09354040.sys [2013-03-01 208216]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-10-21 35104]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-22 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 19:53    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 03:16]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\users\Narayan\Desktop\mbar\Data\cleanup.dll
SafeBoot-05862940.sys
SafeBoot-54826824.sys
SafeBoot-76448807.sys
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-01  17:36:12
ComboFix-quarantined-files.txt  2013-03-02 01:36
ComboFix2.txt  2013-03-01 21:26
ComboFix3.txt  2013-03-01 20:51
ComboFix4.txt  2013-03-01 18:55
.
Pre-Run: 213,170,118,656 bytes free
Post-Run: 213,001,842,688 bytes free
.
- - End Of File - - 534C54183924673F3A35A43E1C17C6E2


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 08:55 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.5)
      Ask Toolbar
      Ask Toolbar Updater
      Bing Bar
      blinkx beat
      Coupon Printer for Windows
      J2SE Runtime Environment 5.0 Update 19
      Java™ 6 Update 17 (64-bit)


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .



    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
      • Click Run Cleaner.
      • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 PrabhuR

PrabhuR
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 01 March 2013 - 09:46 PM

Ok. These 3 were not listed in Revo. Ask Toolbar, Ask Toolbar Updater, and blinkx beat

 

Here is the MBAM log

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Narayan :: NARAYAN-VAIO [administrator]
 
Protection: Enabled
 
3/1/2013 6:37:27 PM
mbam-log-2013-03-01 (18-37-27).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217093
Time elapsed: 2 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Here is the HiJackThis log
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:18 PM, on 3/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Narayan\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Narayan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect.bechtel.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14363 bytes
 


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 PM

Posted 01 March 2013 - 09:48 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
  • When the scan is complete
    • If no threats were found
      • put a checkmark in "Uninstall application on close"
      • close program
      • report to me that nothing was found
    • If threats were found
      • click on "list of threats found"
      • click on "export to text file" and save it as ESET SCAN and save to the desktop
      • Click on back
      • put a checkmark in "Uninstall application on close"
      • click on finish
      • close program
      • copy and paste the report here
    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users