Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Firefox redirecting, AVG flagging numerious random viruses


  • This topic is locked This topic is locked
27 replies to this topic

#1 smclaugh5

smclaugh5

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 22 March 2012 - 09:21 AM

dds.scr would not complete, tried safe mode operation, same results. Got about 40 "#" and hung computer, even blue screen of death. GMER would not run with IAT/EAT unchecked, would run with Devices unchecked. Computer scanned with AVG, Malwarebytes and several utilities on other forum under the direction of Shooter93. Firefox redirects on most "open in other tab" commands to weird sites. GMER log follows:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 09:09:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 Hitachi_HTS542525K9SA00 rev.BBFOC3BP
Running: s6mkdtw3.exe; Driver: C:\Users\Steve\AppData\Local\Temp\uwtcapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\System32\Drivers\dfsc.sys section is writeable [0x911B0000, 0xA8C1, 0xE8000020]
? C:\Windows\System32\Drivers\dfsc.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\svchost.exe[1396] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 83EC8B55
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 458D74EC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 15FF50F8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] [0113F014] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 01FC7531
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 458DF875
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 15FF508C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] [0113F004] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 458D086A
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 458D50F8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 15FF508C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] [0113F000] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 508C458D
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] F00815FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 458B0113
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] E84533E4
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 33EC4533
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] C3C9F045
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 8BEC8B55
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] EC833040
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 57565314
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] D98B388B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] EB04708D
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 46B70F20
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 30448D1A
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] F0F0681C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 4F500113
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 00DCAFE8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 85595900
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 811374C0
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 00011CC6
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] [75FF8500] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 5FC033DC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] C2C95B5E
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 468B0008
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] F4458908
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 8B0C468B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 45890473
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] [74F685F0] C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNumberOfSetBitsUlongPtr] D8BB8D77
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 57000000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 14015068
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 8D426A01
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 4E50FC45
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] F0E015FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] C0850113
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 458D537C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 046A50EC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 50F8458D
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] [75FF096A] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] DC15FFFC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 850113F0
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 8B317CC0
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 452BF845
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] F0453BF4
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 006A2673
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] FFFC75FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] 13F0D415
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 7CC08501
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0C4D8B17
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 1F8B018B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 8908558B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] 5F8BC21C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] C25C8904
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 01894004
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FFFC75FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 13F0D815
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 40C78301
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 8F75F685
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] E940C033
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] FFFFFF67
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 51EC8B55
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 0173A051
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 56530114
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] C0BE0F57
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 7D89FF33
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] DC2AE8F8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] DC8B0000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] 45C7F633
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 001000FC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] FC458B00
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 0F73F83B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 11E8C72B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 8B0000DC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 2BC38BF4
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 8DF88BC6
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 5750FC45
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] FF056A56
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] 13F0D015
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 00043D01
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] D574C000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 047DC085
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 60EBC033
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] F003C033
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 468D016A
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] 18685038
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserThread] FF0113F1
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 13F0CC15
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] [75C08401] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 85068B08
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] EBE375C0
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 68006A3C
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 00040000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] F07415FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] F88B0113
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 2974FF85
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] FF016A57
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] 15FF4476
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] [0113F020] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 127CC085
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] 8B0C75FF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] 0875FFCE
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExitUserThread] 81E8C78B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 89FFFFFE
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] FF57F845
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 13F02415
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] F8458B01
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 5FEC658D
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] C2C95B5E
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 8B550008
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 3CEC81EC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 56000002
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] E856F08B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] 0000DB36
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] 00803D59
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 870F0000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] 000000AC
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 0F2E3E80
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] 0000A384
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 858D5600
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] FFFFFDC8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] 13F12068
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 15FF5001
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] [0113F02C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] FDC8858D
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 2E6AFFFF
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] DB06E850
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] C4830000
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] [74C08514] C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] 66C9337B
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] C0830889
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] F1906802
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] E8500113
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 0000DAF2
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] C0855959
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 858D6275
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgBreakPoint] FFFFFDC8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] CC758D50
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 000DFFE8
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] 19685000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb57dc19
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d01ed59
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb57dc19 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d01ed59 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow -2025893473
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy140.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 140
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature 85ecb9fe-d73d-451a-9c7f-e720b5c88810

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB997$\1098072726 0 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\@ 2048 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\cfg.ini 323 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\L 0 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\L\qnbwvoto 75264 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\oemid 213 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U 0 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\U\80000032.@ 115200 bytes
File C:\Windows\$NtUninstallKB997$\1098072726\version 868 bytes
File C:\Windows\$NtUninstallKB997$\3679707825 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 22 March 2012 - 10:42 AM

One more bit of information:

Trojan horse Crypt.AQLW shows up on AVG scan, object is inaccessible.

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 23 March 2012 - 10:33 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, smclaugh5

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

We are seeing some obvious sign of TDSS rootkit variant in GMER log. However, to access how much damage has been done, we will need to run an alternative diagnostic scan of DDS.

---------------------------------------------------------------------------------------------------

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

On your next reply please post :
OTL log
aswMBR log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 25 March 2012 - 10:00 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 27 March 2012 - 07:01 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 27 March 2012 - 11:59 AM

Ok, here are the logs, reposted. Sorry, I didn't realize I was still on PM. Thanks for your patience.

OTL logfile created on: 3/26/2012 8:31:17 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 16.45% Memory free
6.18 Gb Paging File | 3.65 Gb Available in Paging File | 59.03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.80 Gb Total Space | 94.07 Gb Free Space | 41.85% Space Free | Partition Type: NTFS

Computer Name: STEVESONY | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Altaro\Oops!Backup\OopsBackup.exe (Altaro)
PRC - C:\Program Files\Altaro\Oops!Backup\OopsBackup.Service.exe (Altaro)
PRC - C:\Program Files\Altaro\Oops!Backup\OopsBackup.Engine.exe (Altaro)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
PRC - C:\Windows\System32\PresentationSettings.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe ()
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\GlobalDrive\GDVirtualDiskService.exe ()
PRC - C:\Program Files\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Altaro\Oops!Backup\OopsBackup.CommArch.XmlSerializers.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7187abb11454f0dece04ed04dea43929\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\25c01af033a32851399dac68d14b4446\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WLAN_USB) -- %systemroot%\system32\DLARTL_M.dll File not found
SRV - (winvnc4) -- %systemroot%\system32\iclarityqosservice.dll File not found
SRV - (winpowermanager) -- %systemroot%\system32\vmodem.dll File not found
SRV - (websensewfreportserver) -- %systemroot%\system32\ggsemc.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\oracleorahomeagent.dll File not found
SRV - (Usb20Scan) -- %systemroot%\system32\rpsupdaterr.dll File not found
SRV - (usb_rndisx) -- %systemroot%\system32\tvichw32.dll File not found
SRV - (tifm21) -- %systemroot%\system32\tcpip.dll File not found
SRV - (smbios) -- %systemroot%\system32\cpqvcagent.dll File not found
SRV - (sleepy) -- %systemroot%\system32\iAimTV5.dll File not found
SRV - (scan) -- %systemroot%\system32\VirtualCam.dll File not found
SRV - (prevxagent) -- %systemroot%\system32\TMHIDSRV.dll File not found
SRV - (ppmoucls) -- %systemroot%\system32\rassstp.dll File not found
SRV - (OEM02Dev) -- %systemroot%\system32\snoopfree.dll File not found
SRV - (nsm1mdfl) -- %systemroot%\system32\s125mgmt.dll File not found
SRV - (nmwcdc) -- %systemroot%\system32\UlSata.dll File not found
SRV - (NETw3x32) -- %systemroot%\system32\asusgsb.dll File not found
SRV - (ndiscm) -- %systemroot%\system32\ventrilo.dll File not found
SRV - (navap) -- %systemroot%\system32\REVO.dll File not found
SRV - (mxserver) -- %systemroot%\system32\irbus.dll File not found
SRV - (msdv) -- %systemroot%\system32\ivscheduler.dll File not found
SRV - (moufiltr) -- %systemroot%\system32\ashampoodefragservice.dll File not found
SRV - (mediaviewer) -- %systemroot%\system32\vetmonnt.dll File not found
SRV - (lxdj_device) -- %systemroot%\system32\sagefserver.dll File not found
SRV - (LVRS) -- %systemroot%\system32\gbpoll.dll File not found
SRV - (LVPrcMon) -- %systemroot%\system32\viaide.dll File not found
SRV - (lvpopflt) -- %systemroot%\system32\aspi32.dll File not found
SRV - (Ld51ocnucsnp) -- %systemroot%\system32\aswmon2.dll File not found
SRV - (kbfiltr) -- %systemroot%\system32\Amsmpu4p.dll File not found
SRV - (IFP700) -- %systemroot%\system32\si3114r.dll File not found
SRV - (icdsptsv) -- %systemroot%\system32\mouhid.dll File not found
SRV - (iaantmon) -- %systemroot%\system32\inport.dll File not found
SRV - (httpfilter) -- %systemroot%\system32\hdthermal.dll File not found
SRV - (FreshIO) -- %systemroot%\system32\vnxservice.dll File not found
SRV - (FileDisk) -- %systemroot%\system32\EpmShd.dll File not found
SRV - (DritekPortIO) -- %systemroot%\system32\SimpTcp.dll File not found
SRV - (cygserver) -- %systemroot%\system32\agnfilt.dll File not found
SRV - (cxlpt) -- %systemroot%\system32\pavfnsvr.dll File not found
SRV - (cwafadminmonitor) -- %systemroot%\system32\s116nd5.dll File not found
SRV - (cvspydr2) -- %systemroot%\system32\PQNTDrv.dll File not found
SRV - (CVirtA) -- %systemroot%\system32\ZSMC301b.dll File not found
SRV - (CTERFXFX.DLL) -- %systemroot%\system32\npfmntor.dll File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (clnt_clientman) -- %systemroot%\system32\SunkFilt.dll File not found
SRV - (cfosspeeds) -- %systemroot%\system32\rdbss.dll File not found
SRV - (btwdndis) -- %systemroot%\system32\iaimfp3.dll File not found
SRV - (bdpredir) -- %systemroot%\system32\sskbfd.dll File not found
SRV - (BCM43XV) -- %systemroot%\system32\dot4ufd.dll File not found
SRV - (BCM42RLY) -- %systemroot%\system32\cisvc.dll File not found
SRV - (AYDrvNT_ALYAC) -- %systemroot%\system32\avg7core.dll File not found
SRV - (ABVPN2K) -- %systemroot%\system32\MTDVC2.dll File not found
SRV - (SSUService) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SplashtopRemoteService) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (OopsBackup.Service.exe) -- C:\Program Files\Altaro\Oops!Backup\OopsBackup.Service.exe (Altaro)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ZD1211BU(ZyDAS)) -- C:\Windows\System32\syntp.dll ()
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (GDVirtualDiskService) -- C:\Program Files\GlobalDrive\GDVirtualDiskService.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (PICOPP) Pico Technology Ltd USB Driver (picopp.sys) -- C:\Windows\System32\drivers\picopp.sys (Pico Technology)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (dlkmd) -- C:\Windows\System32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\System32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ser2plms) -- C:\Windows\System32\drivers\ser2plms.sys (Prolific Technology Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (GDVirtualDiskNP) -- C:\Windows\System32\GDVirtualDiskNP.dll ()
DRV - (gdfs) -- C:\Windows\System32\drivers\gdfs.sys ()
DRV - (DVR2EXP) -- C:\Windows\System32\drivers\dvr2exp.sys (ADS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}
IE - HKLM\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 57 52 05 C8 00 C9 4D A6 95 D7 C8 AA C2 10 2D [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}
IE - HKCU\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/06/07 17:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 12:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 07:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/01 09:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

[2008/08/26 11:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/01/30 13:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions
[2011/12/02 13:43:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}
[2011/08/23 15:10:23 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\LogMeInClient@logmein.com
[2011/07/20 16:24:45 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\plugin@yontoo.com
[2011/12/02 17:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2ATN6YJY.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/03/20 07:38:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/17 10:51:25 | 000,171,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/02/06 18:12:01 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/23 17:15:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/23 17:15:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
O4 - HKCU..\Run: [Oops!Backup] C:\Program Files\Altaro\Oops!Backup\OopsBackup.exe (Altaro)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reminder.txt - Shortcut.lnk = C:\Users\Steve\Documents\jsm2\my weight\reminder.txt ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTidy.lnk = C:\Program Files\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} http://192.168.1.105/img/LinksysViewer.cab (LinksysViewer Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T26L10NSP49EP8/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Steve\Pictures\desktops\swpsc pumpjacks.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steve\Pictures\desktops\swpsc pumpjacks.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d86501c-475c-11e0-834d-001a807bd8a2}\Shell\AutoRun\command - "" = G:\PortableVault.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: icdsptsv - %systemroot%\system32\mouhid.dll File not found
NetSvcs: moufiltr - %systemroot%\system32\ashampoodefragservice.dll File not found
NetSvcs: msdv - %systemroot%\system32\ivscheduler.dll File not found
NetSvcs: winvnc4 - %systemroot%\system32\iclarityqosservice.dll File not found
NetSvcs: navap - %systemroot%\system32\REVO.dll File not found
NetSvcs: cygserver - %systemroot%\system32\agnfilt.dll File not found
NetSvcs: clnt_clientman - %systemroot%\system32\SunkFilt.dll File not found
NetSvcs: USBVCD - %systemroot%\system32\oracleorahomeagent.dll File not found
NetSvcs: db2remotecmd - File not found
NetSvcs: NETw3x32 - %systemroot%\system32\asusgsb.dll File not found
NetSvcs: httpfilter - %systemroot%\system32\hdthermal.dll File not found
NetSvcs: btwdndis - %systemroot%\system32\iaimfp3.dll File not found
NetSvcs: tifm21 - %systemroot%\system32\tcpip.dll File not found
NetSvcs: Usb20Scan - %systemroot%\system32\rpsupdaterr.dll File not found
NetSvcs: OEM02Dev - %systemroot%\system32\snoopfree.dll File not found
NetSvcs: sleepy - %systemroot%\system32\iAimTV5.dll File not found
NetSvcs: BCM43XV - %systemroot%\system32\dot4ufd.dll File not found
NetSvcs: LVPrcMon - %systemroot%\system32\viaide.dll File not found
NetSvcs: CTERFXFX.DLL - %systemroot%\system32\npfmntor.dll File not found
NetSvcs: cxlpt - %systemroot%\system32\pavfnsvr.dll File not found
NetSvcs: BCM42RLY - %systemroot%\system32\cisvc.dll File not found
NetSvcs: ZD1211BU(ZyDAS) - %systemroot%\system32\syntp.dll File not found
NetSvcs: mxserver - %systemroot%\system32\irbus.dll File not found
NetSvcs: scan - %systemroot%\system32\VirtualCam.dll File not found
NetSvcs: WLAN_USB - %systemroot%\system32\DLARTL_M.dll File not found
NetSvcs: nsm1mdfl - %systemroot%\system32\s125mgmt.dll File not found
NetSvcs: bdpredir - %systemroot%\system32\sskbfd.dll File not found
NetSvcs: usb_rndisx - %systemroot%\system32\tvichw32.dll File not found
NetSvcs: LVRS - %systemroot%\system32\gbpoll.dll File not found
NetSvcs: mediaviewer - %systemroot%\system32\vetmonnt.dll File not found
NetSvcs: smbios - %systemroot%\system32\cpqvcagent.dll File not found
NetSvcs: cfosspeeds - %systemroot%\system32\rdbss.dll File not found
NetSvcs: ndiscm - %systemroot%\system32\ventrilo.dll File not found
NetSvcs: lvpopflt - %systemroot%\system32\aspi32.dll File not found
NetSvcs: nmwcdc - %systemroot%\system32\UlSata.dll File not found
NetSvcs: Ld51ocnucsnp - %systemroot%\system32\aswmon2.dll File not found
NetSvcs: kbfiltr - %systemroot%\system32\Amsmpu4p.dll File not found
NetSvcs: cwafadminmonitor - %systemroot%\system32\s116nd5.dll File not found
NetSvcs: prevxagent - %systemroot%\system32\TMHIDSRV.dll File not found
NetSvcs: winpowermanager - %systemroot%\system32\vmodem.dll File not found
NetSvcs: AYDrvNT_ALYAC - %systemroot%\system32\avg7core.dll File not found
NetSvcs: FileDisk - %systemroot%\system32\EpmShd.dll File not found
NetSvcs: cvspydr2 - %systemroot%\system32\PQNTDrv.dll File not found
NetSvcs: ppmoucls - %systemroot%\system32\rassstp.dll File not found
NetSvcs: CVirtA - %systemroot%\system32\ZSMC301b.dll File not found
NetSvcs: DritekPortIO - %systemroot%\system32\SimpTcp.dll File not found
NetSvcs: ABVPN2K - %systemroot%\system32\MTDVC2.dll File not found
NetSvcs: IFP700 - %systemroot%\system32\si3114r.dll File not found
NetSvcs: websensewfreportserver - %systemroot%\system32\ggsemc.dll File not found
NetSvcs: lxdj_device - %systemroot%\system32\sagefserver.dll File not found
NetSvcs: iaantmon - %systemroot%\system32\inport.dll File not found
NetSvcs: FreshIO - %systemroot%\system32\vnxservice.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 08:22:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/03/21 06:18:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Bleep this time
[2012/03/20 13:28:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/20 13:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/20 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/20 13:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/16 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Digital Editions
[2012/03/16 09:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/05 09:48:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\.swt
[2012/03/03 13:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/03 13:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/03 13:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Steve\Desktop\*.tmp files -> C:\Users\Steve\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 08:40:27 | 004,585,292 | ---- | M] () -- C:\Users\Steve\Desktop\aswMBR.exe.part
[2012/03/26 08:39:40 | 000,000,000 | ---- | M] () -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/03/26 08:22:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/03/26 08:05:47 | 000,640,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/26 08:05:47 | 000,115,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/26 07:57:38 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 07:57:37 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 07:57:36 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/26 07:57:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/26 07:57:08 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 11:05:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/22 05:36:32 | 092,425,518 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/21 16:04:44 | 257,956,134 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/21 10:42:46 | 000,000,000 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2012/03/20 09:35:39 | 000,461,445 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/16 09:56:29 | 000,001,983 | ---- | M] () -- C:\Users\Steve\Desktop\Adobe Digital Editions.lnk
[2012/03/16 09:39:49 | 000,001,983 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/03/16 09:39:49 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/03/15 15:33:30 | 000,000,680 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Steve\Desktop\*.tmp files -> C:\Users\Steve\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/21 15:56:10 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/21 10:42:46 | 000,000,000 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2012/03/19 18:25:16 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/16 09:56:29 | 000,001,983 | ---- | C] () -- C:\Users\Steve\Desktop\Adobe Digital Editions.lnk
[2012/03/16 09:39:49 | 000,001,983 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/03/16 09:39:49 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/16 09:39:49 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/08/18 12:56:43 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2011/07/20 16:10:59 | 000,006,666 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\1C3E.176
[2011/02/05 13:57:44 | 000,000,203 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/12/21 18:05:44 | 000,000,323 | ---- | C] () -- C:\Windows\System32\CNCMFP36.INI
[2010/12/21 14:57:54 | 000,000,025 | ---- | C] () -- C:\Windows\EPSPR320.ini
[2010/08/30 14:41:29 | 000,002,528 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\$_hpcst$.hpc
[2010/08/05 08:46:08 | 000,000,293 | ---- | C] () -- C:\Windows\pwc63.INI
[2010/06/21 19:13:09 | 000,207,500 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2010/02/23 18:26:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/11/25 11:09:24 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/06/07 17:42:51 | 000,157,910 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/11/22 14:59:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/18 12:05:08 | 000,000,951 | ---- | M] () -- C:\Deletes.txt
[2012/03/26 07:57:08 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/02 16:54:33 | 000,005,866 | ---- | M] () -- C:\HPDIU.log
[2008/08/02 16:47:39 | 000,000,092 | ---- | M] () -- C:\HPUIU.log
[2005/01/03 09:37:18 | 000,000,017 | -H-- | M] () -- C:\initrd.pam
[2008/05/09 09:39:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/11 23:09:46 | 000,000,346 | -H-- | M] () -- C:\IPH.PH
[2007/01/15 21:13:14 | 000,000,068 | -H-- | M] () -- C:\kernel.pam
[2009/09/18 18:08:41 | 000,002,092 | ---- | M] () -- C:\Log.txt
[2008/05/09 09:39:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/26 07:57:03 | 3524,788,224 | -HS- | M] () -- C:\pagefile.sys
[2008/04/01 18:11:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2008/04/01 18:11:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2011/11/29 15:55:07 | 000,165,326 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_14.48.07_log.txt
[2007/12/11 23:37:26 | 000,392,812 | ---- | M] () -- C:\vcredist_x86.log
[2009/09/18 19:43:03 | 000,000,155 | ---- | M] () -- C:\X-Plane Installer.prf

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/11 20:26:14 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/12 21:08:46 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4wn.DLL
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2012/02/07 13:26:57 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/11/10 22:34:59 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/23 18:05:57 | 000,000,350 | -HS- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/26 08:40:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/03/26 08:22:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[1 C:\Users\Steve\Desktop\*.tmp files -> C:\Users\Steve\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-15 22:28:22

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB997$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:BB6F9D41

< End of report >


OTL Extras logfile created on: 3/26/2012 8:31:17 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 16.45% Memory free
6.18 Gb Paging File | 3.65 Gb Available in Paging File | 59.03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.80 Gb Total Space | 94.07 Gb Free Space | 41.85% Space Free | Partition Type: NTFS

Computer Name: STEVESONY | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1202EEF-EC67-4BD3-89D4-000BBBA058CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07719CDB-4F61-4350-89F1-C82AAC720106}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0B38CC79-D75B-41A0-93E9-F74B64F9CE54}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{18AA4572-64B0-4477-A68E-23A1DB36C8F0}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{1FF3D3CC-1A17-4949-B34F-EB35C1D1A263}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{2032945F-888C-46D4-8F6A-F820F7F12ABF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{213F979A-F7B7-4DAF-8B8E-CB8C94C2C74A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21DEDDB5-033F-443A-9DBC-C8B44260F68D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28547DFA-D8FE-42FD-B3CB-4D75E0E2427F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{297F0A2F-5D25-4A95-BE18-7A7F7B9D1AA5}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{2EF86525-C15A-4AC2-85CB-3EE7C519F0BF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{2FD4DB7D-7613-4A6E-9236-F50D63ADEB7C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3037B204-5265-43DF-99F9-93CFA27BD6F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{324194BC-C09F-4ED9-B03E-C7B4D9BF201A}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{34CCF39B-F18B-461B-96BE-EAADEF5C2F4C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34E62EF1-9BB1-4A3D-9610-BDE0CAFF1167}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3D7D495F-D357-456A-AA21-3F7982E7E658}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4100E222-5DC6-4A26-B182-97E7EAF77634}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{41C793B4-5909-4A62-8F51-E9F60BE6139E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{42900637-6F36-4CE7-B47B-3C9FC4583D43}" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\temp\hpdiu2\hpdiu\hpdiunetwork.exe |
"{4301460E-18F0-4F13-86BC-6EB168D7A2B8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{45AB0B56-4B0E-41E6-B332-8D78A87DBA4C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4D0F0536-18AF-42FD-82F9-974ADCC7910F}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{5017634F-C308-400D-80F1-6F5DB08BC6E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5447BB07-E8A1-4F38-9074-25BF99EA223C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{57B3ECC0-4E56-4E10-B010-8FB37D1ED7EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5A3F84A3-6F47-42E5-BA6E-C6E0CAAFDB3A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{5B36E26B-1281-43EB-9E60-FAB4CA46DF0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C36CA32-C930-4D18-A315-21F64EA6CDFC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5C6912E7-A182-4979-B522-8CDE1A9A83F8}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{5CD201B5-ED92-4957-95EF-0EB2B8BAF070}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{5F8A10EA-F7D2-4E95-A923-A9A48C6288BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63EEF58C-FC46-4679-A35B-7660BA3A466F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{757A9B53-7258-4447-A25F-5AA04A6C025F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78900AFB-FEF3-42B2-BA91-4746FDC65045}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A3CD100-5B59-47E4-AA30-069864493B69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7AFE1A42-07F9-4F24-9FC4-5CE1EB1B575E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B6D3C88-7272-4140-A078-6E4156D8BF9C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7CAD2BBB-7B13-408F-9FC8-51E97879190D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{81DF99CF-ADFE-42BF-9A05-AD12BFAF1650}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{83D35754-BDEB-4068-8D4D-BEE1167F0D66}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{88512026-93DD-40F4-9497-8CC3D6AA4460}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8CF46F1D-B907-4C19-9431-60B2741F5833}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{8ED74809-0390-41DA-A223-7FFFC9E0C2FF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{8FBDFC25-6CDC-4C87-BF1D-AEC6C5F6A9B6}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{920EA8E7-B9BC-4D04-B397-AEBC37E9928F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BCF22D9-690B-4CFF-9E61-F6A006A0BE7F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{9C523744-D68E-47F2-ACBC-89F1E1934B08}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{9E601D7F-1478-4B9A-B12F-5DEBE0A3CF30}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A13C0591-0184-4043-A3E0-DCD9109B8771}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5210212-6000-47E6-9A27-2F4D0AEA0D65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AA5819D9-F974-412A-A384-9ACF98F97F83}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC6BDF51-CCFB-4F71-AFFB-E9AF5830D913}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B469C7B1-7848-47D9-87A7-6F2FCB8D7BD9}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{BA539BB7-F67F-40B7-8A43-068362640E6F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C0241648-AB70-4FF2-AD0B-7FBD8FA3707F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C1963F34-83D0-41C6-957B-0D1113B7F38A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{CEDE25EF-12B7-41A6-84E5-35B9D7543A3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{CF8E8C9C-ED5D-452B-9DCB-961D00DB8624}" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\temp\hpdiu2\hpdiu\hpdiunetwork.exe |
"{D075B33D-5674-4B5D-89E5-1E879C89E7EC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{D0B5D0EE-1740-41FE-BCA8-BBC573F91A88}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{D52FB313-AE20-4430-AC0B-4764B4FB70E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{D9D10F7F-7B81-44DC-9E0D-E73756F9168D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DDF2039B-9C8C-43F5-AAF4-EF760CDD8A06}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E37B32A3-41FA-4921-AB27-146D75C75E14}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01148B4C-0EC7-4D03-A615-5B4D8496AA88}" = SONY VGP-UPR1 (Display Adapter)
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08333C2F-8219-48E8-8569-E53D4C761882}" = Network Recording Player
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{0FC34370-58D8-4EA5-9A2A-F9A704B19115}" = PLS V3.1.94-beta
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{209AE7EF-DEBA-46D1-BB51-E3942386B4E5}" = Kyocera Wireless USB Driver for Data Cards
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2DBF3586-04D2-4158-B72E-0A637CB8D423}" = PicoScope 6
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3308288C-00DE-46D9-8E65-16AB6AD7805B}" = Introduction to Visual Basic 2008 Express Edition
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34EC475A-5956-4FD9-A1C4-98F9E163D4B3}" = DUAT Voyager 4
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4121D906-3131-4D50-A65A-A0F2846AB5C2}" = DisplayLink Core Software
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9719E85D-838D-4E9E-BAD0-A426463F9468}_is1" = Anywhere Update Center v1.8 Build 104
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{A5085E4F-2FC8-4D4B-9FD6-F5F4F28E5483}" = Oops!Backup
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B6D1E626-F2FE-45C2-BAEC-4FBE52A31FA3}_is1" = Quadra ULink v1.0 Build 44
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E0724276-6980-47E2-8FF2-88F473805773}_is1" = WinUndelete 3.50
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E3D4D2B9-5333-41E2-A42B-D92A22C270B3}" = SONY VGP-UPR1 (Display Adapter) Utility
"{E47364AA-6B5E-45a2-B94F-BC5D9D6A0338}" = Canon MF8300 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.6 Professional
"Adobe Acrobat 8 Professional_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Amazon Kindle" = Amazon Kindle
"AOL Toolbar 4.0" = AOL Toolbar 4.0
"Atomic PDF Password Recovery_is1" = Atomic PDF Password Recovery 2.30
"AVG" = AVG 2012
"BlackBerry_{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"camcodec" = CamStudio Lossless Codec
"CamStudio" = CamStudio
"Carbonite Backup" = Carbonite
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"Digital Editions" = Adobe Digital Editions
"disk2disk" = disk2disk
"DivX Setup.divx.com" = DivX Setup
"DTGDesktop" = Documents To Go Desktop for iPhone
"EA9_is1" = Express Assist 9.0
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.0.11.1
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GlobalDrive" = GlobalDrive - Virtual Disk Drive Version 3.3.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"hpc3600e" = HP Color LaserJet 3600 (02/27/2007 61.063.461.41)
"ImTOO DVD to iPad Converter" = ImTOO DVD to iPad Converter
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LastBit Zip Password" = LastBit Zip Password
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaInfo" = MediaInfo 0.7.42
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PC Magazine's WinTidy_is1" = WinTidy 1.0.11
"PocketPlates_is1" = Pocket Plates (September 04, 2008)
"PocketPlates3_is1" = Pocket Plates (March 12, 2009)
"Port_Detective_2.0" = Port Detective
"PROR" = Microsoft Office Professional 2007
"QuickLink Mobile" = QuickLink Mobile
"SquawkBox" = SquawkBox
"ST5UNST #1" = URTBv40
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"thinkorswim" = thinkorswim
"uninstall.exe" = iLinc Client
"VAIO Service Utility" = VAIO Service Utility
"WebDesigner" = Microsoft Expression Web

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Carenado's SKYLANE C182Q FSX" = Carenado's SKYLANE C182Q FSX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2012 5:17:18 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:17:18 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:17:18 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:17:18 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:17:19 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:17:19 PM | Computer Name = SteveSony | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2012 5:19:08 PM | Computer Name = SteveSony | Source = ESENT | ID = 215
Description = wlmail (5472) WindowsLiveMail0: The backup has been stopped because
it was halted by the client or the connection with the client failed.

Error - 3/22/2012 10:35:07 AM | Computer Name = SteveSony | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 3/26/2012 8:58:23 AM | Computer Name = SteveSony | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 3/26/2012 9:19:29 AM | Computer Name = SteveSony | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module comctl32.dll, version 6.10.6002.18305, time stamp 0x4c7d2463,
exception code 0xc0000005, fault offset 0x00114f93, process id 0x9e4, application
start time 0x01cd0b500c37bf96.

[ Media Center Events ]
Error - 4/21/2009 11:07:00 AM | Computer Name = SteveSony | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/21/2009 1:04:23 PM | Computer Name = SteveSony | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 8:59:07 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7026
Description =

Error - 3/26/2012 8:59:43 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 9:20:31 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 9:35:32 AM | Computer Name = SteveSony | Source = Service Control Manager | ID = 7023
Description =


< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 08:51:55
-----------------------------
08:51:55.500 OS Version: Windows 6.0.6002 Service Pack 2
08:51:55.500 Number of processors: 2 586 0xF0D
08:51:55.500 ComputerName: STEVESONY UserName: Steve
08:52:11.819 Initialize success
09:01:27.951 AVAST engine defs: 12032601
09:03:29.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:29.742 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
09:03:29.742 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
09:03:29.742 Disk 1 Vendor: ( Size: 238475MB BusType: 0
09:03:29.742 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
09:03:29.757 Disk 2 Vendor: ( Size: 238475MB BusType: 0
09:03:29.835 Disk 0 MBR read successfully
09:03:29.851 Disk 0 MBR scan
09:03:29.866 Disk 0 Windows VISTA default MBR code
09:03:29.976 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8283 MB offset 2048
09:03:29.991 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230190 MB offset 16967680
09:03:30.007 Disk 0 scanning sectors +488397168
09:03:30.756 Disk 0 scanning C:\Windows\system32\drivers
09:03:40.069 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
09:04:03.813 Disk 0 trace - called modules:
09:04:03.844 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a333fd0]<<
09:04:03.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869ffac8]
09:04:03.844 3 CLASSPNP.SYS[8afb18b3] -> nt!IofCallDriver -> [0x8a16f888]
09:04:03.860 \Driver\00001515[0x8a16f9c0] -> IRP_MJ_CREATE -> 0x8a333fd0
09:04:09.476 AVAST engine scan C:\Windows
09:04:27.609 AVAST engine scan C:\Windows\system32
09:11:04.228 AVAST engine scan C:\Windows\system32\drivers
09:11:09.625 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
09:11:36.536 AVAST engine scan C:\Users\Steve
11:03:09.910 File: C:\Users\Steve\AppData\Local\Temp\1.1078278512473471E8.tmp **INFECTED** Win32:FakeAlert-BUY [Trj]
11:19:15.890 File: C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\yxu2b4p.m8c **INFECTED** Win32:MalOb-HO [Cryp]
12:19:11.505 File: C:\Users\Steve\Documents\Cardinal\old csc computers\of from George's\Download\NpWrap.exe **INFECTED** Win32:MalOb-IJ [Cryp]
13:13:14.584 AVAST engine scan C:\ProgramData
13:30:02.449 Scan finished successfully
14:32:38.440 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
14:32:38.471 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 March 2012 - 07:05 AM

Sorry got a bit busy here.

We just want the scan log from TDSSKiller only, no need for cure.

Download TDSSKiller.exe and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
When the window opens, click on Change Parameters
Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
Click OK
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of the log in your next reply.

Edited by Conspire, 29 March 2012 - 07:06 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 29 March 2012 - 05:44 PM

Hello,

I ran tdsskiller, but I accidentally hit the button to cure the problems. I couldn't stop it, it was too late. I rebooted, and ran it again. Nothing was found, so there is no log. All the redirection symptoms have stopped, and the computer seems normal (for now.) Do you want to end this thread, and see how things go? I'm really sorry I messed up, but I am happy that the computer is behaving. If you want to try some other scans or whatever, let me know. Otherwise, thanks for all your help.

smclaugh5

#9 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 29 March 2012 - 05:46 PM

OK, I did have a log from the first run:

08:44:11.0880 2012 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:44:12.0644 2012 ============================================================
08:44:12.0644 2012 Current date / time: 2012/03/29 08:44:12.0644
08:44:12.0644 2012 SystemInfo:
08:44:12.0644 2012
08:44:12.0644 2012 OS Version: 6.0.6002 ServicePack: 2.0
08:44:12.0644 2012 Product type: Workstation
08:44:12.0644 2012 ComputerName: STEVESONY
08:44:12.0644 2012 UserName: Steve
08:44:12.0644 2012 Windows directory: C:\Windows
08:44:12.0644 2012 System windows directory: C:\Windows
08:44:12.0644 2012 Processor architecture: Intel x86
08:44:12.0644 2012 Number of processors: 2
08:44:12.0644 2012 Page size: 0x1000
08:44:12.0644 2012 Boot type: Normal boot
08:44:12.0644 2012 ============================================================
08:44:16.0435 2012 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:44:16.0466 2012 \Device\Harddisk0\DR0:
08:44:16.0482 2012 MBR used
08:44:16.0482 2012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x102E800, BlocksNum 0x1C197170
08:44:16.0513 2012 Initialize success
08:44:16.0513 2012 ============================================================
08:44:42.0191 5880 ============================================================
08:44:42.0191 5880 Scan started
08:44:42.0191 5880 Mode: Manual; TDLFS;
08:44:42.0191 5880 ============================================================
08:44:43.0907 5880 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:44:43.0907 5880 !SASCORE - ok
08:44:44.0063 5880 A88xXBar - ok
08:44:44.0156 5880 abiosdsk - ok
08:44:44.0203 5880 ABVPN2K - ok
08:44:44.0343 5880 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:44:44.0390 5880 ACPI - ok
08:44:44.0593 5880 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:44:44.0624 5880 adp94xx - ok
08:44:44.0921 5880 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:44:44.0952 5880 adpahci - ok
08:44:45.0170 5880 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:44:45.0217 5880 adpu160m - ok
08:44:45.0467 5880 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:44:45.0498 5880 adpu320 - ok
08:44:45.0607 5880 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
08:44:45.0607 5880 AeLookupSvc - ok
08:44:45.0779 5880 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
08:44:45.0810 5880 AFD - ok
08:44:45.0935 5880 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:44:45.0950 5880 agp440 - ok
08:44:46.0137 5880 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:44:46.0169 5880 aic78xx - ok
08:44:46.0371 5880 ALABULK - ok
08:44:46.0683 5880 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
08:44:46.0683 5880 ALG - ok
08:44:46.0995 5880 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:44:47.0011 5880 aliide - ok
08:44:47.0261 5880 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:44:47.0307 5880 amdagp - ok
08:44:47.0557 5880 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:44:47.0573 5880 amdide - ok
08:44:47.0838 5880 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
08:44:47.0869 5880 AmdK7 - ok
08:44:48.0165 5880 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
08:44:48.0197 5880 AmdK8 - ok
08:44:48.0446 5880 AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
08:44:48.0446 5880 AppHostSvc - ok
08:44:48.0743 5880 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
08:44:48.0743 5880 Appinfo - ok
08:44:48.0930 5880 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:44:48.0961 5880 Apple Mobile Device - ok
08:44:49.0101 5880 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
08:44:49.0117 5880 arc - ok
08:44:49.0320 5880 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
08:44:49.0335 5880 arcsas - ok
08:44:49.0507 5880 ArcSoftKsUFilter (97422da56910a24b7ac8d295f5fd9535) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:44:49.0507 5880 ArcSoftKsUFilter - ok
08:44:49.0679 5880 arp1394 - ok
08:44:49.0850 5880 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:44:49.0881 5880 AsyncMac - ok
08:44:50.0474 5880 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:44:50.0474 5880 atapi - ok
08:44:50.0755 5880 AtcL002 - ok
08:44:50.0864 5880 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:44:50.0880 5880 AudioEndpointBuilder - ok
08:44:50.0880 5880 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:44:50.0880 5880 Audiosrv - ok
08:44:51.0285 5880 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
08:44:51.0800 5880 AVGIDSAgent - ok
08:44:52.0128 5880 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:44:52.0128 5880 AVGIDSDriver - ok
08:44:52.0346 5880 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:44:52.0346 5880 AVGIDSEH - ok
08:44:52.0424 5880 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:44:52.0440 5880 AVGIDSFilter - ok
08:44:52.0783 5880 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
08:44:52.0783 5880 AVGIDSShim - ok
08:44:53.0064 5880 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
08:44:53.0095 5880 Avgldx86 - ok
08:44:53.0345 5880 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
08:44:53.0345 5880 Avgmfx86 - ok
08:44:53.0485 5880 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
08:44:53.0485 5880 Avgrkx86 - ok
08:44:53.0579 5880 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
08:44:53.0594 5880 Avgtdix - ok
08:44:53.0719 5880 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
08:44:53.0735 5880 avgwd - ok
08:44:53.0844 5880 AYDrvNT_ALYAC - ok
08:44:54.0062 5880 BCM42RLY - ok
08:44:54.0078 5880 BCM43XV - ok
08:44:54.0140 5880 BdfNdisf (2e82edc5e70163b2f72f7011e251ea63) C:\Windows\system32\DRIVERS\BdfNdisf6.sys
08:44:54.0156 5880 BdfNdisf - ok
08:44:54.0281 5880 bdpredir - ok
08:44:54.0374 5880 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:44:54.0405 5880 Beep - ok
08:44:54.0702 5880 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
08:44:54.0717 5880 BITS - ok
08:44:54.0842 5880 blbdrive - ok
08:44:55.0014 5880 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:44:55.0014 5880 Bonjour Service - ok
08:44:55.0139 5880 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
08:44:55.0139 5880 bowser - ok
08:44:55.0263 5880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:44:55.0279 5880 BrFiltLo - ok
08:44:55.0529 5880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:44:55.0575 5880 BrFiltUp - ok
08:44:55.0778 5880 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
08:44:55.0778 5880 Browser - ok
08:44:55.0919 5880 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:44:55.0934 5880 Brserid - ok
08:44:56.0090 5880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:44:56.0137 5880 BrSerWdm - ok
08:44:56.0324 5880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:44:56.0355 5880 BrUsbMdm - ok
08:44:56.0480 5880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:44:56.0511 5880 BrUsbSer - ok
08:44:56.0621 5880 btaudio - ok
08:44:56.0792 5880 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
08:44:56.0808 5880 BthEnum - ok
08:44:57.0120 5880 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:44:57.0135 5880 BTHMODEM - ok
08:44:57.0401 5880 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
08:44:57.0416 5880 BthPan - ok
08:44:57.0635 5880 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
08:44:57.0759 5880 BTHPORT - ok
08:44:57.0915 5880 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
08:44:57.0915 5880 BthServ - ok
08:44:58.0056 5880 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
08:44:58.0071 5880 BTHUSB - ok
08:44:58.0212 5880 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
08:44:58.0227 5880 btwaudio - ok
08:44:58.0446 5880 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
08:44:58.0571 5880 btwavdt - ok
08:44:58.0742 5880 btwdndis - ok
08:44:58.0805 5880 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:44:58.0836 5880 btwl2cap - ok
08:44:59.0117 5880 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
08:44:59.0132 5880 btwrchid - ok
08:44:59.0475 5880 CarboniteService (e581146b4e24601d3b3c60e960de4e3b) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
08:44:59.0569 5880 CarboniteService - ok
08:44:59.0756 5880 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:44:59.0756 5880 cdfs - ok
08:44:59.0865 5880 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:44:59.0865 5880 cdrom - ok
08:45:00.0084 5880 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:45:00.0084 5880 CertPropSvc - ok
08:45:00.0224 5880 cfosspeeds - ok
08:45:00.0443 5880 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
08:45:00.0458 5880 circlass - ok
08:45:00.0708 5880 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:45:00.0708 5880 CLFS - ok
08:45:00.0895 5880 clnt_clientman - ok
08:45:00.0973 5880 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:00.0989 5880 clr_optimization_v2.0.50727_32 - ok
08:45:01.0457 5880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:45:01.0472 5880 clr_optimization_v4.0.30319_32 - ok
08:45:01.0519 5880 CLTNetCnService - ok
08:45:01.0691 5880 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:01.0706 5880 CmBatt - ok
08:45:01.0909 5880 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
08:45:01.0925 5880 cmdide - ok
08:45:02.0081 5880 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:45:02.0081 5880 Compbatt - ok
08:45:02.0237 5880 COMSysApp - ok
08:45:02.0283 5880 CoolerXPDriver - ok
08:45:02.0424 5880 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
08:45:02.0424 5880 crcdisk - ok
08:45:02.0627 5880 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
08:45:02.0658 5880 Crusoe - ok
08:45:02.0892 5880 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
08:45:02.0892 5880 CryptSvc - ok
08:45:02.0954 5880 CTERFXFX.DLL - ok
08:45:02.0954 5880 CTSBLFX.DLL - ok
08:45:03.0079 5880 CVirtA - ok
08:45:03.0126 5880 cvspydr2 - ok
08:45:03.0141 5880 cwafadminmonitor - ok
08:45:03.0219 5880 cxlpt - ok
08:45:03.0282 5880 cygserver - ok
08:45:03.0422 5880 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:45:03.0438 5880 DcomLaunch - ok
08:45:03.0547 5880 DfsC (64d904cd5ac358b7a597bb75805b7ae9) C:\Windows\system32\Drivers\dfsc.sys
08:45:03.0547 5880 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 64d904cd5ac358b7a597bb75805b7ae9, Fake md5: 218d8ae46c88e82014f5d73d0236d9b2
08:45:03.0547 5880 DfsC ( Virus.Win32.ZAccess.k ) - infected
08:45:03.0547 5880 DfsC - detected Virus.Win32.ZAccess.k (0)
08:45:03.0656 5880 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
08:45:03.0703 5880 DFSR - ok
08:45:03.0890 5880 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
08:45:03.0921 5880 Dhcp - ok
08:45:04.0077 5880 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:45:04.0093 5880 disk - ok
08:45:04.0187 5880 DisplayLinkService (540091eb8287998236a802d1edc9b239) C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
08:45:04.0187 5880 DisplayLinkService - ok
08:45:04.0280 5880 dlaifs_m - ok
08:45:04.0296 5880 dlaopiom - ok
08:45:04.0514 5880 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys
08:45:04.0545 5880 dlkmd - ok
08:45:04.0889 5880 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys
08:45:04.0889 5880 dlkmdldr - ok
08:45:04.0998 5880 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
08:45:04.0998 5880 DMICall - ok
08:45:05.0107 5880 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
08:45:05.0107 5880 Dnscache - ok
08:45:05.0154 5880 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
08:45:05.0169 5880 dot3svc - ok
08:45:05.0357 5880 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
08:45:05.0357 5880 DPS - ok
08:45:05.0419 5880 DritekPortIO - ok
08:45:05.0871 5880 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:45:05.0871 5880 drmkaud - ok
08:45:06.0308 5880 DVR2EXP (5378daab6f527ef433316ff1a8bde3b8) C:\Windows\system32\Drivers\dvr2exp.SYS
08:45:06.0371 5880 DVR2EXP - ok
08:45:07.0041 5880 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
08:45:07.0104 5880 DXGKrnl - ok
08:45:07.0431 5880 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:45:07.0447 5880 E1G60 - ok
08:45:07.0665 5880 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
08:45:07.0665 5880 EapHost - ok
08:45:08.0555 5880 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:45:08.0555 5880 Ecache - ok
08:45:08.0695 5880 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
08:45:08.0695 5880 ehRecvr - ok
08:45:08.0757 5880 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
08:45:08.0757 5880 ehSched - ok
08:45:09.0319 5880 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
08:45:09.0319 5880 ehstart - ok
08:45:09.0522 5880 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
08:45:09.0584 5880 elxstor - ok
08:45:09.0927 5880 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
08:45:09.0927 5880 EMDMgmt - ok
08:45:10.0068 5880 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
08:45:10.0068 5880 EventSystem - ok
08:45:10.0177 5880 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:45:10.0208 5880 exfat - ok
08:45:10.0567 5880 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:45:10.0583 5880 fastfat - ok
08:45:11.0441 5880 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
08:45:11.0487 5880 fdc - ok
08:45:11.0721 5880 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
08:45:11.0721 5880 fdPHost - ok
08:45:11.0909 5880 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
08:45:11.0909 5880 FDResPub - ok
08:45:12.0158 5880 FileDisk - ok
08:45:12.0564 5880 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:45:12.0564 5880 FileInfo - ok
08:45:12.0923 5880 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:45:12.0938 5880 Filetrace - ok
08:45:13.0188 5880 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:45:13.0219 5880 FLEXnet Licensing Service - ok
08:45:13.0593 5880 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:13.0625 5880 flpydisk - ok
08:45:14.0327 5880 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:45:14.0342 5880 FltMgr - ok
08:45:14.0592 5880 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
08:45:14.0592 5880 FontCache - ok
08:45:14.0857 5880 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:45:14.0857 5880 FontCache3.0.0.0 - ok
08:45:15.0075 5880 FreshIO - ok
08:45:15.0325 5880 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:45:15.0325 5880 Fs_Rec - ok
08:45:15.0512 5880 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
08:45:15.0528 5880 FTDIBUS - ok
08:45:15.0715 5880 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
08:45:15.0762 5880 FTSER2K - ok
08:45:15.0902 5880 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
08:45:15.0918 5880 gagp30kx - ok
08:45:16.0089 5880 gdfs (dea39c24969adae4c5949d9ab65626a7) C:\Windows\system32\drivers\gdfs.sys
08:45:16.0089 5880 gdfs - ok
08:45:16.0292 5880 GDVirtualDiskNP - ok
08:45:16.0386 5880 GDVirtualDiskService (c3764c478d33e60601d67e811c238b1c) C:\Program Files\GlobalDrive\GDVirtualDiskService.exe
08:45:16.0401 5880 GDVirtualDiskService - ok
08:45:16.0542 5880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
08:45:16.0542 5880 GEARAspiWDM - ok
08:45:16.0573 5880 ggsemc - ok
08:45:16.0713 5880 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
08:45:16.0729 5880 gpsvc - ok
08:45:16.0932 5880 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:45:16.0979 5880 HdAudAddService - ok
08:45:17.0228 5880 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:45:17.0228 5880 HDAudBus - ok
08:45:17.0556 5880 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:45:17.0587 5880 HidBth - ok
08:45:17.0868 5880 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:45:17.0883 5880 HidIr - ok
08:45:18.0024 5880 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
08:45:18.0024 5880 hidserv - ok
08:45:18.0211 5880 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:45:18.0227 5880 HidUsb - ok
08:45:18.0336 5880 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
08:45:18.0336 5880 hkmsvc - ok
08:45:18.0461 5880 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
08:45:18.0476 5880 HpCISSs - ok
08:45:18.0679 5880 hpzid412 - ok
08:45:18.0773 5880 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
08:45:18.0788 5880 HSFHWAZL - ok
08:45:19.0038 5880 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:45:19.0131 5880 HSF_DPV - ok
08:45:19.0303 5880 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:45:19.0319 5880 HSXHWAZL - ok
08:45:19.0459 5880 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:45:19.0506 5880 HTTP - ok
08:45:19.0584 5880 httpfilter - ok
08:45:19.0787 5880 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:45:19.0833 5880 hwdatacard - ok
08:45:19.0943 5880 HWIONT - ok
08:45:20.0239 5880 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
08:45:20.0239 5880 i2omp - ok
08:45:20.0582 5880 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:45:20.0598 5880 i8042prt - ok
08:45:20.0894 5880 iaantmon - ok
08:45:21.0066 5880 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
08:45:21.0081 5880 iaStorV - ok
08:45:21.0159 5880 icdsptsv - ok
08:45:21.0315 5880 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:45:21.0362 5880 IDriverT - ok
08:45:21.0690 5880 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:45:21.0705 5880 idsvc - ok
08:45:21.0893 5880 IFP700 - ok
08:45:22.0267 5880 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:45:22.0501 5880 igfx - ok
08:45:22.0751 5880 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:45:22.0766 5880 iirsp - ok
08:45:23.0016 5880 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
08:45:23.0016 5880 IKEEXT - ok
08:45:23.0531 5880 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
08:45:23.0733 5880 IntcAzAudAddService - ok
08:45:23.0999 5880 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
08:45:23.0999 5880 intelide - ok
08:45:24.0264 5880 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:45:24.0264 5880 intelppm - ok
08:45:24.0404 5880 Intels51 - ok
08:45:24.0779 5880 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
08:45:24.0779 5880 IPBusEnum - ok
08:45:25.0028 5880 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:45:25.0091 5880 IpFilterDriver - ok
08:45:25.0356 5880 IpInIp - ok
08:45:25.0543 5880 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
08:45:25.0590 5880 IPMIDRV - ok
08:45:25.0715 5880 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:45:25.0746 5880 IPNAT - ok
08:45:25.0886 5880 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
08:45:26.0073 5880 iPod Service - ok
08:45:26.0229 5880 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:45:26.0245 5880 IRENUM - ok
08:45:26.0557 5880 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
08:45:26.0573 5880 isapnp - ok
08:45:26.0900 5880 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:45:26.0900 5880 iScsiPrt - ok
08:45:27.0009 5880 itchfltr - ok
08:45:27.0165 5880 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:45:27.0197 5880 iteatapi - ok
08:45:27.0353 5880 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:45:27.0368 5880 iteraid - ok
08:45:27.0524 5880 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
08:45:27.0524 5880 IviRegMgr - ok
08:45:27.0805 5880 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:45:27.0821 5880 kbdclass - ok
08:45:28.0086 5880 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:45:28.0101 5880 kbdhid - ok
08:45:28.0335 5880 kbfiltr - ok
08:45:28.0523 5880 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
08:45:28.0523 5880 KeyIso - ok
08:45:28.0647 5880 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
08:45:28.0663 5880 KSecDD - ok
08:45:28.0866 5880 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
08:45:28.0897 5880 KtmRm - ok
08:45:28.0992 5880 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
08:45:28.0992 5880 LanmanServer - ok
08:45:29.0163 5880 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
08:45:29.0179 5880 LanmanWorkstation - ok
08:45:29.0304 5880 Ld51ocnucsnp - ok
08:45:29.0522 5880 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:45:29.0522 5880 lltdio - ok
08:45:29.0694 5880 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
08:45:29.0709 5880 lltdsvc - ok
08:45:29.0865 5880 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
08:45:29.0865 5880 lmhosts - ok
08:45:30.0021 5880 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:45:30.0021 5880 LMIGuardianSvc - ok
08:45:30.0115 5880 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:45:30.0115 5880 LMIInfo - ok
08:45:30.0193 5880 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
08:45:30.0193 5880 LMIMaint - ok
08:45:30.0380 5880 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
08:45:30.0380 5880 lmimirr - ok
08:45:30.0427 5880 LMIRfsClientNP - ok
08:45:30.0645 5880 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:45:30.0645 5880 LMIRfsDriver - ok
08:45:30.0786 5880 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:45:30.0786 5880 LogMeIn - ok
08:45:31.0160 5880 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
08:45:31.0176 5880 LSI_FC - ok
08:45:31.0394 5880 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
08:45:31.0425 5880 LSI_SAS - ok
08:45:31.0550 5880 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
08:45:31.0581 5880 LSI_SCSI - ok
08:45:31.0768 5880 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:45:31.0768 5880 luafv - ok
08:45:31.0784 5880 lvpopflt - ok
08:45:31.0846 5880 LVPrcMon - ok
08:45:31.0893 5880 LVRS - ok
08:45:32.0002 5880 lxdj_device (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\sagefserver.dll
08:45:32.0018 5880 Suspicious file (NoAccess): C:\Windows\system32\sagefserver.dll. md5: 11028c6a84a967070cb1286550f2058f
08:45:32.0018 5880 lxdj_device ( Backdoor.Multi.ZAccess.gen ) - infected
08:45:32.0018 5880 lxdj_device - detected Backdoor.Multi.ZAccess.gen (0)
08:45:32.0065 5880 ma763004 - ok
08:45:32.0112 5880 mcmscsvc - ok
08:45:32.0205 5880 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
08:45:32.0236 5880 Mcx2Svc - ok
08:45:32.0330 5880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:45:32.0330 5880 mdmxsdk - ok
08:45:32.0455 5880 mediaviewer - ok
08:45:32.0720 5880 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
08:45:32.0751 5880 megasas - ok
08:45:33.0032 5880 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:45:33.0032 5880 MMCSS - ok
08:45:33.0235 5880 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:45:33.0235 5880 Modem - ok
08:45:33.0453 5880 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:45:33.0453 5880 monitor - ok
08:45:33.0640 5880 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:45:33.0640 5880 mouclass - ok
08:45:33.0952 5880 moufiltr - ok
08:45:34.0608 5880 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:45:34.0654 5880 mouhid - ok
08:45:34.0982 5880 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:45:35.0029 5880 MountMgr - ok
08:45:35.0606 5880 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
08:45:35.0668 5880 mpio - ok
08:45:36.0121 5880 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:45:36.0183 5880 mpsdrv - ok
08:45:36.0698 5880 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:45:36.0792 5880 Mraid35x - ok
08:45:36.0994 5880 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:45:37.0010 5880 MRxDAV - ok
08:45:37.0166 5880 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:45:37.0166 5880 mrxsmb - ok
08:45:37.0509 5880 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:45:37.0743 5880 mrxsmb10 - ok
08:45:37.0993 5880 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:45:37.0993 5880 mrxsmb20 - ok
08:45:38.0180 5880 MS1000 - ok
08:45:38.0523 5880 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
08:45:38.0570 5880 msahci - ok
08:45:38.0804 5880 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
08:45:38.0835 5880 MSCSPTISRV - ok
08:45:39.0241 5880 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
08:45:39.0256 5880 msdsm - ok
08:45:39.0553 5880 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
08:45:39.0584 5880 MSDTC - ok
08:45:39.0771 5880 msdv - ok
08:45:39.0880 5880 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:45:39.0912 5880 Msfs - ok
08:45:40.0239 5880 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:45:40.0239 5880 msisadrv - ok
08:45:40.0894 5880 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
08:45:40.0926 5880 MSiSCSI - ok
08:45:40.0972 5880 msiserver - ok
08:45:41.0066 5880 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:45:41.0082 5880 MSKSSRV - ok
08:45:41.0238 5880 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:45:41.0253 5880 MSPCLOCK - ok
08:45:41.0487 5880 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:45:41.0487 5880 MSPQM - ok
08:45:41.0784 5880 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:45:41.0799 5880 MsRPC - ok
08:45:42.0096 5880 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:45:42.0096 5880 mssmbios - ok
08:45:42.0345 5880 mstdfrgs - ok
08:45:42.0735 5880 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:45:42.0782 5880 MSTEE - ok
08:45:43.0156 5880 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:45:43.0156 5880 Mup - ok
08:45:43.0281 5880 mvserver - ok
08:45:43.0500 5880 mvwebserver - ok
08:45:43.0702 5880 mxserver - ok
08:45:44.0030 5880 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
08:45:44.0046 5880 napagent - ok
08:45:44.0420 5880 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:45:44.0436 5880 NativeWifiP - ok
08:45:44.0841 5880 navap - ok
08:45:45.0278 5880 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:45:45.0387 5880 NDIS - ok
08:45:45.0777 5880 ndiscm - ok
08:45:45.0980 5880 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:45:45.0996 5880 NdisTapi - ok
08:45:46.0448 5880 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:45:46.0448 5880 Ndisuio - ok
08:45:46.0635 5880 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:45:46.0651 5880 NdisWan - ok
08:45:47.0134 5880 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:45:47.0150 5880 NDProxy - ok
08:45:47.0587 5880 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:45:47.0602 5880 NetBIOS - ok
08:45:47.0899 5880 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:45:47.0914 5880 netbt - ok
08:45:48.0148 5880 NETGEAR_MA111 - ok
08:45:48.0320 5880 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
08:45:48.0320 5880 Netlogon - ok
08:45:48.0648 5880 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
08:45:48.0648 5880 Netman - ok
08:45:49.0116 5880 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
08:45:49.0131 5880 netprofm - ok
08:45:50.0130 5880 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:50.0161 5880 NetTcpPortSharing - ok
08:45:50.0442 5880 NETw3x32 - ok
08:45:51.0081 5880 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
08:45:51.0970 5880 NETw4v32 - ok
08:45:53.0125 5880 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:45:53.0296 5880 nfrd960 - ok
08:45:53.0796 5880 NICSer_WPC300N - ok
08:45:54.0732 5880 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
08:45:54.0732 5880 NlaSvc - ok
08:45:55.0122 5880 nmindexingservice - ok
08:45:55.0262 5880 nmwcdc - ok
08:45:55.0590 5880 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:45:55.0621 5880 Npfs - ok
08:45:55.0902 5880 nsengine - ok
08:45:56.0292 5880 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
08:45:56.0292 5880 nsi - ok
08:45:56.0526 5880 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:45:56.0526 5880 nsiproxy - ok
08:45:56.0588 5880 nsm1mdfl - ok
08:45:57.0711 5880 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:45:57.0852 5880 Ntfs - ok
08:45:58.0210 5880 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:45:58.0242 5880 ntrigdigi - ok
08:45:59.0443 5880 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:45:59.0474 5880 Null - ok
08:46:00.0410 5880 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
08:46:00.0582 5880 nvraid - ok
08:46:01.0502 5880 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
08:46:01.0533 5880 nvstor - ok
08:46:01.0876 5880 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
08:46:01.0954 5880 nv_agp - ok
08:46:02.0547 5880 NwlnkFlt - ok
08:46:03.0046 5880 NwlnkFwd - ok
08:46:04.0107 5880 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:46:04.0435 5880 odserv - ok
08:46:04.0794 5880 OEM02Dev - ok
08:46:05.0168 5880 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:46:05.0168 5880 ohci1394 - ok
08:46:05.0480 5880 OopsBackup.Service.exe (f22e3306e428d0a5a506d4a7419fcb90) C:\Program Files\Altaro\Oops!Backup\OopsBackup.Service.exe
08:46:05.0480 5880 OopsBackup.Service.exe - ok
08:46:05.0745 5880 oracleorahomemanagementserver - ok
08:46:05.0979 5880 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:46:05.0995 5880 ose - ok
08:46:07.0508 5880 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:46:07.0524 5880 p2pimsvc - ok
08:46:07.0758 5880 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:46:07.0773 5880 p2psvc - ok
08:46:08.0428 5880 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
08:46:08.0444 5880 PACSPTISVR - ok
08:46:08.0772 5880 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:46:08.0772 5880 Parport - ok
08:46:09.0489 5880 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
08:46:09.0489 5880 partmgr - ok
08:46:09.0879 5880 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:46:09.0910 5880 Parvdm - ok
08:46:10.0332 5880 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
08:46:10.0347 5880 PcaSvc - ok
08:46:11.0034 5880 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:46:11.0112 5880 pci - ok
08:46:11.0611 5880 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
08:46:11.0611 5880 pciide - ok
08:46:12.0531 5880 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
08:46:12.0547 5880 pcmcia - ok
08:46:13.0420 5880 PDExchange - ok
08:46:13.0608 5880 pdlncfwk - ok
08:46:14.0809 5880 pdlndtdl - ok
08:46:17.0398 5880 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:46:17.0398 5880 PEAUTH - ok
08:46:17.0695 5880 PICOPP (3caf901e7e2293c6b9abe595e9111635) C:\Windows\system32\Drivers\picopp.sys
08:46:17.0695 5880 PICOPP - ok
08:46:18.0132 5880 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
08:46:18.0147 5880 pla - ok
08:46:18.0553 5880 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
08:46:18.0553 5880 PlugPlay - ok
08:46:18.0724 5880 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
08:46:18.0724 5880 Pml Driver HPZ12 - ok
08:46:19.0036 5880 pneteth (28460e94ffdf40bb28efdb3d97e959e8) C:\Windows\system32\DRIVERS\pneteth.sys
08:46:19.0052 5880 pneteth - ok
08:46:19.0239 5880 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:46:19.0255 5880 PNRPAutoReg - ok
08:46:19.0317 5880 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:46:19.0317 5880 PNRPsvc - ok
08:46:20.0035 5880 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
08:46:20.0035 5880 Point32 - ok
08:46:20.0362 5880 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
08:46:20.0394 5880 PolicyAgent - ok
08:46:20.0690 5880 ppmoucls - ok
08:46:20.0784 5880 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:46:20.0799 5880 PptpMiniport - ok
08:46:21.0064 5880 prevxagent - ok
08:46:21.0111 5880 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
08:46:21.0127 5880 Processor - ok
08:46:21.0220 5880 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
08:46:21.0236 5880 ProfSvc - ok
08:46:21.0345 5880 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
08:46:21.0345 5880 ProtectedStorage - ok
08:46:21.0423 5880 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
08:46:21.0439 5880 ProtexisLicensing - ok
08:46:22.0141 5880 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:46:22.0141 5880 PSched - ok
08:46:22.0250 5880 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
08:46:22.0250 5880 PxHelp20 - ok
08:46:22.0437 5880 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
08:46:22.0468 5880 ql2300 - ok
08:46:22.0936 5880 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:46:23.0264 5880 ql40xx - ok
08:46:23.0467 5880 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
08:46:23.0482 5880 QWAVE - ok
08:46:23.0716 5880 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:46:23.0716 5880 QWAVEdrv - ok
08:46:23.0841 5880 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
08:46:23.0857 5880 R5U870FLx86 - ok
08:46:23.0966 5880 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
08:46:23.0966 5880 R5U870FUx86 - ok
08:46:24.0808 5880 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
08:46:24.0808 5880 RapiMgr - ok
08:46:24.0964 5880 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:46:24.0980 5880 RasAcd - ok
08:46:25.0183 5880 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
08:46:25.0183 5880 RasAuto - ok
08:46:25.0308 5880 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:46:25.0323 5880 Rasl2tp - ok
08:46:25.0604 5880 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
08:46:25.0620 5880 RasMan - ok
08:46:26.0275 5880 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:46:26.0290 5880 RasPppoe - ok
08:46:26.0524 5880 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:46:26.0540 5880 RasSstp - ok
08:46:26.0758 5880 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:46:26.0805 5880 rdbss - ok
08:46:26.0914 5880 RDID1007 - ok
08:46:27.0507 5880 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:46:27.0523 5880 RDPCDD - ok
08:46:27.0835 5880 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
08:46:27.0913 5880 rdpdr - ok
08:46:28.0599 5880 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:46:28.0599 5880 RDPENCDD - ok
08:46:29.0114 5880 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
08:46:29.0130 5880 RDPWD - ok
08:46:29.0332 5880 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
08:46:29.0332 5880 regi - ok
08:46:29.0426 5880 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
08:46:29.0426 5880 RemoteAccess - ok
08:46:29.0535 5880 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
08:46:29.0535 5880 RemoteRegistry - ok
08:46:29.0676 5880 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
08:46:29.0676 5880 RFCOMM - ok
08:46:30.0081 5880 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\Windows\system32\Drivers\RimUsb.sys
08:46:30.0081 5880 RimUsb - ok
08:46:30.0222 5880 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
08:46:30.0222 5880 RimVSerPort - ok
08:46:30.0596 5880 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
08:46:30.0612 5880 ROOTMODEM - ok
08:46:30.0924 5880 Roxio UPnP Renderer 9 (06e4a1ffa0b831fca6f1bbf79c96c38c) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
08:46:30.0939 5880 Roxio UPnP Renderer 9 - ok
08:46:30.0986 5880 Roxio Upnp Server 9 (ec7bc56a740e00937d4a3da1b08ac7b1) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
08:46:30.0986 5880 Roxio Upnp Server 9 - ok
08:46:31.0220 5880 RoxLiveShare9 (37c38fdee9436bc97f9185dc72afcae2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
08:46:31.0236 5880 RoxLiveShare9 - ok
08:46:31.0454 5880 RoxMediaDB9 (19d610f89396363033bd81bdcb226119) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
08:46:31.0470 5880 RoxMediaDB9 - ok
08:46:31.0641 5880 RoxWatch9 (2d170921e6d430533ea36da0908fdab3) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
08:46:31.0657 5880 RoxWatch9 - ok
08:46:31.0828 5880 rpaservice - ok
08:46:32.0062 5880 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
08:46:32.0062 5880 RpcLocator - ok
08:46:32.0312 5880 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:46:32.0312 5880 RpcSs - ok
08:46:32.0437 5880 rrrspy - ok
08:46:32.0640 5880 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:46:32.0640 5880 rspndr - ok
08:46:32.0780 5880 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
08:46:32.0796 5880 RTL8169 - ok
08:46:32.0998 5880 SaiMini (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\DELL_A02.dll
08:46:32.0998 5880 Suspicious file (NoAccess): C:\Windows\system32\DELL_A02.dll. md5: 11028c6a84a967070cb1286550f2058f
08:46:32.0998 5880 SaiMini ( Backdoor.Multi.ZAccess.gen ) - infected
08:46:32.0998 5880 SaiMini - detected Backdoor.Multi.ZAccess.gen (0)
08:46:33.0373 5880 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
08:46:33.0373 5880 SamSs - ok
08:46:33.0435 5880 sansaservice - ok
08:46:33.0591 5880 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:46:33.0607 5880 SASDIFSV - ok
08:46:33.0638 5880 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:46:33.0654 5880 SASKUTIL - ok
08:46:33.0825 5880 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:46:33.0841 5880 sbp2port - ok
08:46:33.0934 5880 scan - ok
08:46:34.0028 5880 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
08:46:34.0044 5880 SCardSvr - ok
08:46:34.0605 5880 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
08:46:34.0621 5880 Schedule - ok
08:46:34.0777 5880 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:46:34.0777 5880 SCPolicySvc - ok
08:46:34.0948 5880 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
08:46:34.0948 5880 SDRSVC - ok
08:46:35.0026 5880 SE2Dmdfl - ok
08:46:35.0089 5880 se45nd5 - ok
08:46:35.0167 5880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:46:35.0167 5880 secdrv - ok
08:46:35.0276 5880 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
08:46:35.0292 5880 seclogon - ok
08:46:35.0541 5880 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
08:46:35.0541 5880 SENS - ok
08:46:35.0853 5880 ser2plms (227df2e68510d25462ee80136722374e) C:\Windows\system32\DRIVERS\ser2plms.sys
08:46:35.0869 5880 ser2plms - ok
08:46:36.0134 5880 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
08:46:36.0134 5880 Serenum - ok
08:46:36.0274 5880 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:46:36.0290 5880 Serial - ok
08:46:36.0493 5880 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:46:36.0508 5880 sermouse - ok
08:46:36.0680 5880 service1 - ok
08:46:37.0288 5880 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
08:46:37.0288 5880 SessionEnv - ok
08:46:37.0429 5880 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
08:46:37.0444 5880 SFEP - ok
08:46:37.0585 5880 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
08:46:37.0600 5880 sffdisk - ok
08:46:37.0741 5880 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
08:46:37.0756 5880 sffp_mmc - ok
08:46:38.0302 5880 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
08:46:38.0318 5880 sffp_sd - ok
08:46:38.0583 5880 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
08:46:38.0599 5880 sfloppy - ok
08:46:38.0692 5880 SGIR - ok
08:46:38.0958 5880 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
08:46:38.0973 5880 SharedAccess - ok
08:46:39.0192 5880 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
08:46:39.0192 5880 ShellHWDetection - ok
08:46:39.0254 5880 sis162u - ok
08:46:39.0332 5880 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
08:46:39.0363 5880 sisagp - ok
08:46:39.0504 5880 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
08:46:39.0519 5880 SiSRaid2 - ok
08:46:40.0081 5880 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
08:46:40.0346 5880 SiSRaid4 - ok
08:46:40.0564 5880 sleepy - ok
08:46:40.0705 5880 slee_503_service - ok
08:46:40.0845 5880 slip - ok
08:46:41.0126 5880 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
08:46:41.0204 5880 slsvc - ok
08:46:41.0391 5880 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
08:46:41.0391 5880 SLUINotify - ok
08:46:41.0812 5880 smartscaps - ok
08:46:41.0937 5880 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:46:41.0953 5880 Smb - ok
08:46:42.0124 5880 smbios - ok
08:46:42.0234 5880 smwdm - ok
08:46:42.0358 5880 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
08:46:42.0358 5880 SNMPTRAP - ok
08:46:42.0452 5880 sonywbms - ok
08:46:42.0592 5880 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
08:46:42.0608 5880 SplashtopRemoteService - ok
08:46:42.0826 5880 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:46:42.0842 5880 spldr - ok
08:46:43.0029 5880 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
08:46:43.0029 5880 Spooler - ok
08:46:43.0248 5880 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
08:46:43.0263 5880 SPTISRV - ok
08:46:43.0482 5880 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
08:46:43.0482 5880 srv - ok
08:46:44.0074 5880 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
08:46:44.0090 5880 srv2 - ok
08:46:44.0324 5880 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
08:46:44.0340 5880 srvnet - ok
08:46:44.0449 5880 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
08:46:44.0464 5880 SSDPSRV - ok
08:46:44.0589 5880 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
08:46:44.0605 5880 SstpSvc - ok
08:46:44.0808 5880 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
08:46:44.0823 5880 SSUService - ok
08:46:45.0026 5880 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
08:46:45.0057 5880 StillCam - ok
08:46:45.0291 5880 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
08:46:45.0369 5880 stisvc - ok
08:46:46.0664 5880 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:46:46.0680 5880 swenum - ok
08:46:47.0257 5880 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
08:46:47.0272 5880 swprv - ok
08:46:47.0600 5880 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:46:47.0756 5880 Symc8xx - ok
08:46:48.0130 5880 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:46:48.0130 5880 Sym_hi - ok
08:46:48.0302 5880 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:46:48.0333 5880 Sym_u3 - ok
08:46:48.0598 5880 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
08:46:48.0598 5880 SynTP - ok
08:46:49.0144 5880 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
08:46:49.0160 5880 SysMain - ok
08:46:49.0300 5880 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
08:46:49.0316 5880 TabletInputService - ok
08:46:49.0534 5880 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
08:46:49.0566 5880 TapiSrv - ok
08:46:49.0753 5880 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
08:46:49.0768 5880 TBS - ok
08:46:49.0940 5880 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
08:46:50.0034 5880 Tcpip - ok
08:46:50.0424 5880 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
08:46:50.0439 5880 Tcpip6 - ok
08:46:50.0720 5880 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:46:50.0720 5880 tcpipreg - ok
08:46:50.0954 5880 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
08:46:51.0016 5880 TcUsb - ok
08:46:51.0266 5880 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:46:51.0282 5880 TDPIPE - ok
08:46:51.0453 5880 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:46:51.0469 5880 TDTCP - ok
08:46:51.0547 5880 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:46:51.0562 5880 tdx - ok
08:46:51.0921 5880 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:46:51.0984 5880 TermDD - ok
08:46:52.0592 5880 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
08:46:52.0608 5880 TermService - ok
08:46:52.0857 5880 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
08:46:52.0857 5880 Themes - ok
08:46:53.0263 5880 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:46:53.0263 5880 THREADORDER - ok
08:46:53.0450 5880 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
08:46:53.0481 5880 ti21sony - ok
08:46:53.0590 5880 tifm21 - ok
08:46:54.0214 5880 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
08:46:54.0214 5880 TrkWks - ok
08:46:54.0402 5880 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
08:46:54.0402 5880 TrustedInstaller - ok
08:46:54.0651 5880 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:46:54.0667 5880 tssecsrv - ok
08:46:54.0994 5880 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:46:55.0010 5880 tunmp - ok
08:46:55.0275 5880 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:46:55.0275 5880 tunnel - ok
08:46:55.0681 5880 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
08:46:55.0743 5880 uagp35 - ok
08:46:55.0852 5880 uCamMonitor (5704b9bf52bd0b611fe871f47a3230b9) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
08:46:55.0852 5880 uCamMonitor - ok
08:46:56.0180 5880 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:46:56.0196 5880 udfs - ok
08:46:56.0398 5880 uhcd - ok
08:46:56.0648 5880 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
08:46:56.0648 5880 UI0Detect - ok
08:46:56.0835 5880 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
08:46:57.0288 5880 uliagpkx - ok
08:46:57.0506 5880 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
08:46:57.0522 5880 uliahci - ok
08:46:57.0990 5880 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:46:58.0083 5880 UlSata - ok
08:46:58.0380 5880 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:46:58.0411 5880 ulsata2 - ok
08:46:58.0582 5880 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:46:58.0598 5880 umbus - ok
08:46:58.0770 5880 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
08:46:58.0785 5880 upnphost - ok
08:46:58.0941 5880 Usb20Scan - ok
08:46:59.0082 5880 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:46:59.0097 5880 USBAAPL - ok
08:46:59.0347 5880 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
08:46:59.0362 5880 usbaudio - ok
08:46:59.0596 5880 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:46:59.0612 5880 usbccgp - ok
08:46:59.0690 5880 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:46:59.0706 5880 usbcir - ok
08:47:00.0127 5880 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:47:00.0142 5880 usbehci - ok
08:47:00.0579 5880 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:47:00.0610 5880 usbhub - ok
08:47:01.0172 5880 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:47:01.0188 5880 usbohci - ok
08:47:01.0422 5880 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:47:01.0437 5880 usbprint - ok
08:47:01.0734 5880 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
08:47:01.0749 5880 usbscan - ok
08:47:02.0170 5880 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:47:02.0170 5880 USBSTOR - ok
08:47:02.0358 5880 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:47:02.0358 5880 usbuhci - ok
08:47:02.0436 5880 USBVCD - ok
08:47:02.0607 5880 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
08:47:02.0623 5880 usbvideo - ok
08:47:02.0732 5880 usb_rndisx - ok
08:47:02.0857 5880 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
08:47:02.0857 5880 UxSms - ok
08:47:03.0075 5880 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
08:47:03.0091 5880 VAIO Entertainment TV Device Arbitration Service - ok
08:47:03.0231 5880 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
08:47:03.0231 5880 VAIO Event Service - ok
08:47:04.0432 5880 VAIOMediaPlatform-IntegratedServer-AppServer (4b8f85bfc82b849d52fd4f3f32259dbc) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
08:47:04.0526 5880 VAIOMediaPlatform-IntegratedServer-AppServer - ok
08:47:04.0916 5880 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
08:47:04.0932 5880 VAIOMediaPlatform-IntegratedServer-HTTP - ok
08:47:05.0150 5880 VAIOMediaPlatform-IntegratedServer-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
08:47:05.0166 5880 VAIOMediaPlatform-IntegratedServer-UPnP - ok
08:47:05.0446 5880 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
08:47:05.0524 5880 VAIOMediaPlatform-UCLS-AppServer - ok
08:47:05.0805 5880 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
08:47:05.0821 5880 VAIOMediaPlatform-UCLS-HTTP - ok
08:47:06.0055 5880 VAIOMediaPlatform-UCLS-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
08:47:06.0070 5880 VAIOMediaPlatform-UCLS-UPnP - ok
08:47:06.0414 5880 VcmIAlzMgr (6ef45df2fcc4ae35c715a6c9b5c68b17) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:47:06.0429 5880 VcmIAlzMgr - ok
08:47:06.0632 5880 VcmXmlIfHelper (c4de5ba157fd83bbdaeb70ee27417e0e) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
08:47:06.0663 5880 VcmXmlIfHelper - ok
08:47:06.0726 5880 Vcsw - ok
08:47:06.0991 5880 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
08:47:07.0006 5880 vds - ok
08:47:07.0537 5880 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:07.0537 5880 vga - ok
08:47:07.0989 5880 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:47:07.0989 5880 VgaSave - ok
08:47:08.0520 5880 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
08:47:08.0520 5880 viaagp - ok
08:47:08.0754 5880 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
08:47:08.0785 5880 ViaC7 - ok
08:47:09.0237 5880 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
08:47:09.0237 5880 viaide - ok
08:47:09.0565 5880 VNUSB - ok
08:47:09.0814 5880 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:47:09.0814 5880 volmgr - ok
08:47:10.0267 5880 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:47:10.0298 5880 volmgrx - ok
08:47:10.0610 5880 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:47:10.0610 5880 volsnap - ok
08:47:10.0813 5880 vproeventmonitor - ok
08:47:11.0156 5880 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
08:47:11.0187 5880 vsmraid - ok
08:47:11.0655 5880 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
08:47:11.0733 5880 VSS - ok
08:47:11.0889 5880 vusbbus - ok
08:47:12.0014 5880 VzCdbSvc (2e785f4f92c4c67cebb61dd55ed1f6a1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
08:47:12.0014 5880 VzCdbSvc - ok
08:47:12.0123 5880 VzFw (2d876cad8c7ffb08179dff361ff851e6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
08:47:12.0139 5880 VzFw - ok
08:47:12.0388 5880 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
08:47:12.0404 5880 W32Time - ok
08:47:12.0778 5880 W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
08:47:12.0794 5880 W3SVC - ok
08:47:12.0919 5880 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:47:12.0934 5880 WacomPen - ok
08:47:13.0215 5880 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:13.0231 5880 Wanarp - ok
08:47:13.0231 5880 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:13.0231 5880 Wanarpv6 - ok
08:47:13.0714 5880 WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
08:47:13.0714 5880 WAS - ok
08:47:13.0839 5880 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
08:47:13.0839 5880 WcesComm - ok
08:47:14.0011 5880 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
08:47:14.0026 5880 wcncsvc - ok
08:47:14.0385 5880 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
08:47:14.0385 5880 WcsPlugInService - ok
08:47:15.0056 5880 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
08:47:15.0087 5880 Wd - ok
08:47:15.0602 5880 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:47:15.0602 5880 Wdf01000 - ok
08:47:15.0774 5880 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:47:15.0774 5880 WdiServiceHost - ok
08:47:15.0789 5880 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:47:15.0789 5880 WdiSystemHost - ok
08:47:15.0992 5880 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
08:47:16.0023 5880 WebClient - ok
08:47:16.0148 5880 websenseuserservice - ok
08:47:16.0210 5880 websensewfreportserver - ok
08:47:16.0304 5880 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
08:47:16.0304 5880 Wecsvc - ok
08:47:16.0444 5880 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
08:47:16.0444 5880 wercplsupport - ok
08:47:16.0616 5880 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
08:47:16.0632 5880 WerSvc - ok
08:47:16.0772 5880 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
08:47:16.0819 5880 WimFltr - ok
08:47:17.0053 5880 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:47:17.0084 5880 winachsf - ok
08:47:17.0100 5880 WinHttpAutoProxySvc - ok
08:47:17.0318 5880 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
08:47:17.0318 5880 Winmgmt - ok
08:47:17.0412 5880 winpowermanager - ok
08:47:17.0568 5880 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
08:47:17.0599 5880 WinRM - ok
08:47:17.0802 5880 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
08:47:17.0802 5880 winusb - ok
08:47:17.0942 5880 winvnc4 - ok
08:47:18.0067 5880 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
08:47:18.0082 5880 Wlansvc - ok
08:47:18.0176 5880 WLAN_USB - ok
08:47:18.0270 5880 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
08:47:18.0285 5880 WLSetupSvc - ok
08:47:18.0488 5880 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
08:47:18.0504 5880 WmiAcpi - ok
08:47:18.0722 5880 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
08:47:18.0722 5880 wmiApSrv - ok
08:47:18.0878 5880 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:47:18.0894 5880 WMPNetworkSvc - ok
08:47:19.0237 5880 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
08:47:19.0252 5880 WPCSvc - ok
08:47:19.0455 5880 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
08:47:19.0455 5880 WPDBusEnum - ok
08:47:19.0689 5880 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
08:47:19.0705 5880 WpdUsb - ok
08:47:19.0939 5880 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:47:19.0939 5880 WPFFontCache_v0400 - ok
08:47:20.0188 5880 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:47:20.0251 5880 ws2ifsl - ok
08:47:20.0532 5880 WSearch - ok
08:47:20.0890 5880 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
08:47:20.0922 5880 wuauserv - ok
08:47:21.0218 5880 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:21.0218 5880 WUDFRd - ok
08:47:21.0717 5880 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
08:47:21.0733 5880 wudfsvc - ok
08:47:22.0014 5880 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
08:47:22.0014 5880 XAudio - ok
08:47:22.0622 5880 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
08:47:22.0638 5880 XAudioService - ok
08:47:22.0762 5880 ZD1211BU(ZyDAS) - ok
08:47:22.0794 5880 _iomega_active_disk_service_ - ok
08:47:22.0872 5880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:47:23.0293 5880 \Device\Harddisk0\DR0 - ok
08:47:23.0293 5880 Boot (0x1200) (b6de9ba4df04aac819a3b702171a235b) \Device\Harddisk0\DR0\Partition0
08:47:23.0293 5880 \Device\Harddisk0\DR0\Partition0 - ok
08:47:23.0293 5880 ============================================================
08:47:23.0293 5880 Scan finished
08:47:23.0293 5880 ============================================================
08:47:23.0308 4748 Detected object count: 3
08:47:23.0308 4748 Actual detected object count: 3
08:47:56.0039 4748 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
08:47:56.0039 4748 C:\Windows\$NtUninstallKB997$\1098072726\@ - copied to quarantine
08:47:56.0055 4748 C:\Windows\$NtUninstallKB997$\1098072726\cfg.ini - copied to quarantine
08:47:56.0055 4748 C:\Windows\$NtUninstallKB997$\1098072726\Desktop.ini - copied to quarantine
08:47:56.0070 4748 C:\Windows\$NtUninstallKB997$\1098072726\L\qnbwvoto - copied to quarantine
08:47:56.0086 4748 C:\Windows\$NtUninstallKB997$\1098072726\oemid - copied to quarantine
08:47:56.0102 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000001.@ - copied to quarantine
08:47:56.0164 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000002.@ - copied to quarantine
08:47:56.0195 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000004.@ - copied to quarantine
08:47:56.0226 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000000.@ - copied to quarantine
08:47:56.0226 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000004.@ - copied to quarantine
08:47:56.0273 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000032.@ - copied to quarantine
08:47:56.0273 4748 C:\Windows\$NtUninstallKB997$\1098072726\version - copied to quarantine
08:48:09.0892 4748 Backup copy not found, trying to cure infected file..
08:48:09.0892 4748 Cure success, using it..
08:48:09.0908 4748 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
08:48:20.0750 4748 C:\Windows\$NtUninstallKB997$\1098072726\@ - will be deleted on reboot
08:48:20.0765 4748 C:\Windows\$NtUninstallKB997$\1098072726\cfg.ini - will be deleted on reboot
08:48:20.0765 4748 C:\Windows\$NtUninstallKB997$\1098072726\Desktop.ini - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\oemid - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000001.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000002.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\00000004.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000000.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000004.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\U\80000032.@ - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\1098072726\version - will be deleted on reboot
08:48:20.0828 4748 C:\Windows\$NtUninstallKB997$\3679707825 - will be deleted on reboot
08:48:20.0828 4748 DfsC ( Virus.Win32.ZAccess.k ) - User select action: Cure
08:48:21.0108 4748 HKLM\SYSTEM\ControlSet001\services\lxdj_device - will be deleted on reboot
08:48:21.0140 4748 HKLM\SYSTEM\ControlSet003\services\lxdj_device - will be deleted on reboot
08:48:21.0140 4748 C:\Windows\system32\sagefserver.dll - will be deleted on reboot
08:48:21.0140 4748 lxdj_device ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
08:48:21.0280 4748 HKLM\SYSTEM\ControlSet001\services\SaiMini - will be deleted on reboot
08:48:21.0280 4748 HKLM\SYSTEM\ControlSet003\services\SaiMini - will be deleted on reboot
08:48:21.0296 4748 C:\Windows\system32\DELL_A02.dll - will be deleted on reboot
08:48:21.0296 4748 SaiMini ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
08:48:46.0743 6084 Deinitialize success

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 30 March 2012 - 12:09 AM

It's ok. I'm glad that the redirect problem is gone, but we still need to be sure. :)

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 30 March 2012 - 12:10 AM

BTW, if you haven't reboot your computer after the cure, please do it before running CF.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 30 March 2012 - 03:45 PM

Hi,

CF hung the computer. CF complained about AVG, so I deinstalled AVG, and tried it in safe mode. Same outcome. Dos window opens, some disk activity, then system hangs.

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 30 March 2012 - 10:52 PM

Let's try again. Make sure ComboFix is located in your desktop.

Click Start > Type Run in the search box and copy/paste, or type the following bold text into the Run box and click OK:

"%userprofile%\desktop\combofix.exe" /nombr

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 02 April 2012 - 10:39 AM

ComboFix 12-03-30.06 - Steve 04/02/2012 8:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1696 [GMT -5:00]
Running from: c:\users\Steve\Desktop\combofix.exe
Command switches used :: /nombr
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\Steve\AppData\Local\assembly\tmp
c:\users\Steve\AppData\Roaming\1C3E.176
c:\windows\iun6002.exe
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-29 13:47 . 2012-03-29 13:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 18:28 . 2012-03-20 18:28 -------- d-----w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 18:27 . 2012-03-20 18:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-20 18:27 . 2012-03-20 18:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-20 12:38 . 2012-03-20 12:38 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 12:38 . 2012-03-20 12:38 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-05 14:48 . 2012-03-05 14:48 -------- d-----w- c:\users\Steve\.swt
2012-03-03 18:10 . 2012-03-03 18:10 -------- d-----w- c:\program files\iPod
2012-03-03 18:10 . 2012-03-03 18:11 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 13:49 . 2009-11-09 15:41 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-07 18:26 . 2010-02-23 23:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 18:26 . 2010-02-23 23:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 18:26 . 2010-02-23 23:27 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 18:26 . 2010-02-23 23:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-20 12:38 . 2011-05-07 17:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Oops!Backup"="c:\program files\Altaro\Oops!Backup\OopsBackup.exe" [2011-09-29 3335680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE" [2009-12-14 484760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
reminder.txt - Shortcut.lnk - c:\users\Steve\Documents\jsm2\my weight\reminder.txt [2009-11-12 159]
WinTidy.lnk - c:\program files\WinTidy\WinTidy.exe [2001-10-8 585216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
icdsptsv
moufiltr
msdv
winvnc4
navap
cygserver
clnt_clientman
USBVCD
db2remotecmd
NETw3x32
httpfilter
btwdndis
tifm21
Usb20Scan
OEM02Dev
sleepy
BCM43XV
LVPrcMon
CTERFXFX.DLL
cxlpt
BCM42RLY
ZD1211BU(ZyDAS)
mxserver
scan
WLAN_USB
nsm1mdfl
dlaopiom
dlaifs_m
pdlndtdl
AtcL002
vusbbus
CoolerXPDriver
RDID1007
ggsemc
nmindexingservice
slip
sis162u
mstdfrgs
mvwebserver
smartscaps
NETGEAR_MA111
CTSBLFX.DLL
mcmscsvc
slee_503_service
btaudio
rrrspy
arp1394
_iomega_active_disk_service_
smwdm
VNUSB
pdlncfwk
modemcsa
MS1000
nsengine
service1
PDExchange
SaiMini
NICSer_WPC300N
sansaservice
ALABULK
itchfltr
SE2Dmdfl
rpaservice
websenseuserservice
vproeventmonitor
A88xXBar
uhcd
HWIONT
ma763004
hpzid412
Intels51
oracleorahomemanagementserver
abiosdsk
se45nd5
sonywbms
mvserver
SGIR
bdpredir
usb_rndisx
LVRS
mediaviewer
smbios
cfosspeeds
ndiscm
lvpopflt
nmwcdc
Ld51ocnucsnp
kbfiltr
cwafadminmonitor
prevxagent
winpowermanager
AYDrvNT_ALYAC
FileDisk
cvspydr2
ppmoucls
CVirtA
DritekPortIO
ABVPN2K
IFP700
websensewfreportserver
lxdj_device
iaantmon
FreshIO
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://192.168.1.105/img/LinksysViewer.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-11201457.sys
AddRemove-Port_Detective_2.0 - c:\windows\iun6002.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 10:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4832)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\SyncCenter.dll
c:\windows\system32\GDVirtualDiskNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\GlobalDrive\GDVirtualDiskService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Altaro\Oops!Backup\OopsBackup.Service.exe
c:\windows\system32\PSIService.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-02 10:25:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 15:25
.
Pre-Run: 102,218,379,264 bytes free
Post-Run: 100,934,332,416 bytes free
.
- - End Of File - - B870472D41946A38A9DD215A6F005586

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 03 April 2012 - 04:57 AM

Hi,

Are you still facing redirect?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    $NtUninstallKB*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users