Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: Trojan.Zbot.RS and Exploit.Drop.9 detected

  1. #1
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default Trojan.Zbot.RS and Exploit.Drop.9 detected

    Hello, I ran MBAM after being redirected from several pages and it picked up both Trojan.Zbot.RS and Exploit.Drop.9 (and I currently have them quarantined as well as logged in case you need it). I ran Spybot afterwards and nothing came up. Any help would be greatly appreciated! Thanks.


    DDS



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.6.0_35
    Run by owner at 14:14:36 on 2013-05-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2151 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\regsvr32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files\Sony\VAIO Update\VUAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [{CCD09158-668C-4603-BC43-4F83586F794E}] rundll32 "C:\Users\owner\AppData\Local\{E1050E93-6938-4366-A579-B6D158F217A8}\{CCD09158-668C-4603-BC43-4F83586F794E}\sabhw.dll",CloseSQLPerformanceData1
    uRun: [Adobe] REGSVR32.EXE C:\Users\owner\AppData\Local\Adobe\usfzmepr.dll
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\0484F6D65633835483 : DHCPNameServer = 192.168.2.1 0.0.0.0 0.0.0.0
    TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\D416E6E6168616474716 : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\h80w67sq.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-14 55280]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1109000.00C\symds64.sys [2011-11-27 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1109000.00C\symefa64.sys [2011-11-27 221304]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NAVx64\1109000.00C\cchpx64.sys [2011-11-27 593544]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20130508.001\IDSviA64.sys [2013-5-8 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1109000.00C\ironx64.sys [2011-11-27 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1109000.00C\symtdiv.sys [2011-11-27 451704]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-25 13336]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-11-27 126400]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-12-25 93696]
    R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-12-25 75776]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-14 1153368]
    R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-1-14 120104]
    R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-1-14 70952]
    R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-1-14 427304]
    R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-1-14 75048]
    R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-1-14 91432]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-1-14 104960]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-25 2320920]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-1-14 480624]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-1-14 361840]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-1-14 19968]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-25 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-25 151936]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-12-25 244736]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-12-25 11392]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-14 571248]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-12 1286784]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-12-25 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-25 52264]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
    S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-14 167424]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-18 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-1-14 110960]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-29 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-05-08 00:03:32 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-05-08 00:01:52 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-23 23:02:07 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 17:39:05 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-04-10 17:39:05 3717632 ----a-w- C:\Windows\System32\mstscax.dll
    2013-04-10 17:39:05 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-04-10 17:39:05 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-04-10 17:39:05 158720 ----a-w- C:\Windows\System32\aaclient.dll
    2013-04-10 17:39:05 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-04-10 17:38:51 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-10 17:38:17 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-10 17:38:16 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-10 17:38:15 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-10 17:38:15 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-10 17:38:14 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-10 17:38:14 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-10 17:38:14 112640 ----a-w- C:\Windows\System32\smss.exe
    .
    ==================== Find3M ====================
    .
    2013-05-08 13:19:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-08 13:19:07 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-08 00:01:52 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-20 21:22:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2013-03-20 21:22:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    .
    ============= FINISH: 14:15:26.72 ===============








    aswMBR




    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-09 14:24:17
    -----------------------------
    14:24:17.818 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:24:17.818 Number of processors: 4 586 0x2502
    14:24:17.818 ComputerName: OWNER-VAIO UserName: owner
    14:24:18.988 Initialize success
    14:37:32.082 AVAST engine defs: 13050900
    14:38:23.988 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:38:23.988 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
    14:38:23.988 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
    14:38:23.988 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
    14:38:23.988 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b
    14:38:24.003 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
    14:38:24.175 Disk 0 MBR read successfully
    14:38:24.175 Disk 0 MBR scan
    14:38:24.190 Disk 0 Windows 7 default MBR code
    14:38:24.237 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8976 MB offset 2048
    14:38:24.253 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18384896
    14:38:24.284 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 296167 MB offset 18589696
    14:38:24.315 Disk 0 scanning C:\Windows\system32\drivers
    14:38:41.944 Service scanning
    14:39:15.063 Modules scanning
    14:39:15.063 Disk 0 trace - called modules:
    14:39:15.110 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    14:39:15.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006384060]
    14:39:15.126 3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa8004344b20]
    14:39:15.126 5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004349050]
    14:39:16.358 AVAST engine scan C:\Windows
    14:39:18.901 AVAST engine scan C:\Windows\system32
    14:46:35.549 AVAST engine scan C:\Windows\system32\drivers
    14:47:01.882 AVAST engine scan C:\Users\owner
    14:52:07.053 AVAST engine scan C:\ProgramData
    15:03:15.210 Scan finished successfully
    15:04:19.011 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
    15:04:19.011 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi ascom2010,

    Thanks for being so patient.

    It has been a few days since the logs you ran were generated, please run the tools outlined below and generate some fresh logs for review.

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    2. aswMBR

    Right click and select "Run as Administrator".
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    =========================

    3. OTL

    • Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • aswMBR.txt
    • attach MBR.zip
    • OTL.txt
    • Extras.txt
    • Describe any symptoms you are experiencing.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    Thanks for the reply, OCD!

    Here you go:



    checkup.txt


    Results of screen317's Security Check version 0.99.63
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java(TM) 6 Update 35
    JavaScript Tooling
    Visual Studio Extensions for Windows Library for JavaScript
    Java version out of Date!
    Adobe Flash Player 11.6.602.171
    Adobe Reader XI
    Mozilla Firefox (20.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Spybot Teatimer.exe is disabled!
    Norton AntiVirus Engine 17.9.0.12 ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````






    aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-17 23:42:58
    -----------------------------
    23:42:58.484 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:42:58.484 Number of processors: 4 586 0x2502
    23:42:58.484 ComputerName: OWNER-VAIO UserName: owner
    23:42:59.581 Initialize success
    23:56:14.576 AVAST engine defs: 13051701
    23:56:29.818 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:56:29.818 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
    23:56:29.818 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
    23:56:29.818 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
    23:56:29.818 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b
    23:56:29.818 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
    23:56:29.990 Disk 0 MBR read successfully
    23:56:29.990 Disk 0 MBR scan
    23:56:30.005 Disk 0 Windows 7 default MBR code
    23:56:30.021 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8976 MB offset 2048
    23:56:30.037 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18384896
    23:56:30.068 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 296167 MB offset 18589696
    23:56:30.130 Disk 0 scanning C:\Windows\system32\drivers
    23:56:53.142 Service scanning
    23:57:30.333 Modules scanning
    23:57:30.333 Disk 0 trace - called modules:
    23:57:30.380 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    23:57:30.395 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006384060]
    23:57:30.395 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800350e380]
    23:57:30.411 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004344050]
    23:57:31.737 AVAST engine scan C:\Windows
    23:57:34.841 AVAST engine scan C:\Windows\system32
    00:05:08.319 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\027830f39c1a8bdee5714a6ef1b2e904\PresentationCore.ni.dll **HIDDEN**
    00:05:08.428 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll **HIDDEN**
    00:05:08.506 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll **HIDDEN**
    00:05:08.709 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\d39a3e10b26a4deab491d2b21214b986\System.Data.ni.dll **HIDDEN**
    00:05:08.927 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\1db52bc9442d6c052d59fb51291490c9\System.Data.Linq.ni.dll **HIDDEN**
    00:05:09.146 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\26e7d6e28c3d4d24c39163c62d231014\System.Data.SqlXml.ni.dll **HIDDEN**
    00:05:09.317 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\ee45be70bb721e4603de6bd01c01f0ac\System.Design.ni.dll **HIDDEN**
    00:05:09.645 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll **HIDDEN**
    00:05:09.754 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\2422a0d9799398857510b1f2977e048c\System.Dynamic.ni.dll **HIDDEN**
    00:05:09.910 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\eab3d778f9c53c6ff6864c93fabe8288\System.IO.Log.ni.dll **HIDDEN**
    00:05:10.082 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\65d8ef00d3e0ecf90bbb5996062a4376\System.Management.ni.dll **HIDDEN**
    00:05:10.191 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net\c22764f7378a2df09b331fb90aabf5ce\System.Net.ni.dll **HIDDEN**
    00:05:10.643 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\fb94cd0fa6e7614762501f5ff86b2be3\System.Speech.ni.dll **HIDDEN**
    00:05:10.784 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\e492c172f08e8af816d5ceba961a1b17\System.Transactions.ni.dll **HIDDEN**
    00:05:11.142 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\f9d706450b874670f0e00cacc93e9e97\System.Web.Entity.ni.dll **HIDDEN**
    00:05:11.376 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\86614dc4d67c8f49149eec1213628334\System.Web.Mobile.ni.dll **HIDDEN**
    00:05:11.564 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mvc\622c854f919d9a43ce34c8702b06e84e\System.Web.Mvc.ni.dll **HIDDEN**
    00:05:11.720 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mvc\b5d06a1e05b8edb6a574903b9882bb0a\System.Web.Mvc.ni.dll **HIDDEN**
    00:05:11.922 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Razor\162218a36fbbc521bce0c4ebbcdae2c5\System.Web.Razor.ni.dll **HIDDEN**
    00:05:12.016 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Razor\ed9fbab95a24a2a14ee66730b8c1f2a5\System.Web.Razor.ni.dll **HIDDEN**
    00:05:12.234 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e65e495303b5629b197251f82a3b6fbb\System.Web.Services.ni.dll **HIDDEN**
    00:05:12.562 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\5dfdedf9a684ab34fbd8e960558cb2ce\UIAutomationClient.ni.dll **HIDDEN**
    00:05:12.671 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WebMatrix.Data\328138f5190f5ca9d1a18f3d555b8f08\WebMatrix.Data.ni.dll **HIDDEN**
    00:05:12.749 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WebMatrix.Data\716caa67ac8034dcb913586a0a55e7ca\WebMatrix.Data.ni.dll **HIDDEN**
    00:05:12.812 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WebMatrix.WebData\5f803b560535ced9179584ebb4319795\WebMatrix.WebData.ni.dll **HIDDEN**
    00:05:12.874 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WebMatrix.WebData\8063657132ff36fbf5fcefecf040409c\WebMatrix.WebData.ni.dll **HIDDEN**
    00:05:13.061 File: C:\Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\71ac105fbf870dd1fe77e1674e814a21\XamlBuildTask.ni.dll **HIDDEN**
    00:05:13.919 AVAST engine scan C:\Windows\system32\drivers
    00:05:43.188 AVAST engine scan C:\Users\owner
    00:05:45.107 File: C:\Users\owner\AppData\Local\Adobe\usfzmepr.dll **INFECTED** Win32:Downloader-TEQ [Trj]
    00:11:19.446 AVAST engine scan C:\ProgramData
    00:22:45.795 Scan finished successfully
    00:23:16.215 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
    00:23:16.230 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"






    (See next posts)
    Attached Files Attached Files

  4. #4
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    OTL.TXT - PART 1



    OTL logfile created on: 5/18/2013 12:27:15 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.67 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 57.27% Memory free
    7.34 Gb Paging File | 5.72 Gb Available in Paging File | 77.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 289.23 Gb Total Space | 222.86 Gb Free Space | 77.06% Space Free | Partition Type: NTFS

    Computer Name: OWNER-VAIO | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
    PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
    SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
    SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
    SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
    SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
    SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
    SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
    SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
    SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
    SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
    SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
    SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
    SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
    SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\symtdiv.sys (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\cchpx64.sys (Symantec Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\symds64.sys (Symantec Corporation)
    DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20130517.002\ex64.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20130517.002\eng64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20130516.001\IDSviA64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (VSPerfDrv110) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SNNT&bmod=SNNT
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS376US377
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/08/12 19:52:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 16:15:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 16:15:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/01/03 14:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2013/05/14 18:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\h80w67sq.default\extensions
    [2013/04/11 16:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/11 16:15:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/04/11 16:15:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/04/11 16:15:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/10 19:27:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 21:03:21 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2013/05/09 15:10:55 | 000,855,428 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15374 more lines...
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKCU..\Run: [Adobe] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.6.2)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{73cb7077-7f6c-11e2-b313-544249032a4b}\Shell - "" = AutoRun
    O33 - MountPoints2\{73cb7077-7f6c-11e2-b313-544249032a4b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/17 23:34:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    [2013/05/14 23:03:38 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/05/14 23:03:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/05/14 23:03:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/05/14 23:03:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/05/14 23:03:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/05/14 23:03:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/05/14 23:03:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/05/14 23:03:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/05/14 23:03:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/05/14 23:03:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/05/14 23:03:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/05/14 23:03:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/05/14 23:03:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/05/14 23:03:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/05/14 23:03:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/05/14 22:33:07 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
    [2013/05/14 22:33:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/05/14 22:33:06 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
    [2013/05/14 22:33:06 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
    [2013/05/14 22:32:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
    [2013/05/14 22:29:17 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/05/14 22:29:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2013/05/12 15:58:10 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe
    [2013/05/09 14:14:02 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
    [2013/05/09 14:12:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.scr
    [2013/05/07 20:03:32 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/05/07 20:03:31 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/05/07 20:03:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/05/07 20:03:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/05/07 20:03:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/05/07 20:03:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/05/07 20:03:31 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/05/07 20:03:31 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/05/07 20:03:31 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/05/07 20:03:31 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/05/07 20:03:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/05/07 20:03:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/05/07 20:03:31 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/05/07 20:03:31 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/05/07 20:03:31 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/05/07 20:03:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/05/07 20:03:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/05/07 20:03:30 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/05/07 20:03:30 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/05/07 20:03:30 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/05/07 20:03:30 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/05/07 20:03:30 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/05/07 20:03:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/05/07 20:03:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/05/07 20:03:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/05/07 20:03:29 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/05/07 20:03:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/05/07 20:03:29 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/05/07 20:03:29 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/05/07 20:03:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/05/07 20:03:29 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/05/07 20:03:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/05/07 20:03:29 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/05/07 20:03:29 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/05/07 20:03:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/05/07 20:03:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/05/07 20:03:29 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/05/07 20:03:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/05/07 20:03:29 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/05/07 20:03:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/05/07 20:03:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/05/07 20:03:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/05/07 20:03:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/05/07 20:03:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/05/07 20:03:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/05/07 20:03:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/05/07 20:03:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/05/07 20:03:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/05/07 20:03:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/05/07 20:03:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/05/07 20:03:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/05/07 20:03:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/05/07 20:03:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/05/07 20:01:52 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 20:01:51 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/05/07 20:01:51 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/05/07 20:01:51 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/05/07 20:01:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/05/07 20:01:51 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/05/07 20:01:51 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/05/07 20:01:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/05/07 20:01:51 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/05/07 20:01:51 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/05/07 20:01:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/05/07 20:01:51 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/05/07 20:01:51 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/05/07 20:01:51 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 20:01:51 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 20:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 20:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 20:01:51 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 20:01:51 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 20:01:50 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/05/07 20:01:50 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/05/07 20:01:50 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/05/07 20:01:50 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/05/07 20:01:50 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/05/07 20:01:50 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/05/07 20:01:50 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/05/07 20:01:50 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/05/07 20:01:50 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/05/07 20:01:50 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/05/07 20:01:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

  5. #5
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    OTL.TXT - PART 2





    ========== Files - Modified Within 30 Days ==========

    [2013/05/18 00:27:09 | 000,001,320 | -H-- | M] () -- C:\Users\owner\msndata.dat
    [2013/05/18 00:23:16 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
    [2013/05/17 23:34:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    [2013/05/17 23:33:42 | 000,890,825 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck.exe
    [2013/05/17 23:22:34 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/17 23:22:34 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/17 23:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/17 23:13:41 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/15 21:47:32 | 000,775,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/05/15 21:47:32 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/15 21:47:32 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/15 21:47:23 | 000,775,124 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/15 09:41:49 | 000,366,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/05/14 10:40:00 | 000,367,139 | ---- | M] () -- C:\test.xml
    [2013/05/12 15:58:32 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe
    [2013/05/09 15:10:55 | 000,855,428 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/05/09 14:14:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
    [2013/05/09 14:12:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.scr
    [2013/05/09 10:50:45 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/08 09:19:07 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/05/08 09:19:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/05/07 20:03:32 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/05/07 20:03:31 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/05/07 20:03:31 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/05/07 20:03:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/05/07 20:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/05/07 20:03:31 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/05/07 20:03:31 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/05/07 20:03:31 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/05/07 20:03:31 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/05/07 20:03:31 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/05/07 20:03:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/05/07 20:03:31 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/05/07 20:03:31 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/05/07 20:03:31 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/05/07 20:03:31 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/05/07 20:03:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/05/07 20:03:31 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/05/07 20:03:30 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/05/07 20:03:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/05/07 20:03:30 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/05/07 20:03:30 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/05/07 20:03:30 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/05/07 20:03:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/05/07 20:03:30 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/05/07 20:03:30 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/05/07 20:03:30 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/05/07 20:03:29 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/05/07 20:03:29 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/05/07 20:03:29 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/05/07 20:03:29 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/05/07 20:03:29 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/05/07 20:03:29 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/05/07 20:03:29 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/05/07 20:03:29 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/05/07 20:03:29 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/05/07 20:03:29 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/05/07 20:03:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/05/07 20:03:29 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/05/07 20:03:29 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/05/07 20:03:29 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/05/07 20:03:29 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/05/07 20:03:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/05/07 20:03:29 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/05/07 20:03:29 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/05/07 20:03:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/05/07 20:03:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/05/07 20:03:28 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/05/07 20:03:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/05/07 20:03:28 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/05/07 20:03:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/05/07 20:03:28 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/05/07 20:03:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/05/07 20:03:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/05/07 20:03:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/05/07 20:03:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/05/07 20:01:52 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 20:01:52 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 20:01:51 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/05/07 20:01:51 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/05/07 20:01:51 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/05/07 20:01:51 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/05/07 20:01:51 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/05/07 20:01:51 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/05/07 20:01:51 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/05/07 20:01:51 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/05/07 20:01:51 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/05/07 20:01:51 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/05/07 20:01:51 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/05/07 20:01:51 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/05/07 20:01:51 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 20:01:51 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 20:01:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 20:01:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 20:01:51 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 20:01:50 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/05/07 20:01:50 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/05/07 20:01:50 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/05/07 20:01:50 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/05/07 20:01:50 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/05/07 20:01:50 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/05/07 20:01:50 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/05/07 20:01:50 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/05/07 20:01:50 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/05/07 20:01:50 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/05/07 20:01:50 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/04/23 20:33:50 | 000,020,726 | ---- | M] () -- C:\Users\owner\Desktop\computerscience.pdf

    ========== Files Created - No Company Name ==========

    [2013/05/18 00:23:16 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
    [2013/05/17 23:33:49 | 000,890,825 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck.exe
    [2013/05/08 09:09:38 | 000,001,413 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/05/07 20:03:30 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/05/07 20:03:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/04/23 20:33:48 | 000,020,726 | ---- | C] () -- C:\Users\owner\Desktop\computerscience.pdf
    [2013/01/11 13:10:30 | 000,001,320 | -H-- | C] () -- C:\Users\owner\msndata.dat
    [2012/12/12 12:03:16 | 000,007,605 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
    [2012/12/08 14:40:16 | 000,016,536 | ---- | C] () -- C:\Users\owner\MeadowlandBONUSAPP.html
    [2012/08/31 13:36:36 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/01 18:08:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/01/07 21:44:49 | 000,078,802 | ---- | C] () -- C:\Windows\hpfins05.dat.temp
    [2012/01/07 21:44:49 | 000,001,350 | ---- | C] () -- C:\Windows\hpfmdl05.dat.temp
    [2012/01/01 21:25:03 | 000,012,841 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    "" = C:\Users\owner\AppData\Local\Temp\stovsph\stssivu\wow64.dll

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2010/07/02 20:35:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Auslogics
    [2012/01/07 02:14:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dev-Cpp
    [2012/01/21 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\e-academy Inc
    [2012/10/15 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MSNInstaller
    [2012/08/31 23:54:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NetBeans
    [2012/11/03 19:46:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Notepad++
    [2013/02/20 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NuGet
    [2012/04/12 16:11:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Opera
    [2011/12/18 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Tific
    [2012/06/19 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2012/06/02 01:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2012/06/02 00:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: SAMSUNG HM321HI
    Partitions: 3
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: IDE
    Media Type:
    Model: Ricoh Memory Stick Disk Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: IDE
    Media Type:
    Model: Ricoh SD/MMC Disk Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 9.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 9413066752
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 289.00GB
    Starting Offset: 9517924352
    Hidden sectors: 0


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

    < End of report >

  6. #6
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    And finally Extras.txt


    (Concerning symptoms - I've seen 2, 3 iexplorer.exe running when I'm not even running IE (they start at start-up too, when I haven't included them in my startups either. I had a few pop ups a few days back, but I shut off my internet in time to prevent any damage - the addresses looked weird ppt.net or something. Norton's been blocking a few trojans as of late too - .tmp files. I don't download anything really, nothing illegal or anything like that, so that's the only file type causing problems. Norton Power Eraser also spotted that Adobe file which is highlighted as **Infected** above. That's it from here). Thanks again for your assistance.



    OTL Extras logfile created on: 5/18/2013 12:27:15 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.67 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 57.27% Memory free
    7.34 Gb Paging File | 5.72 Gb Available in Paging File | 77.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 289.23 Gb Total Space | 222.86 Gb Free Space | 77.06% Space Free | Partition Type: NTFS

    Computer Name: OWNER-VAIO | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AD32562-F829-4548-B81E-4283CFA9701D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{289283EE-838F-449C-ACAD-F8178DE15400}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4E60AA4D-5CF9-436E-B621-CE9622090335}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5F855C8E-E1DD-4C52-80EB-7C4AE8B3739B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6664BFA3-70F3-4E6E-918E-8C30A3B0A5D1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{91B82204-EC2E-4237-A00D-457966AB18C2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{923226BC-2684-41E7-B762-3CC695B883BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A3220319-FD81-499B-9D12-B4ADB435133A}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{A738AB15-0A43-47B5-B857-EA63339F9855}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B2373E70-655D-43BA-B3C7-034C2D93CC29}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B62692FD-A2A1-4C8A-8DDA-34AB18A0484F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C132F288-75E1-4D4A-8826-91B9254329D3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D301ADD0-9C48-4C5D-93B8-280A89CEF889}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D59048EC-751C-42AC-ACD6-2309902CAF5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E373DF4B-44B2-41B6-B901-A5C002A5C9AC}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E99C2591-7BD7-45E3-894C-C5B5BF5DF9FA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F01F874D-0744-4BDB-BC0F-47E33F97139E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09C0124F-8585-45D8-ADE8-E9B212639B37}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{27847418-D4C1-42C8-9328-FDD3465F550F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3B5AC174-60E5-4775-9FB4-06DA441C2149}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3BFA34A6-2D4D-4495-AD6C-6A64C28ECD68}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{45CBC6B1-B9FC-4B6B-B9F3-8B3845A634D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{51CD8085-1503-4B80-931A-93CDFB73ED47}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5962FC56-7124-424C-A443-15904A7BE335}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{5F4C06C4-7EBE-4C0D-AE5E-3D86A4D76FED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5F6F3E4C-C1FB-42A3-9D0C-E30C96138D34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{6CDD598F-015E-48A2-BC48-C6C08615CF45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{71548306-F4CB-4A4D-A131-EEBD1F63A438}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{73B3F068-C43D-43BD-B4AE-536BAB07F3AF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{76814402-C1D4-49A2-B860-3B7AE81F43E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{82749698-F8F1-476D-AD0C-73FFC4C6B8C9}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
    "{88017F7C-F80C-4BED-BC39-8B4BCA56B47A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{889FBF44-2687-447A-B156-C214ADB29935}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
    "{8D26B365-8762-4EA5-B386-F2FBC4F11A16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9C0EDDD9-B5C6-4A11-B7E1-06D90C496A89}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9F36699D-FBB3-4C9F-8EE2-1587BEFBFF7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A9FEBCF3-865C-4C19-A004-3010B49D1741}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BA710290-A1D1-4CD6-B185-926C5CEBCB1A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{BCAE12E3-631F-4BDD-A391-05C304AF35E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C18D0907-E522-4C91-A808-52D0D1F09133}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
    "{C290E1D9-913F-4B49-A942-74E1EBE6BD25}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{CDDF113D-17D1-4EB4-A40B-3F345378D0E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{CEB2DC43-CEAE-47F5-97CB-0CD1993369EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FEBA6D1F-12D5-41E0-BDD5-4B4DE8BBBB4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{1A4B0751-A5C2-4B3C-B8A6-13D52326E138}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "TCP Query User{5F2DCFB7-1DE4-4EAB-9BB3-7DC63F60E0A0}C:\program files\sony\vaio care\vaiocare.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |
    "TCP Query User{7395C802-E327-4863-9691-D39241339991}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{799F2BF2-44E7-4432-BDA3-D210D0DBBB57}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{EE55EA92-A923-434D-A898-AB433F7D2EF1}C:\program files (x86)\msn\msncorefiles\msn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\msn\msncorefiles\msn.exe |
    "UDP Query User{40CEB6AF-B3BF-4ADF-B934-588F6E5ACDC4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{7E437F22-BD63-416A-A99A-42486DE2EBDE}C:\program files (x86)\msn\msncorefiles\msn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\msn\msncorefiles\msn.exe |
    "UDP Query User{AEBBF6FE-5A12-47C7-AFE1-EDE8F9070C2B}C:\program files\sony\vaio care\vaiocare.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |
    "UDP Query User{C56F1781-8BA9-4BF3-B646-8F6C3B387F57}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{DE6646D4-367A-4023-9CC1-D469F848E92E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
    "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
    "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
    "{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{16ED1FB0-CB3D-30C8-92AD-3519BE59E809}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    "{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
    "{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    "{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
    "{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
    "{64A3A4F4-B792-11D6-A78A-00B0D0170060}" = Java SE Development Kit 7 Update 6 (64-bit)
    "{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
    "{829E8E72-C14D-3B1F-A179-0D0A8D10C734}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
    "{9C9BB05F-A0EA-41DA-B7B9-C916250C36E4}" = JavaScript Tooling
    "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
    "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{E1B4E94C-60E1-3A61-A5B5-3DC6198ED137}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
    "{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
    "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
    "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
    "{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    "CCleaner" = CCleaner
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00721C5E-5B17-494C-95E5-208415864F62}" =
    "{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
    "{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
    "{1410622D-CB02-412C-B55A-735CB77D40A3}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    "{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
    "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
    "{16DD6E8B-E10B-4B6D-BC2D-B2BF631094F2}" = Microsoft Visual Studio 2012 Preparation
    "{17c2e197-cf26-443b-8beb-53151940df3f}" = Microsoft Visual Studio Professional 2012
    "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
    "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    "{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
    "{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
    "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings
    "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
    "{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
    "{2D2B62BD-0F67-42B0-BE66-866D7B63663F}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
    "{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    "{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
    "{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
    "{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
    "{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
    "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
    "{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    "{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
    "{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
    "{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
    "{5A893648-0883-4027-B85B-C6F84BD9F41C}" = JavaScript Tooling
    "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{5E591A43-4424-417D-946D-C0A7559989A1}" = Microsoft Visual C++ 2012 x86-x64 Compilers
    "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6754AE0D-B2E1-45E4-835F-FDFEC373DE8A}" = VAIO Hardware Diagnostics
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6902342D-D3C8-316A-B44B-48024F3EBAB8}" = Microsoft Visual C++ 2012 Extended Libraries
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
    "{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
    "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    "{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
    "{7CF5BC92-CC36-4F92-9962-E84DAAFAFFBD}" = Microsoft Visual C++ 2012 Compilers
    "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
    "{80888246-E4CC-434E-930A-4891EB8AF29D}" = Visual Studio Extensions for Windows Library for JavaScript
    "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
    "{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
    "{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
    "{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
    "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
    "{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
    "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
    "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{AE010706-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
    "{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
    "{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
    "{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    "{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
    "{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    "{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
    "{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
    "{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
    "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    "{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
    "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
    "{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
    "{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
    "{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
    "{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
    "{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
    "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
    "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSNINST" = MSN
    "NAV" = Norton AntiVirus
    "Notepad++" = Notepad++
    "splashtop" = VAIO Quick Web Access
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/16/2013 3:49:45 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error
    code = 0x80042000)

    Error - 5/16/2013 3:49:46 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 5/17/2013 6:43:06 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error
    code = 0x80042000)

    Error - 5/17/2013 6:43:06 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 5/17/2013 9:01:00 PM | Computer Name = owner-VAIO | Source = Application Error | ID = 1000
    Description = Faulting application name: msn.exe, version: 10.50.8.2100, time stamp:
    0x5033c2fa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00000009 Faulting process id: 0x5dc Faulting application
    start time: 0x01ce5358f9edda70 Faulting application path: C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe
    Faulting
    module path: unknown Report Id: 6757505e-bf56-11e2-879b-544249032a4b

    Error - 5/17/2013 10:01:34 PM | Computer Name = owner-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/17/2013 10:01:34 PM | Computer Name = owner-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3615432

    Error - 5/17/2013 10:01:34 PM | Computer Name = owner-VAIO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3615432

    Error - 5/17/2013 11:13:59 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error
    code = 0x80042000)

    Error - 5/17/2013 11:13:59 PM | Computer Name = owner-VAIO | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    [ Media Center Events ]
    Error - 4/30/2010 5:46:56 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 5:46:55 PM - Error connecting to the internet. 5:46:55 PM - Unable
    to contact server..

    Error - 4/30/2010 5:47:07 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 5:47:01 PM - Error connecting to the internet. 5:47:01 PM - Unable
    to contact server..

    Error - 5/14/2010 6:15:02 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 6:15:01 PM - Error connecting to the internet. 6:15:02 PM - Unable
    to contact server..

    Error - 5/14/2010 6:15:26 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 6:15:07 PM - Error connecting to the internet. 6:15:07 PM - Unable
    to contact server..

    Error - 5/14/2010 7:15:32 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 7:15:32 PM - Error connecting to the internet. 7:15:32 PM - Unable
    to contact server..

    Error - 5/14/2010 7:15:39 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 7:15:37 PM - Error connecting to the internet. 7:15:37 PM - Unable
    to contact server..

    Error - 5/17/2010 7:22:09 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 7:22:09 PM - Error connecting to the internet. 7:22:09 PM - Unable
    to contact server..

    Error - 5/17/2010 7:22:19 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 7:22:15 PM - Error connecting to the internet. 7:22:15 PM - Unable
    to contact server..

    Error - 5/23/2010 4:18:44 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 4:18:44 PM - Error connecting to the internet. 4:18:44 PM - Unable
    to contact server..

    Error - 5/23/2010 4:18:53 PM | Computer Name = owner-VAIO | Source = MCUpdate | ID = 0
    Description = 4:18:49 PM - Error connecting to the internet. 4:18:49 PM - Unable
    to contact server..

    [ System Events ]
    Error - 5/15/2013 9:43:17 AM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    %%-1073473535.

    Error - 5/15/2013 9:43:17 AM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 30000 milliseconds:
    Restart the service.

    Error - 5/15/2013 9:46:48 AM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the VCFw service.

    Error - 5/15/2013 9:47:54 AM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the VCFw service.

    Error - 5/15/2013 9:17:57 PM | Computer Name = owner-VAIO | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 5/16/2013 9:24:13 AM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Upnp Server 10 service to connect.

    Error - 5/16/2013 11:15:14 AM | Computer Name = owner-VAIO | Source = DCOM | ID = 10010
    Description =

    Error - 5/16/2013 3:49:41 PM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Upnp Server 10 service to connect.

    Error - 5/17/2013 6:43:03 PM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Upnp Server 10 service to connect.

    Error - 5/17/2013 11:13:58 PM | Computer Name = owner-VAIO | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Upnp Server 10 service to connect.


    < End of report >

  7. #7
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi ascom2010,

    1. TDSSKiller

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • TDSSKiller.exe - Right click and select "Run as Administrator".
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    =========================

    2. ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • TDSSKiller log
    • Combofix.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  8. #8
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    Hey OCD, here's the latest:

    TDSSKiller




    09:20:21.0967 4172 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    09:20:21.0982 4172 ============================================================
    09:20:21.0982 4172 Current date / time: 2013/05/18 09:20:21.0982
    09:20:21.0982 4172 SystemInfo:
    09:20:21.0982 4172
    09:20:21.0982 4172 OS Version: 6.1.7601 ServicePack: 1.0
    09:20:21.0982 4172 Product type: Workstation
    09:20:21.0982 4172 ComputerName: OWNER-VAIO
    09:20:21.0982 4172 UserName: owner
    09:20:21.0982 4172 Windows directory: C:\Windows
    09:20:21.0982 4172 System windows directory: C:\Windows
    09:20:21.0982 4172 Running under WOW64
    09:20:21.0982 4172 Processor architecture: Intel x64
    09:20:21.0982 4172 Number of processors: 4
    09:20:21.0982 4172 Page size: 0x1000
    09:20:21.0982 4172 Boot type: Normal boot
    09:20:21.0982 4172 ============================================================
    09:20:22.0357 4172 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:20:22.0357 4172 ============================================================
    09:20:22.0357 4172 \Device\Harddisk0\DR0:
    09:20:22.0357 4172 MBR partitions:
    09:20:22.0357 4172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1188800, BlocksNum 0x32000
    09:20:22.0357 4172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11BA800, BlocksNum 0x24273AB0
    09:20:22.0357 4172 ============================================================
    09:20:22.0403 4172 C: <-> \Device\Harddisk0\DR0\Partition2
    09:20:22.0403 4172 ============================================================
    09:20:22.0403 4172 Initialize success
    09:20:22.0403 4172 ============================================================
    09:20:24.0821 4396 ============================================================
    09:20:24.0821 4396 Scan started
    09:20:24.0821 4396 Mode: Manual;
    09:20:24.0821 4396 ============================================================
    09:20:25.0009 4396 ================ Scan system memory ========================
    09:20:25.0009 4396 System memory - ok
    09:20:25.0009 4396 ================ Scan services =============================
    09:20:25.0211 4396 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    09:20:25.0243 4396 1394ohci - ok
    09:20:25.0336 4396 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    09:20:25.0367 4396 ACDaemon - ok
    09:20:25.0414 4396 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    09:20:25.0414 4396 ACPI - ok
    09:20:25.0477 4396 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    09:20:25.0477 4396 AcpiPmi - ok
    09:20:25.0586 4396 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    09:20:25.0586 4396 AdobeActiveFileMonitor5.0 - ok
    09:20:25.0679 4396 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    09:20:25.0679 4396 AdobeARMservice - ok
    09:20:25.0742 4396 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    09:20:25.0773 4396 adp94xx - ok
    09:20:25.0820 4396 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    09:20:25.0835 4396 adpahci - ok
    09:20:25.0867 4396 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    09:20:25.0867 4396 adpu320 - ok
    09:20:25.0898 4396 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    09:20:25.0898 4396 AeLookupSvc - ok
    09:20:25.0945 4396 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    09:20:25.0976 4396 AFD - ok
    09:20:26.0007 4396 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    09:20:26.0023 4396 agp440 - ok
    09:20:26.0069 4396 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    09:20:26.0085 4396 ALG - ok
    09:20:26.0116 4396 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    09:20:26.0132 4396 aliide - ok
    09:20:26.0163 4396 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    09:20:26.0163 4396 amdide - ok
    09:20:26.0194 4396 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    09:20:26.0225 4396 AmdK8 - ok
    09:20:26.0257 4396 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    09:20:26.0288 4396 AmdPPM - ok
    09:20:26.0335 4396 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    09:20:26.0350 4396 amdsata - ok
    09:20:26.0397 4396 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    09:20:26.0413 4396 amdsbs - ok
    09:20:26.0428 4396 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    09:20:26.0444 4396 amdxata - ok
    09:20:26.0475 4396 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
    09:20:26.0491 4396 ApfiltrService - ok
    09:20:26.0553 4396 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    09:20:26.0569 4396 AppID - ok
    09:20:26.0615 4396 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    09:20:26.0647 4396 AppIDSvc - ok
    09:20:26.0693 4396 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
    09:20:26.0693 4396 Appinfo - ok
    09:20:26.0740 4396 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    09:20:26.0756 4396 Apple Mobile Device - ok
    09:20:26.0787 4396 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    09:20:26.0803 4396 arc - ok
    09:20:26.0865 4396 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    09:20:26.0881 4396 arcsas - ok
    09:20:26.0912 4396 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    09:20:26.0943 4396 ArcSoftKsUFilter - ok
    09:20:27.0068 4396 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    09:20:27.0099 4396 aspnet_state - ok
    09:20:27.0115 4396 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    09:20:27.0130 4396 AsyncMac - ok
    09:20:27.0193 4396 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    09:20:27.0193 4396 atapi - ok
    09:20:27.0271 4396 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    09:20:27.0302 4396 athr - ok
    09:20:27.0505 4396 [ 89A3D56CE4044F35B9D08DD37193BBFC ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    09:20:27.0661 4396 atikmdag - ok
    09:20:27.0723 4396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    09:20:27.0739 4396 AudioEndpointBuilder - ok
    09:20:27.0754 4396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    09:20:27.0770 4396 AudioSrv - ok
    09:20:27.0817 4396 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    09:20:27.0832 4396 AxInstSV - ok
    09:20:27.0895 4396 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    09:20:27.0910 4396 b06bdrv - ok
    09:20:27.0941 4396 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    09:20:27.0957 4396 b57nd60a - ok
    09:20:28.0004 4396 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    09:20:28.0035 4396 BDESVC - ok
    09:20:28.0066 4396 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    09:20:28.0082 4396 Beep - ok
    09:20:28.0144 4396 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    09:20:28.0160 4396 BFE - ok
    09:20:28.0363 4396 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys
    09:20:28.0409 4396 BHDrvx64 - ok
    09:20:28.0456 4396 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    09:20:28.0472 4396 BITS - ok
    09:20:28.0503 4396 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    09:20:28.0503 4396 blbdrive - ok
    09:20:28.0581 4396 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    09:20:28.0581 4396 Bonjour Service - ok
    09:20:28.0628 4396 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    09:20:28.0659 4396 bowser - ok
    09:20:28.0690 4396 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    09:20:28.0690 4396 BrFiltLo - ok
    09:20:28.0706 4396 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    09:20:28.0706 4396 BrFiltUp - ok
    09:20:28.0753 4396 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    09:20:28.0753 4396 Browser - ok
    09:20:28.0784 4396 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    09:20:28.0799 4396 Brserid - ok
    09:20:28.0815 4396 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    09:20:28.0815 4396 BrSerWdm - ok
    09:20:28.0846 4396 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    09:20:28.0877 4396 BrUsbMdm - ok
    09:20:28.0909 4396 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    09:20:28.0909 4396 BrUsbSer - ok
    09:20:28.0955 4396 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    09:20:28.0955 4396 BthEnum - ok
    09:20:28.0987 4396 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    09:20:28.0987 4396 BTHMODEM - ok
    09:20:29.0018 4396 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    09:20:29.0033 4396 BthPan - ok
    09:20:29.0080 4396 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    09:20:29.0080 4396 BTHPORT - ok
    09:20:29.0143 4396 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    09:20:29.0174 4396 bthserv - ok
    09:20:29.0221 4396 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    09:20:29.0221 4396 BTHUSB - ok
    09:20:29.0267 4396 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
    09:20:29.0283 4396 btusbflt - ok
    09:20:29.0299 4396 btwaudio - ok
    09:20:29.0330 4396 btwavdt - ok
    09:20:29.0330 4396 btwl2cap - ok
    09:20:29.0345 4396 btwrchid - ok
    09:20:29.0423 4396 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys
    09:20:29.0439 4396 ccHP - ok
    09:20:29.0486 4396 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    09:20:29.0486 4396 cdfs - ok
    09:20:29.0548 4396 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    09:20:29.0548 4396 cdrom - ok
    09:20:29.0595 4396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    09:20:29.0595 4396 CertPropSvc - ok
    09:20:29.0626 4396 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    09:20:29.0642 4396 circlass - ok
    09:20:29.0673 4396 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    09:20:29.0704 4396 CLFS - ok
    09:20:29.0782 4396 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:20:29.0798 4396 clr_optimization_v2.0.50727_32 - ok
    09:20:29.0813 4396 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    09:20:29.0845 4396 clr_optimization_v2.0.50727_64 - ok
    09:20:29.0923 4396 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:20:29.0923 4396 clr_optimization_v4.0.30319_32 - ok
    09:20:29.0954 4396 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    09:20:29.0954 4396 clr_optimization_v4.0.30319_64 - ok
    09:20:29.0985 4396 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    09:20:30.0001 4396 CmBatt - ok
    09:20:30.0016 4396 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    09:20:30.0016 4396 cmdide - ok
    09:20:30.0079 4396 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    09:20:30.0110 4396 CNG - ok
    09:20:30.0157 4396 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    09:20:30.0157 4396 Compbatt - ok
    09:20:30.0219 4396 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    09:20:30.0219 4396 CompositeBus - ok
    09:20:30.0235 4396 COMSysApp - ok
    09:20:30.0266 4396 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    09:20:30.0281 4396 crcdisk - ok
    09:20:30.0328 4396 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    09:20:30.0328 4396 CryptSvc - ok
    09:20:30.0375 4396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    09:20:30.0375 4396 DcomLaunch - ok
    09:20:30.0422 4396 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    09:20:30.0422 4396 defragsvc - ok
    09:20:30.0469 4396 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    09:20:30.0500 4396 DfsC - ok
    09:20:30.0531 4396 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    09:20:30.0531 4396 Dhcp - ok
    09:20:30.0578 4396 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    09:20:30.0578 4396 discache - ok
    09:20:30.0625 4396 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    09:20:30.0625 4396 Disk - ok
    09:20:30.0656 4396 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    09:20:30.0656 4396 Dnscache - ok
    09:20:30.0703 4396 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    09:20:30.0734 4396 dot3svc - ok
    09:20:30.0765 4396 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    09:20:30.0781 4396 DPS - ok
    09:20:30.0796 4396 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    09:20:30.0812 4396 drmkaud - ok
    09:20:30.0859 4396 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    09:20:30.0890 4396 DXGKrnl - ok
    09:20:30.0937 4396 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    09:20:30.0937 4396 EapHost - ok
    09:20:31.0046 4396 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    09:20:31.0139 4396 ebdrv - ok
    09:20:31.0264 4396 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    09:20:31.0295 4396 eeCtrl - ok
    09:20:31.0311 4396 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    09:20:31.0327 4396 EFS - ok
    09:20:31.0405 4396 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    09:20:31.0420 4396 ehRecvr - ok
    09:20:31.0451 4396 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    09:20:31.0467 4396 ehSched - ok
    09:20:31.0514 4396 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    09:20:31.0545 4396 elxstor - ok
    09:20:31.0592 4396 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    09:20:31.0623 4396 EraserUtilRebootDrv - ok
    09:20:31.0654 4396 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    09:20:31.0654 4396 ErrDev - ok
    09:20:31.0717 4396 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    09:20:31.0717 4396 EventSystem - ok
    09:20:31.0748 4396 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    09:20:31.0748 4396 exfat - ok
    09:20:31.0795 4396 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    09:20:31.0810 4396 fastfat - ok
    09:20:31.0857 4396 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    09:20:31.0904 4396 Fax - ok
    09:20:31.0919 4396 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    09:20:31.0919 4396 fdc - ok
    09:20:31.0951 4396 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    09:20:31.0966 4396 fdPHost - ok
    09:20:31.0997 4396 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    09:20:31.0997 4396 FDResPub - ok
    09:20:32.0029 4396 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    09:20:32.0029 4396 FileInfo - ok
    09:20:32.0044 4396 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    09:20:32.0060 4396 Filetrace - ok
    09:20:32.0075 4396 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    09:20:32.0075 4396 flpydisk - ok
    09:20:32.0122 4396 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    09:20:32.0138 4396 FltMgr - ok
    09:20:32.0216 4396 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    09:20:32.0231 4396 FontCache - ok
    09:20:32.0294 4396 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    09:20:32.0309 4396 FontCache3.0.0.0 - ok
    09:20:32.0341 4396 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    09:20:32.0341 4396 FsDepends - ok
    09:20:32.0372 4396 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    09:20:32.0387 4396 Fs_Rec - ok
    09:20:32.0497 4396 [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe
    09:20:32.0512 4396 fussvc - ok
    09:20:32.0543 4396 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    09:20:32.0575 4396 fvevol - ok
    09:20:32.0621 4396 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    09:20:32.0637 4396 gagp30kx - ok
    09:20:32.0684 4396 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    09:20:32.0699 4396 GEARAspiWDM - ok
    09:20:32.0746 4396 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    09:20:32.0762 4396 gpsvc - ok
    09:20:32.0777 4396 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    09:20:32.0777 4396 hcw85cir - ok
    09:20:32.0840 4396 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    09:20:32.0855 4396 HdAudAddService - ok
    09:20:32.0933 4396 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    09:20:32.0933 4396 HDAudBus - ok
    09:20:32.0965 4396 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
    09:20:32.0980 4396 HECIx64 - ok
    09:20:33.0011 4396 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    09:20:33.0011 4396 HidBatt - ok
    09:20:33.0058 4396 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    09:20:33.0058 4396 HidBth - ok
    09:20:33.0089 4396 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    09:20:33.0089 4396 HidIr - ok
    09:20:33.0121 4396 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    09:20:33.0136 4396 hidserv - ok
    09:20:33.0152 4396 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    09:20:33.0152 4396 HidUsb - ok
    09:20:33.0199 4396 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    09:20:33.0199 4396 hkmsvc - ok
    09:20:33.0230 4396 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    09:20:33.0261 4396 HomeGroupListener - ok
    09:20:33.0308 4396 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    09:20:33.0308 4396 HomeGroupProvider - ok
    09:20:33.0355 4396 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    09:20:33.0355 4396 HpSAMD - ok
    09:20:33.0386 4396 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    09:20:33.0417 4396 HTTP - ok
    09:20:33.0433 4396 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    09:20:33.0448 4396 hwpolicy - ok
    09:20:33.0495 4396 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    09:20:33.0495 4396 i8042prt - ok
    09:20:33.0542 4396 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    09:20:33.0542 4396 iaStor - ok
    09:20:33.0635 4396 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    09:20:33.0651 4396 IAStorDataMgrSvc - ok
    09:20:33.0698 4396 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    09:20:33.0698 4396 iaStorV - ok
    09:20:33.0776 4396 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    09:20:33.0791 4396 idsvc - ok
    09:20:33.0901 4396 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20130517.001\IDSvia64.sys
    09:20:33.0932 4396 IDSVia64 - ok
    09:20:34.0119 4396 [ 31D1AFF484D8A0906CF8D44251EC390F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    09:20:34.0306 4396 igfx - ok
    09:20:34.0337 4396 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    09:20:34.0353 4396 iirsp - ok
    09:20:34.0400 4396 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    09:20:34.0415 4396 IKEEXT - ok
    09:20:34.0478 4396 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    09:20:34.0478 4396 Impcd - ok
    09:20:34.0571 4396 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    09:20:34.0634 4396 IntcAzAudAddService - ok
    09:20:34.0681 4396 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    09:20:34.0712 4396 IntcDAud - ok
    09:20:34.0743 4396 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    09:20:34.0743 4396 intelide - ok
    09:20:34.0774 4396 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    09:20:34.0774 4396 intelppm - ok
    09:20:34.0805 4396 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    09:20:34.0837 4396 IPBusEnum - ok
    09:20:34.0868 4396 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:20:34.0883 4396 IpFilterDriver - ok
    09:20:34.0946 4396 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    09:20:34.0946 4396 iphlpsvc - ok
    09:20:34.0977 4396 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    09:20:34.0977 4396 IPMIDRV - ok
    09:20:35.0008 4396 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    09:20:35.0024 4396 IPNAT - ok
    09:20:35.0086 4396 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    09:20:35.0117 4396 iPod Service - ok
    09:20:35.0164 4396 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    09:20:35.0164 4396 IRENUM - ok
    09:20:35.0195 4396 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    09:20:35.0195 4396 isapnp - ok
    09:20:35.0227 4396 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    09:20:35.0227 4396 iScsiPrt - ok
    09:20:35.0273 4396 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    09:20:35.0273 4396 kbdclass - ok
    09:20:35.0305 4396 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    09:20:35.0305 4396 kbdhid - ok
    09:20:35.0320 4396 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    09:20:35.0320 4396 KeyIso - ok
    09:20:35.0351 4396 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    09:20:35.0367 4396 KSecDD - ok
    09:20:35.0414 4396 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    09:20:35.0429 4396 KSecPkg - ok
    09:20:35.0461 4396 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    09:20:35.0461 4396 ksthunk - ok
    09:20:35.0492 4396 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    09:20:35.0523 4396 KtmRm - ok
    09:20:35.0585 4396 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    09:20:35.0585 4396 LanmanServer - ok
    09:20:35.0632 4396 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    09:20:35.0632 4396 LanmanWorkstation - ok
    09:20:35.0663 4396 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    09:20:35.0663 4396 lltdio - ok
    09:20:35.0710 4396 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    09:20:35.0726 4396 lltdsvc - ok
    09:20:35.0757 4396 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    09:20:35.0757 4396 lmhosts - ok
    09:20:35.0835 4396 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    09:20:35.0835 4396 LMS - ok
    09:20:35.0882 4396 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    09:20:35.0882 4396 LSI_FC - ok
    09:20:35.0897 4396 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    09:20:35.0913 4396 LSI_SAS - ok
    09:20:35.0929 4396 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    09:20:35.0944 4396 LSI_SAS2 - ok
    09:20:35.0991 4396 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    09:20:35.0991 4396 LSI_SCSI - ok
    09:20:36.0022 4396 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    09:20:36.0022 4396 luafv - ok
    09:20:36.0069 4396 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    09:20:36.0116 4396 Mcx2Svc - ok
    09:20:36.0147 4396 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    09:20:36.0163 4396 megasas - ok
    09:20:36.0209 4396 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    09:20:36.0209 4396 MegaSR - ok
    09:20:36.0241 4396 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    09:20:36.0256 4396 MMCSS - ok
    09:20:36.0272 4396 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    09:20:36.0272 4396 Modem - ok
    09:20:36.0303 4396 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    09:20:36.0303 4396 monitor - ok
    09:20:36.0350 4396 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    09:20:36.0350 4396 mouclass - ok
    09:20:36.0397 4396 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    09:20:36.0397 4396 mouhid - ok
    09:20:36.0428 4396 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    09:20:36.0443 4396 mountmgr - ok
    09:20:36.0521 4396 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    09:20:36.0537 4396 MozillaMaintenance - ok
    09:20:36.0584 4396 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    09:20:36.0584 4396 mpio - ok
    09:20:36.0615 4396 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    09:20:36.0631 4396 mpsdrv - ok
    09:20:36.0677 4396 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    09:20:36.0693 4396 MpsSvc - ok
    09:20:36.0740 4396 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    09:20:36.0755 4396 MRxDAV - ok
    09:20:36.0802 4396 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:20:36.0818 4396 mrxsmb - ok
    09:20:36.0865 4396 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:20:36.0880 4396 mrxsmb10 - ok
    09:20:36.0911 4396 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:20:36.0927 4396 mrxsmb20 - ok
    09:20:36.0989 4396 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    09:20:36.0989 4396 msahci - ok
    09:20:37.0021 4396 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    09:20:37.0021 4396 msdsm - ok
    09:20:37.0036 4396 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    09:20:37.0052 4396 MSDTC - ok
    09:20:37.0083 4396 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    09:20:37.0099 4396 Msfs - ok
    09:20:37.0130 4396 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    09:20:37.0130 4396 mshidkmdf - ok
    09:20:37.0130 4396 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    09:20:37.0130 4396 msisadrv - ok
    09:20:37.0177 4396 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    09:20:37.0208 4396 MSiSCSI - ok
    09:20:37.0208 4396 msiserver - ok
    09:20:37.0239 4396 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    09:20:37.0239 4396 MSKSSRV - ok
    09:20:37.0255 4396 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    09:20:37.0270 4396 MSPCLOCK - ok
    09:20:37.0286 4396 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    09:20:37.0301 4396 MSPQM - ok
    09:20:37.0333 4396 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    09:20:37.0364 4396 MsRPC - ok
    09:20:37.0395 4396 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    09:20:37.0395 4396 mssmbios - ok
    09:20:37.0426 4396 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    09:20:37.0426 4396 MSTEE - ok
    09:20:37.0613 4396 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    09:20:37.0769 4396 msvsmon90 - ok
    09:20:37.0785 4396 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    09:20:37.0801 4396 MTConfig - ok
    09:20:37.0832 4396 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    09:20:37.0832 4396 Mup - ok
    09:20:37.0879 4396 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    09:20:37.0894 4396 napagent - ok
    09:20:37.0925 4396 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    09:20:37.0941 4396 NativeWifiP - ok
    09:20:38.0050 4396 [ B4187346F54E362DAFFE647B25A58D50 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
    09:20:38.0050 4396 NAV - ok
    09:20:38.0175 4396 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20130517.025\ENG64.SYS
    09:20:38.0191 4396 NAVENG - ok
    09:20:38.0253 4396 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20130517.025\EX64.SYS
    09:20:38.0300 4396 NAVEX15 - ok
    09:20:38.0347 4396 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    09:20:38.0362 4396 NDIS - ok
    09:20:38.0393 4396 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    09:20:38.0409 4396 NdisCap - ok
    09:20:38.0440 4396 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    09:20:38.0440 4396 NdisTapi - ok
    09:20:38.0487 4396 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    09:20:38.0503 4396 Ndisuio - ok
    09:20:38.0565 4396 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    09:20:38.0565 4396 NdisWan - ok
    09:20:38.0612 4396 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    09:20:38.0643 4396 NDProxy - ok
    09:20:38.0674 4396 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    09:20:38.0674 4396 NetBIOS - ok
    09:20:38.0705 4396 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    09:20:38.0737 4396 NetBT - ok
    09:20:38.0768 4396 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    09:20:38.0768 4396 Netlogon - ok
    09:20:38.0799 4396 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    09:20:38.0799 4396 Netman - ok
    09:20:38.0846 4396 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:20:38.0861 4396 NetMsmqActivator - ok
    09:20:38.0893 4396 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:20:38.0893 4396 NetPipeActivator - ok
    09:20:38.0924 4396 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    09:20:38.0924 4396 netprofm - ok
    09:20:38.0955 4396 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:20:38.0955 4396 NetTcpActivator - ok
    09:20:38.0971 4396 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:20:38.0971 4396 NetTcpPortSharing - ok
    09:20:39.0033 4396 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    09:20:39.0033 4396 nfrd960 - ok
    09:20:39.0080 4396 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    09:20:39.0080 4396 NlaSvc - ok
    09:20:39.0111 4396 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    09:20:39.0127 4396 Npfs - ok
    09:20:39.0158 4396 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    09:20:39.0158 4396 nsi - ok

  9. #9
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    (TDS CONTINUED)

    09:20:39.0173 4396 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    09:20:39.0173 4396 nsiproxy - ok
    09:20:39.0251 4396 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    09:20:39.0298 4396 Ntfs - ok
    09:20:39.0329 4396 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    09:20:39.0345 4396 Null - ok
    09:20:39.0376 4396 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    09:20:39.0376 4396 nvraid - ok
    09:20:39.0392 4396 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    09:20:39.0407 4396 nvstor - ok
    09:20:39.0454 4396 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    09:20:39.0454 4396 nv_agp - ok
    09:20:39.0548 4396 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    09:20:39.0563 4396 odserv - ok
    09:20:39.0595 4396 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    09:20:39.0595 4396 ohci1394 - ok
    09:20:39.0626 4396 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:20:39.0641 4396 ose - ok
    09:20:39.0673 4396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    09:20:39.0673 4396 p2pimsvc - ok
    09:20:39.0719 4396 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    09:20:39.0735 4396 p2psvc - ok
    09:20:39.0766 4396 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    09:20:39.0766 4396 Parport - ok
    09:20:39.0813 4396 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    09:20:39.0829 4396 partmgr - ok
    09:20:39.0844 4396 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    09:20:39.0860 4396 PcaSvc - ok
    09:20:39.0891 4396 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    09:20:39.0891 4396 pci - ok
    09:20:39.0907 4396 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    09:20:39.0922 4396 pciide - ok
    09:20:39.0953 4396 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    09:20:39.0953 4396 pcmcia - ok
    09:20:39.0985 4396 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    09:20:39.0985 4396 pcw - ok
    09:20:40.0031 4396 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    09:20:40.0031 4396 PEAUTH - ok
    09:20:40.0141 4396 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    09:20:40.0156 4396 PerfHost - ok
    09:20:40.0219 4396 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    09:20:40.0250 4396 pla - ok
    09:20:40.0312 4396 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    09:20:40.0328 4396 PlugPlay - ok
    09:20:40.0437 4396 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    09:20:40.0484 4396 PMBDeviceInfoProvider - ok
    09:20:40.0499 4396 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    09:20:40.0546 4396 PNRPAutoReg - ok
    09:20:40.0562 4396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    09:20:40.0577 4396 PNRPsvc - ok
    09:20:40.0609 4396 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    09:20:40.0624 4396 PolicyAgent - ok
    09:20:40.0655 4396 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    09:20:40.0655 4396 Power - ok
    09:20:40.0702 4396 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    09:20:40.0718 4396 PptpMiniport - ok
    09:20:40.0765 4396 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    09:20:40.0765 4396 Processor - ok
    09:20:40.0811 4396 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    09:20:40.0811 4396 ProfSvc - ok
    09:20:40.0827 4396 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    09:20:40.0827 4396 ProtectedStorage - ok
    09:20:40.0874 4396 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    09:20:40.0874 4396 Psched - ok
    09:20:40.0905 4396 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    09:20:40.0936 4396 PxHlpa64 - ok
    09:20:41.0030 4396 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    09:20:41.0045 4396 ql2300 - ok
    09:20:41.0077 4396 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    09:20:41.0092 4396 ql40xx - ok
    09:20:41.0139 4396 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    09:20:41.0155 4396 QWAVE - ok
    09:20:41.0186 4396 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    09:20:41.0186 4396 QWAVEdrv - ok
    09:20:41.0201 4396 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    09:20:41.0201 4396 RasAcd - ok
    09:20:41.0248 4396 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    09:20:41.0248 4396 RasAgileVpn - ok
    09:20:41.0279 4396 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    09:20:41.0295 4396 RasAuto - ok
    09:20:41.0326 4396 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:20:41.0326 4396 Rasl2tp - ok
    09:20:41.0357 4396 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    09:20:41.0389 4396 RasMan - ok
    09:20:41.0404 4396 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    09:20:41.0404 4396 RasPppoe - ok
    09:20:41.0420 4396 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    09:20:41.0420 4396 RasSstp - ok
    09:20:41.0467 4396 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    09:20:41.0482 4396 rdbss - ok
    09:20:41.0513 4396 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    09:20:41.0529 4396 rdpbus - ok
    09:20:41.0545 4396 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:20:41.0545 4396 RDPCDD - ok
    09:20:41.0560 4396 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    09:20:41.0560 4396 RDPENCDD - ok
    09:20:41.0576 4396 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    09:20:41.0576 4396 RDPREFMP - ok
    09:20:41.0607 4396 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    09:20:41.0638 4396 RDPWD - ok
    09:20:41.0701 4396 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    09:20:41.0701 4396 rdyboost - ok
    09:20:41.0732 4396 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    09:20:41.0732 4396 RemoteAccess - ok
    09:20:41.0763 4396 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    09:20:41.0794 4396 RemoteRegistry - ok
    09:20:41.0825 4396 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    09:20:41.0857 4396 RFCOMM - ok
    09:20:41.0888 4396 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
    09:20:41.0888 4396 rimspci - ok
    09:20:41.0919 4396 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
    09:20:41.0919 4396 risdsnpe - ok
    09:20:41.0966 4396 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    09:20:42.0013 4396 Roxio UPnP Renderer 10 - ok
    09:20:42.0044 4396 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
    09:20:42.0075 4396 Roxio Upnp Server 10 - ok
    09:20:42.0091 4396 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    09:20:42.0106 4396 RpcEptMapper - ok
    09:20:42.0137 4396 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    09:20:42.0137 4396 RpcLocator - ok
    09:20:42.0184 4396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    09:20:42.0184 4396 RpcSs - ok
    09:20:42.0231 4396 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    09:20:42.0231 4396 rspndr - ok
    09:20:42.0340 4396 [ 6B318F9443740A907D1C8F3460C19009 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
    09:20:42.0387 4396 SampleCollector - ok
    09:20:42.0403 4396 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    09:20:42.0403 4396 SamSs - ok
    09:20:42.0434 4396 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    09:20:42.0434 4396 sbp2port - ok
    09:20:42.0527 4396 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    09:20:42.0543 4396 SBSDWSCService - ok
    09:20:42.0574 4396 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    09:20:42.0621 4396 SCardSvr - ok
    09:20:42.0652 4396 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    09:20:42.0668 4396 scfilter - ok
    09:20:42.0715 4396 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    09:20:42.0746 4396 Schedule - ok
    09:20:42.0777 4396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    09:20:42.0777 4396 SCPolicySvc - ok
    09:20:42.0839 4396 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    09:20:42.0855 4396 sdbus - ok
    09:20:42.0902 4396 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    09:20:42.0933 4396 SDRSVC - ok
    09:20:43.0027 4396 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    09:20:43.0042 4396 secdrv - ok
    09:20:43.0073 4396 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    09:20:43.0073 4396 seclogon - ok
    09:20:43.0105 4396 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    09:20:43.0105 4396 SENS - ok
    09:20:43.0136 4396 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    09:20:43.0167 4396 SensrSvc - ok
    09:20:43.0183 4396 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    09:20:43.0183 4396 Serenum - ok
    09:20:43.0214 4396 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    09:20:43.0214 4396 Serial - ok
    09:20:43.0276 4396 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    09:20:43.0276 4396 sermouse - ok
    09:20:43.0323 4396 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    09:20:43.0323 4396 SessionEnv - ok
    09:20:43.0354 4396 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
    09:20:43.0354 4396 SFEP - ok
    09:20:43.0385 4396 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    09:20:43.0385 4396 sffdisk - ok
    09:20:43.0401 4396 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    09:20:43.0417 4396 sffp_mmc - ok
    09:20:43.0432 4396 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    09:20:43.0432 4396 sffp_sd - ok
    09:20:43.0448 4396 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    09:20:43.0448 4396 sfloppy - ok
    09:20:43.0495 4396 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    09:20:43.0510 4396 SharedAccess - ok
    09:20:43.0557 4396 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    09:20:43.0557 4396 ShellHWDetection - ok
    09:20:43.0604 4396 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    09:20:43.0619 4396 SiSRaid2 - ok
    09:20:43.0651 4396 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    09:20:43.0666 4396 SiSRaid4 - ok
    09:20:43.0713 4396 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    09:20:43.0729 4396 SkypeUpdate - ok
    09:20:43.0744 4396 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    09:20:43.0744 4396 Smb - ok
    09:20:43.0791 4396 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    09:20:43.0807 4396 SNMPTRAP - ok
    09:20:43.0869 4396 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    09:20:43.0869 4396 SOHCImp - ok
    09:20:43.0900 4396 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    09:20:43.0900 4396 SOHDBSvr - ok
    09:20:43.0931 4396 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    09:20:43.0931 4396 SOHDms - ok
    09:20:43.0947 4396 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    09:20:43.0963 4396 SOHDs - ok
    09:20:43.0994 4396 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    09:20:43.0994 4396 SOHPlMgr - ok
    09:20:44.0009 4396 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    09:20:44.0056 4396 spldr - ok
    09:20:44.0103 4396 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    09:20:44.0119 4396 Spooler - ok
    09:20:44.0228 4396 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    09:20:44.0275 4396 sppsvc - ok
    09:20:44.0306 4396 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    09:20:44.0337 4396 sppuinotify - ok
    09:20:44.0384 4396 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    09:20:44.0384 4396 SQLWriter - ok
    09:20:44.0493 4396 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NAVx64\1109000.00C\SRTSP64.SYS
    09:20:44.0509 4396 SRTSP - ok
    09:20:44.0555 4396 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NAVx64\1109000.00C\SRTSPX64.SYS
    09:20:44.0555 4396 SRTSPX - ok
    09:20:44.0602 4396 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    09:20:44.0633 4396 srv - ok
    09:20:44.0665 4396 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    09:20:44.0696 4396 srv2 - ok
    09:20:44.0727 4396 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    09:20:44.0743 4396 srvnet - ok
    09:20:44.0774 4396 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    09:20:44.0789 4396 SSDPSRV - ok
    09:20:44.0805 4396 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    09:20:44.0821 4396 SstpSvc - ok
    09:20:44.0867 4396 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    09:20:44.0867 4396 stexstor - ok
    09:20:44.0914 4396 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    09:20:44.0930 4396 stisvc - ok
    09:20:44.0977 4396 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    09:20:44.0977 4396 swenum - ok
    09:20:45.0008 4396 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    09:20:45.0023 4396 swprv - ok
    09:20:45.0086 4396 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS
    09:20:45.0101 4396 SymDS - ok
    09:20:45.0148 4396 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS
    09:20:45.0164 4396 SymEFA - ok
    09:20:45.0211 4396 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    09:20:45.0242 4396 SymEvent - ok
    09:20:45.0304 4396 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS
    09:20:45.0304 4396 SymIRON - ok
    09:20:45.0335 4396 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS
    09:20:45.0335 4396 SYMTDIv - ok
    09:20:45.0398 4396 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    09:20:45.0429 4396 SysMain - ok
    09:20:45.0460 4396 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    09:20:45.0491 4396 TabletInputService - ok
    09:20:45.0538 4396 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    09:20:45.0538 4396 TapiSrv - ok
    09:20:45.0569 4396 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    09:20:45.0585 4396 TBS - ok
    09:20:45.0663 4396 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    09:20:45.0725 4396 Tcpip - ok
    09:20:45.0772 4396 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    09:20:45.0788 4396 TCPIP6 - ok
    09:20:45.0819 4396 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    09:20:45.0835 4396 tcpipreg - ok
    09:20:45.0866 4396 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    09:20:45.0866 4396 TDPIPE - ok
    09:20:45.0897 4396 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    09:20:45.0913 4396 TDTCP - ok
    09:20:45.0944 4396 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    09:20:45.0959 4396 tdx - ok
    09:20:46.0022 4396 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
    09:20:46.0053 4396 Te.Service - ok
    09:20:46.0084 4396 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    09:20:46.0084 4396 TermDD - ok
    09:20:46.0131 4396 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    09:20:46.0147 4396 TermService - ok
    09:20:46.0178 4396 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    09:20:46.0193 4396 Themes - ok
    09:20:46.0225 4396 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    09:20:46.0225 4396 THREADORDER - ok
    09:20:46.0240 4396 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    09:20:46.0240 4396 TrkWks - ok
    09:20:46.0303 4396 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    09:20:46.0303 4396 TrustedInstaller - ok
    09:20:46.0349 4396 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:20:46.0381 4396 tssecsrv - ok
    09:20:46.0427 4396 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    09:20:46.0427 4396 TsUsbFlt - ok
    09:20:46.0474 4396 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    09:20:46.0474 4396 tunnel - ok
    09:20:46.0505 4396 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    09:20:46.0521 4396 uagp35 - ok
    09:20:46.0568 4396 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    09:20:46.0568 4396 uCamMonitor - ok
    09:20:46.0599 4396 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    09:20:46.0615 4396 udfs - ok
    09:20:46.0646 4396 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    09:20:46.0677 4396 UI0Detect - ok
    09:20:46.0708 4396 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    09:20:46.0708 4396 uliagpkx - ok
    09:20:46.0739 4396 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    09:20:46.0755 4396 umbus - ok
    09:20:46.0786 4396 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    09:20:46.0786 4396 UmPass - ok
    09:20:46.0927 4396 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    09:20:46.0958 4396 UNS - ok
    09:20:47.0005 4396 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    09:20:47.0005 4396 upnphost - ok
    09:20:47.0051 4396 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    09:20:47.0067 4396 USBAAPL64 - ok
    09:20:47.0114 4396 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    09:20:47.0114 4396 usbccgp - ok
    09:20:47.0161 4396 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    09:20:47.0176 4396 usbcir - ok
    09:20:47.0192 4396 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    09:20:47.0192 4396 usbehci - ok
    09:20:47.0223 4396 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    09:20:47.0223 4396 usbhub - ok
    09:20:47.0239 4396 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    09:20:47.0254 4396 usbohci - ok
    09:20:47.0270 4396 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    09:20:47.0285 4396 usbprint - ok
    09:20:47.0332 4396 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    09:20:47.0348 4396 USBSTOR - ok
    09:20:47.0363 4396 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    09:20:47.0363 4396 usbuhci - ok
    09:20:47.0410 4396 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    09:20:47.0410 4396 usbvideo - ok
    09:20:47.0441 4396 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    09:20:47.0441 4396 UxSms - ok
    09:20:47.0519 4396 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
    09:20:47.0535 4396 VAIO Entertainment TV Device Arbitration Service - ok
    09:20:47.0566 4396 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    09:20:47.0582 4396 VAIO Event Service - ok
    09:20:47.0660 4396 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    09:20:47.0660 4396 VAIO Power Management - ok
    09:20:47.0691 4396 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    09:20:47.0691 4396 VaultSvc - ok
    09:20:47.0769 4396 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    09:20:47.0769 4396 VCFw - ok
    09:20:47.0816 4396 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
    09:20:47.0831 4396 VClone - ok
    09:20:47.0909 4396 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    09:20:47.0956 4396 VcmIAlzMgr - ok
    09:20:47.0987 4396 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    09:20:47.0987 4396 VcmINSMgr - ok
    09:20:48.0065 4396 [ DFE10C68EF4684F7754FCCA39A4CC6BA ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    09:20:48.0081 4396 VcmXmlIfHelper - ok
    09:20:48.0112 4396 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    09:20:48.0128 4396 vdrvroot - ok
    09:20:48.0159 4396 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    09:20:48.0190 4396 vds - ok
    09:20:48.0221 4396 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    09:20:48.0253 4396 vga - ok
    09:20:48.0268 4396 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    09:20:48.0268 4396 VgaSave - ok
    09:20:48.0299 4396 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    09:20:48.0315 4396 vhdmp - ok
    09:20:48.0331 4396 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    09:20:48.0331 4396 viaide - ok
    09:20:48.0362 4396 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    09:20:48.0362 4396 volmgr - ok
    09:20:48.0393 4396 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    09:20:48.0409 4396 volmgrx - ok
    09:20:48.0424 4396 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    09:20:48.0440 4396 volsnap - ok
    09:20:48.0471 4396 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    09:20:48.0487 4396 vsmraid - ok
    09:20:48.0596 4396 [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
    09:20:48.0611 4396 VSPerfDrv110 - ok
    09:20:48.0674 4396 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    09:20:48.0705 4396 VSS - ok
    09:20:48.0814 4396 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
    09:20:48.0830 4396 VUAgent - ok
    09:20:48.0861 4396 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    09:20:48.0892 4396 vwifibus - ok
    09:20:48.0908 4396 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    09:20:48.0923 4396 vwififlt - ok
    09:20:48.0955 4396 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    09:20:48.0955 4396 VzCdbSvc - ok
    09:20:49.0001 4396 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    09:20:49.0001 4396 W32Time - ok
    09:20:49.0064 4396 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    09:20:49.0064 4396 WacomPen - ok
    09:20:49.0095 4396 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    09:20:49.0126 4396 WANARP - ok
    09:20:49.0126 4396 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    09:20:49.0126 4396 Wanarpv6 - ok
    09:20:49.0220 4396 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    09:20:49.0267 4396 WatAdminSvc - ok
    09:20:49.0329 4396 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    09:20:49.0391 4396 wbengine - ok
    09:20:49.0423 4396 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    09:20:49.0438 4396 WbioSrvc - ok
    09:20:49.0485 4396 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    09:20:49.0501 4396 wcncsvc - ok
    09:20:49.0516 4396 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    09:20:49.0516 4396 WcsPlugInService - ok
    09:20:49.0547 4396 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    09:20:49.0563 4396 Wd - ok
    09:20:49.0610 4396 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    09:20:49.0625 4396 Wdf01000 - ok
    09:20:49.0657 4396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    09:20:49.0657 4396 WdiServiceHost - ok
    09:20:49.0672 4396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    09:20:49.0672 4396 WdiSystemHost - ok
    09:20:49.0719 4396 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    09:20:49.0735 4396 WebClient - ok
    09:20:49.0750 4396 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    09:20:49.0781 4396 Wecsvc - ok
    09:20:49.0813 4396 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    09:20:49.0813 4396 wercplsupport - ok
    09:20:49.0844 4396 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    09:20:49.0859 4396 WerSvc - ok
    09:20:49.0891 4396 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    09:20:49.0891 4396 WfpLwf - ok
    09:20:49.0906 4396 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    09:20:49.0922 4396 WIMMount - ok
    09:20:49.0922 4396 WinDefend - ok
    09:20:49.0953 4396 WinHttpAutoProxySvc - ok
    09:20:50.0015 4396 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    09:20:50.0031 4396 Winmgmt - ok
    09:20:50.0109 4396 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    09:20:50.0156 4396 WinRM - ok
    09:20:50.0234 4396 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    09:20:50.0234 4396 WinUsb - ok
    09:20:50.0281 4396 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    09:20:50.0296 4396 Wlansvc - ok
    09:20:50.0421 4396 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    09:20:50.0452 4396 wlidsvc - ok
    09:20:50.0483 4396 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    09:20:50.0499 4396 WmiAcpi - ok
    09:20:50.0546 4396 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    09:20:50.0546 4396 wmiApSrv - ok
    09:20:50.0561 4396 WMPNetworkSvc - ok
    09:20:50.0608 4396 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    09:20:50.0624 4396 WPCSvc - ok
    09:20:50.0655 4396 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    09:20:50.0655 4396 WPDBusEnum - ok
    09:20:50.0686 4396 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    09:20:50.0686 4396 ws2ifsl - ok
    09:20:50.0702 4396 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    09:20:50.0717 4396 wscsvc - ok
    09:20:50.0717 4396 WSearch - ok
    09:20:50.0811 4396 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    09:20:50.0858 4396 wuauserv - ok
    09:20:50.0889 4396 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    09:20:50.0920 4396 WudfPf - ok
    09:20:50.0967 4396 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:20:50.0983 4396 WUDFRd - ok
    09:20:51.0045 4396 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    09:20:51.0045 4396 wudfsvc - ok
    09:20:51.0092 4396 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
    09:20:51.0123 4396 WwanSvc - ok
    09:20:51.0170 4396 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    09:20:51.0170 4396 yukonw7 - ok
    09:20:51.0185 4396 ================ Scan global ===============================
    09:20:51.0217 4396 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    09:20:51.0279 4396 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    09:20:51.0310 4396 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    09:20:51.0341 4396 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    09:20:51.0373 4396 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    09:20:51.0388 4396 [Global] - ok
    09:20:51.0388 4396 ================ Scan MBR ==================================
    09:20:51.0404 4396 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    09:20:51.0653 4396 \Device\Harddisk0\DR0 - ok
    09:20:51.0653 4396 ================ Scan VBR ==================================
    09:20:51.0669 4396 [ D76A362F6AF521C04969A9EB0DF1DD89 ] \Device\Harddisk0\DR0\Partition1
    09:20:51.0669 4396 \Device\Harddisk0\DR0\Partition1 - ok
    09:20:51.0669 4396 [ 6819BB751000AAFF4E2DD9907B7755ED ] \Device\Harddisk0\DR0\Partition2
    09:20:51.0685 4396 \Device\Harddisk0\DR0\Partition2 - ok
    09:20:51.0685 4396 ============================================================
    09:20:51.0685 4396 Scan finished
    09:20:51.0685 4396 ============================================================
    09:20:51.0700 6068 Detected object count: 0
    09:20:51.0700 6068 Actual detected object count: 0
    09:25:08.0776 6084 Deinitialize success




    (The combofix didn't fit - next post!)

  10. #10
    Member
    Join Date
    Mar 2009
    Posts
    54

    Default

    Thanks again, OCD.


    COMBOFIX


    ComboFix 13-05-18.02 - owner 05/18/2013 9:34.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2273 [GMT -4:00]
    Running from: c:\users\owner\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\7BB5.tmp
    c:\programdata\Microsoft\Windows\DRM\8401.tmp
    c:\users\owner\AppData\Local\assembly\tmp
    c:\windows\SysWow64\d2d1debug1.dll
    c:\windows\SysWow64\msnphoto.scr
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-18 13:41 . 2013-05-18 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-15 02:33 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-05-15 02:33 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-05-15 02:33 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-05-15 02:33 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2013-05-15 02:33 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-15 02:33 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-05-15 02:32 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 02:32 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-15 02:32 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-15 02:29 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-15 02:29 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-15 02:29 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-05-08 00:01 . 2013-05-08 00:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-23 23:02 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-15 03:04 . 2010-07-26 15:56 75016696 ----a-w- c:\windows\system32\MRT.exe
    2013-05-08 13:19 . 2012-03-31 14:22 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-08 13:19 . 2011-10-11 18:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-13 05:49 . 2013-05-15 02:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-15 02:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-15 02:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-15 02:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-15 02:29 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-15 02:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-04 18:50 . 2013-01-19 02:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-26 15:30 . 2013-03-26 15:30 98304 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}\python_icon.exe
    2013-03-20 21:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2013-03-20 21:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2013-03-19 06:04 . 2013-04-10 17:38 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-10 17:38 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-10 17:38 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 17:38 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-10 17:38 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-10 17:38 112640 ----a-w- c:\windows\system32\smss.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-12-02 06:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
    R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20130517.001\IDSvia64.sys [2012-12-27 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]
    S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]
    S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]
    S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]
    S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]
    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
    S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 14809957
    *NewlyCreated* - 20715007
    *NewlyCreated* - 68034815
    *Deregistered* - 14809957
    *Deregistered* - 20715007
    *Deregistered* - 68034815
    .
    .
    --------- X64 Entries -----------
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\h80w67sq.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-37763343-3116523698-1432640194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-37763343-3116523698-1432640194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-37763343-3116523698-1432640194-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a2,3f,0c,34,3f,9b,91,b8,e2,b0,51,10,ed,63,c0,53,7e,d9,98,e2,05,
    95,e3,ae,ae,e2,f2,3c,55,bd,01,b3,9f,95,1d,34,4c,a8,d5,84,cc,e5,d3,87,ef,75,\
    "rkeysecu"=hex:c5,39,67,ec,22,63,68,ad,cf,c8,2f,b2,f1,0d,a2,d8
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-05-18 09:44:42
    ComboFix-quarantined-files.txt 2013-05-18 13:44
    .
    Pre-Run: 238,878,097,408 bytes free
    Post-Run: 238,733,590,528 bytes free
    .
    - - End Of File - - 0E53120C92906D654567ECF17B287E15

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •