Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Ukash/met police malwareHI


  • Please log in to reply
10 replies to this topic

#1 Infected_UK

Infected_UK

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 09 May 2012 - 05:07 PM

Hi

My friend has managed to get her computer infected with the Ukash/Metropolitan Police Malware. I am attempting to clean it for her and would appreciate any help. I realise I should not have used combofix until instructed but I have attached a log from earlier tonight. This log was from the 4th time running combofix as the other times it stated it detected root kit activity and needed to reboot.

One thing I have noticed is that since running combofix all the hidden or system files are now visible such as the programdata folder and boot folder.

Thanks in advance for any help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:07 PM

Posted 11 May 2012 - 08:46 AM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 Infected_UK

Infected_UK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 May 2012 - 01:46 PM

Hi Gammo

Thank you for helping me clean this PC. Below are the logs you asked for:


OTL logfile created on: 11/05/2012 19:10:06 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Paul\Desktop\malware clean up
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.37% Memory free
4.23 Gb Paging File | 2.80 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 67.44 Gb Free Space | 48.52% Space Free | Partition Type: NTFS

Computer Name: KARIN-KIM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 19:08:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\malware clean up\OTL.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/24 12:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2007/12/17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/07/12 16:33:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/07/12 16:33:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/22 18:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/06/15 20:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/14 16:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/06/13 01:08:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/12 02:27:14 | 000,317,560 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/06/10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/10 01:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 12:57:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/11 12:55:44 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/11 12:55:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/11 12:55:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 12:54:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 12:54:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ed12b32a03191e6415e12a061aeef5e\System.Windows.Forms.ni.dll
MOD - [2012/05/11 12:54:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c653820b5a3858c99eb5e524b1a71440\System.Drawing.ni.dll
MOD - [2012/05/11 12:53:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 12:52:02 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/06/22 18:34:44 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/05/11 11:32:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/07/12 16:33:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/06 03:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/07/06 01:43:04 | 000,079,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/06/28 16:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/20 23:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 23:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/13 01:08:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/11 00:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/14 10:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 10:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 09:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/16 00:24:36 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/02/16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/11/03 19:09:13 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/06/30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/28 03:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/06/28 01:04:20 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/28 01:01:22 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/06/28 01:01:22 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/06/13 01:08:08 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/06/05 04:20:28 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/02/14 03:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {FD201CCB-87F9-48E6-AD03-B9C71F98C554}
IE - HKLM\..\SearchScopes\{FD201CCB-87F9-48E6-AD03-B9C71F98C554}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\SearchScopes,DefaultScope = {FD201CCB-87F9-48E6-AD03-B9C71F98C554}
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15435&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=GG&apn_dtid=YYYYYYB7GB&apn_uid=64E2F5EF-7765-42A6-9B2C-75C5F6CF3ADE&apn_sauid=29C5C5C5-D6ED-4113-8F8D-25BF41E3C078
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\SearchScopes\{FD201CCB-87F9-48E6-AD03-B9C71F98C554}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en-GB
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/05/09 22:27:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.194.255.155 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{253D408A-47B4-47AC-95A2-39EE883196EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABFB745C-41FB-4D3B-A08D-E755FB159B5F}: DhcpNameServer = 87.194.255.155 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 12:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/05/11 11:20:13 | 000,306,688 | ---- | C] (FileHippo.com) -- C:\Users\Paul\Desktop\UpdateChecker.exe
[2012/05/11 07:14:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/10 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apps
[2012/05/10 18:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/10 18:09:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/05/10 18:00:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/05/10 18:00:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/05/10 18:00:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/05/10 17:41:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/05/10 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/10 16:57:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\malware clean up
[2012/05/10 09:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/09 22:43:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2012/05/09 22:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/09 22:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/09 22:43:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/09 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/09 22:35:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/09 22:35:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2012/05/09 22:28:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/09 21:36:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/09 21:28:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/05/09 20:07:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/09 20:07:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/09 20:07:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/09 20:07:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/09 20:07:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/09 20:02:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFWold
[2012/05/09 20:02:32 | 004,488,685 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2012/04/29 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ixufov
[2012/04/29 12:59:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/28 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2012/04/28 18:57:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/04/28 18:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/04/28 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\OpenOffice.org 3.3 (en-GB) Installation Files
[2012/04/21 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\OmgLgdImport
[2012/04/16 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2012/04/16 21:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2012/04/16 21:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012/04/15 16:56:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/04/14 03:24:23 | 000,000,000 | ---D | C] -- C:\PerfLogs

========== Files - Modified Within 30 Days ==========

[2012/05/11 19:17:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{813D40C1-55A6-402F-8E8A-117F61A911EE}.job
[2012/05/11 19:09:57 | 000,614,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 19:09:57 | 000,110,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 19:03:09 | 000,362,056 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\nvModes.001
[2012/05/11 19:02:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 19:02:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 19:02:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 19:01:18 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 13:12:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/11 12:50:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/11 12:48:36 | 000,431,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 12:43:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/11 12:43:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 11:29:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/11 11:20:20 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Users\Paul\Desktop\UpdateChecker.exe
[2012/05/10 18:33:45 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/10 17:58:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/05/10 09:35:48 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Documents\MBR.dat
[2012/05/10 07:07:48 | 000,362,056 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\nvModes.dat
[2012/05/09 22:43:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 22:27:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/09 20:49:32 | 000,001,356 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2012/05/09 19:30:26 | 004,488,685 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2012/05/08 13:33:41 | 000,000,238 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012/05/04 19:18:37 | 000,004,834 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2012/04/28 21:45:57 | 000,012,301 | ---- | M] () -- C:\Users\Paul\Documents\Karins Business Plan.odp
[2012/04/28 18:57:43 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/04/16 18:38:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/04/14 01:25:40 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012/04/14 01:25:37 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012/04/13 18:28:28 | 000,210,432 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/05/11 12:43:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/11 12:43:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 11:29:25 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/11 11:29:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/11 10:43:22 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/10 18:33:45 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/10 18:33:01 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/10 17:58:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/05/10 17:31:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/05/10 17:30:41 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/05/10 17:30:33 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/05/10 17:30:31 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/05/10 17:30:24 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/05/10 17:30:24 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012/05/10 17:30:12 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/05/10 17:30:09 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/05/10 17:29:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/05/10 17:29:12 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/05/10 17:29:11 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/05/10 09:35:48 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Documents\MBR.dat
[2012/05/09 22:43:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 20:07:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/09 20:07:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/09 20:07:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/09 20:07:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/09 20:07:43 | 000,000,000 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/28 21:45:55 | 000,012,301 | ---- | C] () -- C:\Users\Paul\Documents\Karins Business Plan.odp
[2012/04/28 18:57:43 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/04/21 01:37:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 18:38:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/04/15 17:16:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/04/15 17:16:11 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/04/15 16:50:27 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/04/15 16:50:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/04/15 16:50:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/01/20 04:41:01 | 000,004,834 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2011/01/02 21:21:54 | 000,163,135 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/01/02 21:21:54 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/10/16 20:16:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/05/08 14:21:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\BatteryBar
[2010/09/25 00:00:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Epson
[2008/03/13 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\InterVideo
[2012/05/08 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ixufov
[2012/04/28 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2010/05/06 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
[2010/04/21 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Samsung
[2011/01/20 04:41:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2012/05/08 13:33:41 | 000,000,238 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012/05/11 13:12:59 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/11 19:17:46 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{813D40C1-55A6-402F-8E8A-117F61A911EE}.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 11/05/2012 19:10:06 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Paul\Desktop\malware clean up
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.37% Memory free
4.23 Gb Paging File | 2.80 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 67.44 Gb Free Space | 48.52% Space Free | Partition Type: NTFS

Computer Name: KARIN-KIM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C58924D-77BA-49A2-92B7-C7F754315D09}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E2C401B-9AB3-4E5F-8479-54CB0885F065}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D840E2-4C0D-40F0-BD95-AEA770A4211D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{12E59F8B-114D-4C98-9B71-2DDC4C4DE13F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{17838733-76AA-4889-AD3E-B2DEA4B56B4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1C0EA9C8-F40A-4316-AE8B-074DB7442A97}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{271A5C80-EE60-484E-9570-FE343872C03C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{2DB8EE1F-8657-465C-8F92-9D7E825EC2E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3220EE3A-01BF-4605-846E-B25DC8CD7399}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3899846A-D25E-40DF-8E8E-4DC7D22DD308}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46D0CAEF-E383-40AF-A06F-004197DFE634}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66ECE4F8-F46E-4150-86F4-7574773F797A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{739DFA85-4DA0-45B4-9B95-17DADE9326DA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{772C92F4-FE88-4323-9B66-42D4CEA022C9}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{842AA29D-2A98-4FC7-A81A-9E7D541FA7F1}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{8796762F-B708-4EEB-ADF1-3415DD93CA3C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{8EF1F41C-68E5-4C2A-A5BA-FFA86A3D5C77}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A320337F-8A5C-460E-99C8-F68B99AA30F9}" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\game.dat |
"{A853BC1B-D6F9-4309-9711-89DF48640004}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B6966EFE-0DE9-49D6-A0F2-D66FCB6EB6A6}" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\game.dat |
"{C0970C2D-08F9-484E-8B32-B59714B9DF30}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3C24B39-3884-4D59-90F9-3E32164062A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3E3244D-FD62-49CE-BF9E-2FF5AF974ECA}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D9E651D7-3804-4982-8FCA-5BBB5E145D3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D9FACC48-36B8-4101-921C-6A81ED778578}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E060FCAE-03A2-4C54-8464-F7967E544D2E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E41A7B31-FE52-4D38-B6F8-0D7733887A93}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{EACA1359-85B8-4634-8A5F-ADA54A15944F}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{ED7A37EC-F03D-411C-8677-94C0242324F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0D1A129-7017-4CAB-B3A1-2D3E0AF0F38D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{F4F15440-9D6E-4164-B884-DBE0D51F4153}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"TCP Query User{38B235AE-182A-40DB-B370-80A6B3F2D32B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{61C7967F-F2D2-47FA-A36E-4B4533B2DAA3}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{6CA31C0D-2D7A-4755-9E57-624862B39A2C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{854B257E-3A42-4C36-98BE-7E66C570D2B4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B36E6CC9-BD42-45E5-89CA-864A26381060}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{BD4C598D-2959-4D7E-859F-287599A45AE5}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CC4DC928-CA05-43A9-8ED8-620F342A8DF2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{D5DA1E0B-83F2-4C34-80C3-F9E66B411EED}C:\program files\ea games\the battle for middle-earth ™\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\patchget.dat |
"UDP Query User{02831818-9758-4161-8D2D-BD1C40E7195D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{12616C0F-FA7E-4C31-AB14-1733F0AE0C5A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1414AC6E-A847-494C-BFAE-3096CF4A34F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2C290031-08B9-4342-8CA0-676A6AE78368}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{BB95D902-A12F-46A5-8C7B-96CD9F99D4D0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BE93B560-EB89-4E7D-A07C-E6C84B2C73B5}C:\program files\ea games\the battle for middle-earth ™\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\patchget.dat |
"UDP Query User{D9705CF3-2657-440C-ADEC-37390BE713E0}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F716BB1F-526A-498F-AAC3-32FF6C4AB9D0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BatteryBar" = BatteryBar (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" =
"eBay HTML" =
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa 3" = Picasa 3
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2909873315-3474448982-3901374211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Torrent PowerSearch" = Torrent PowerSearch

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2012 15:01:18 | Computer Name = KARIN-KIM | Source = EventSystem | ID = 4609
Description =

Error - 09/05/2012 15:31:28 | Computer Name = KARIN-KIM | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 09/05/2012 15:32:47 | Computer Name = KARIN-KIM | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 09/05/2012 15:32:54 | Computer Name = KARIN-KIM | Source = Windows Search Service | ID = 7040
Description =

Error - 09/05/2012 15:32:54 | Computer Name = KARIN-KIM | Source = Windows Search Service | ID = 3029
Description =

Error - 09/05/2012 15:32:54 | Computer Name = KARIN-KIM | Source = Windows Search Service | ID = 3028
Description =

Error - 09/05/2012 15:32:54 | Computer Name = KARIN-KIM | Source = Windows Search Service | ID = 3058
Description =

Error - 09/05/2012 15:37:34 | Computer Name = KARIN-KIM | Source = EventSystem | ID = 4609
Description =

Error - 09/05/2012 15:44:26 | Computer Name = KARIN-KIM | Source = EventSystem | ID = 4609
Description =

Error - 09/05/2012 15:56:13 | Computer Name = KARIN-KIM | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 16/04/2008 17:48:52 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 11/05/2012 02:20:13 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7001
Description =

Error - 11/05/2012 02:20:14 | Computer Name = KARIN-KIM | Source = DCOM | ID = 10005
Description =

Error - 11/05/2012 02:20:19 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7001
Description =

Error - 11/05/2012 05:44:48 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2012 06:27:52 | Computer Name = KARIN-KIM | Source = DCOM | ID = 10005
Description =

Error - 11/05/2012 06:27:53 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7009
Description =

Error - 11/05/2012 06:27:53 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2012 07:44:58 | Computer Name = KARIN-KIM | Source = DCOM | ID = 10010
Description =

Error - 11/05/2012 07:49:17 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2012 14:02:53 | Computer Name = KARIN-KIM | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Attached Files



#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:07 PM

Posted 11 May 2012 - 03:29 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15435&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=GG&apn_dtid=YYYYYYB7GB&apn_uid=64E2F5EF-7765-42A6-9B2C-75C5F6CF3ADE&apn_sauid=29C5C5C5-D6ED-4113-8F8D-25BF41E3C078
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2909873315-3474448982-3901374211-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    [2012/04/29 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ixufov
    [2012/04/21 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\OmgLgdImport
    
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\Ask.com
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 Infected_UK

Infected_UK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 May 2012 - 03:33 PM

Hi Gammo

I will run the OTL fix now.

I already have comboxfix installed as i ran it before posting. Is it OK to run it again?

Thanks

#6 Infected_UK

Infected_UK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 May 2012 - 03:33 PM

sorry duplicate post

Edited by Infected_UK, 11 May 2012 - 03:37 PM.


#7 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:07 PM

Posted 11 May 2012 - 03:49 PM

Delete the ComboFix.exe you already have from your Desktop.

Then download and run the latest version: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#8 Infected_UK

Infected_UK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 May 2012 - 05:08 PM

hi again.

I have run both the OTL fix and the new copy of combofix. Below is my combofix log


ComboFix 12-05-11.03 - Paul 11/05/2012 22:35:32.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.44.1033.18.2046.1055 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB25111$
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 21:50 . 2012-05-11 21:50 -------- d-----w- c:\users\Paul\AppData\Local\temp
2012-05-11 21:50 . 2012-05-11 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 20:58 . 2012-05-11 20:58 -------- d-----w- C:\_OTL
2012-05-11 20:55 . 2012-05-11 20:55 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CFAAB39-E4C7-4941-B067-1E79451BC94B}\offreg.dll
2012-05-11 20:34 . 2012-05-11 20:34 -------- d-----w- c:\program files\Common Files\Java
2012-05-11 19:56 . 2012-05-11 19:56 -------- d-----w- c:\users\Paul\AppData\Local\Mozilla
2012-05-11 19:56 . 2012-05-11 19:56 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-11 19:43 . 2012-05-11 20:33 -------- d-----w- c:\program files\Java
2012-05-11 18:21 . 2012-04-12 23:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CFAAB39-E4C7-4941-B067-1E79451BC94B}\mpengine.dll
2012-05-11 18:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-11 18:20 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 18:20 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 18:20 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 18:20 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 18:20 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 11:44 . 2012-05-11 11:44 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-11 11:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-11 11:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-11 11:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-11 11:15 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-11 11:15 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-11 11:15 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-11 11:15 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-11 10:52 . 2011-01-20 14:15 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-05-11 10:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-11 10:41 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-05-11 10:37 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-11 10:37 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-11 10:35 . 2012-05-11 20:33 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 20:06 . 2012-05-10 20:06 -------- d-----w- c:\users\Paul\AppData\Local\Apps
2012-05-10 17:46 . 2012-05-10 17:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48A3F422-F827-498C-89B7-934B99DFCAC9}\gapaengine.dll
2012-05-10 17:45 . 2012-04-12 23:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-10 17:31 . 2012-05-10 17:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-10 17:31 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-10 17:09 . 2012-05-10 17:09 -------- d-----w- C:\found.000
2012-05-10 17:00 . 2012-05-10 17:01 -------- d-----w- c:\windows\system32\ca-ES
2012-05-10 17:00 . 2012-05-10 17:00 -------- d-----w- c:\windows\system32\eu-ES
2012-05-10 17:00 . 2012-05-10 17:00 -------- d-----w- c:\windows\system32\vi-VN
2012-05-10 16:41 . 2012-05-10 16:41 -------- d-----w- c:\windows\system32\EventProviders
2012-05-10 16:30 . 2009-04-11 06:28 322560 ----a-w- c:\program files\Movie Maker\WMM2FILT.dll
2012-05-10 16:29 . 2009-04-11 06:28 2205184 ----a-w- c:\windows\system32\SyncCenter.dll
2012-05-10 16:28 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\wshbth.dll
2012-05-10 16:00 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57786AAB-CB19-45EC-934A-1F97E1F1FCEC}\mpengine.dll
2012-05-10 08:43 . 2012-05-10 08:43 -------- d-----w- c:\program files\ESET
2012-05-09 21:43 . 2012-05-09 21:43 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2012-05-09 21:43 . 2012-05-09 21:43 -------- d-----w- c:\programdata\Malwarebytes
2012-05-09 21:43 . 2012-05-09 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-09 21:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 20:28 . 2012-05-09 20:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-09 19:02 . 2012-05-09 19:06 -------- d-----w- C:\32788R22FWJFWold
2012-04-29 11:59 . 2012-04-29 11:59 -------- d-----w- c:\windows\Sun
2012-04-28 18:00 . 2012-04-28 18:00 -------- d-----w- c:\users\Paul\AppData\Roaming\OpenOffice.org
2012-04-28 17:55 . 2012-04-28 17:55 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-21 00:37 . 2012-05-11 10:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:24 . 2012-04-16 20:24 -------- d-----w- c:\programdata\SSScanAppDataDir
2012-04-16 20:24 . 2012-04-16 20:24 -------- d-----w- c:\programdata\MSScanAppDataDir
2012-04-16 20:23 . 2012-04-16 20:23 -------- d-----w- c:\programdata\Xerox
2012-04-15 16:16 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-04-15 16:01 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-15 16:01 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-15 16:01 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-15 16:01 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-15 16:01 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-15 15:51 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-04-14 20:40 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-04-14 20:40 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-14 20:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-04-14 20:38 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-04-14 20:37 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-04-14 20:36 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-04-14 20:36 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-04-14 20:36 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2012-04-14 20:36 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-04-14 02:24 . 2012-04-14 02:24 -------- d-----w- C:\PerfLogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 20:33 . 2010-05-06 17:47 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 10:32 . 2012-03-16 15:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 00:25 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-04-14 00:25 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-03-20 19:44 . 2012-03-20 19:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-15 23:24 . 2012-02-15 23:24 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-15 23:24 . 2012-02-15 23:24 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-04-21 01:18 . 2012-05-11 19:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 15:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 15:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
meraksmtp
asc3550
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:32]
.
2012-05-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
.
2012-05-11 c:\windows\Tasks\User_Feed_Synchronization-{813D40C1-55A6-402F-8E8A-117F61A911EE}.job
- c:\windows\system32\msfeedssync.exe [2012-05-11 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\wd4icmjx.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-OmgLgdImport - c:\users\Paul\AppData\Local\OmgLgdImport\OmgLgdImport.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 22:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,24,4f,af,03,6e,33,47,8b,a0,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,24,4f,af,03,6e,33,47,8b,a0,59,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-11 22:54:43
ComboFix-quarantined-files.txt 2012-05-11 21:54
ComboFix2.txt 2012-05-09 21:35
.
Pre-Run: 65,145,896,960 bytes free
Post-Run: 65,120,198,656 bytes free
.
- - End Of File - - 9619C69A90BD7915A4DDC9334F441A48

The laptop seems to be running better although it is hard to tell as it is not mine.

Thanks for your help

Attached Files



#9 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:07 PM

Posted 11 May 2012 - 05:35 PM

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.






Run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click at the grey button that says None (next to "Run Fix") .
  • Under the Custom Scan box paste this in

    netsvcs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#10 Infected_UK

Infected_UK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 May 2012 - 05:57 PM

logs as requested:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Paul :: KARIN-KIM [administrator]

11/05/2012 23:38:21
mbam-log-2012-05-11 (23-38-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210049
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


23:46:38.0788 4368 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:46:39.0037 4368 ============================================================
23:46:39.0037 4368 Current date / time: 2012/05/11 23:46:39.0037
23:46:39.0037 4368 SystemInfo:
23:46:39.0037 4368
23:46:39.0037 4368 OS Version: 6.0.6002 ServicePack: 2.0
23:46:39.0037 4368 Product type: Workstation
23:46:39.0037 4368 ComputerName: KARIN-KIM
23:46:39.0037 4368 UserName: Paul
23:46:39.0037 4368 Windows directory: C:\Windows
23:46:39.0037 4368 System windows directory: C:\Windows
23:46:39.0037 4368 Processor architecture: Intel x86
23:46:39.0037 4368 Number of processors: 2
23:46:39.0037 4368 Page size: 0x1000
23:46:39.0037 4368 Boot type: Normal boot
23:46:39.0037 4368 ============================================================
23:46:39.0989 4368 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:46:40.0004 4368 ============================================================
23:46:40.0004 4368 \Device\Harddisk0\DR0:
23:46:40.0004 4368 MBR partitions:
23:46:40.0004 4368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x141D800, BlocksNum 0x115FBEB0
23:46:40.0004 4368 ============================================================
23:46:40.0036 4368 C: <-> \Device\Harddisk0\DR0\Partition0
23:46:40.0036 4368 ============================================================
23:46:40.0036 4368 Initialize success
23:46:40.0036 4368 ============================================================
23:47:01.0657 4260 ============================================================
23:47:01.0657 4260 Scan started
23:47:01.0657 4260 Mode: Manual; SigCheck; TDLFS;
23:47:01.0657 4260 ============================================================
23:47:02.0375 4260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:47:02.0500 4260 ACPI - ok
23:47:02.0843 4260 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:47:02.0858 4260 AdobeARMservice - ok
23:47:02.0968 4260 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:47:02.0983 4260 AdobeFlashPlayerUpdateSvc - ok
23:47:03.0092 4260 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:47:03.0155 4260 adp94xx - ok
23:47:03.0186 4260 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:47:03.0217 4260 adpahci - ok
23:47:03.0248 4260 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:47:03.0264 4260 adpu160m - ok
23:47:03.0280 4260 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:47:03.0295 4260 adpu320 - ok
23:47:03.0358 4260 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:47:03.0389 4260 AeLookupSvc - ok
23:47:03.0623 4260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:47:03.0670 4260 AFD - ok
23:47:03.0716 4260 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:47:03.0732 4260 agp440 - ok
23:47:03.0888 4260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:47:03.0904 4260 aic78xx - ok
23:47:04.0075 4260 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:47:04.0138 4260 ALG - ok
23:47:04.0216 4260 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
23:47:04.0231 4260 aliide - ok
23:47:04.0278 4260 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:47:04.0278 4260 amdagp - ok
23:47:04.0309 4260 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
23:47:04.0325 4260 amdide - ok
23:47:04.0372 4260 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:47:04.0418 4260 AmdK7 - ok
23:47:04.0481 4260 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:47:04.0543 4260 AmdK8 - ok
23:47:04.0590 4260 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:47:04.0637 4260 ApfiltrService - ok
23:47:04.0684 4260 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:47:04.0730 4260 Appinfo - ok
23:47:04.0996 4260 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:47:05.0011 4260 Apple Mobile Device - ok
23:47:05.0074 4260 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:47:05.0089 4260 arc - ok
23:47:05.0120 4260 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:47:05.0136 4260 arcsas - ok
23:47:05.0339 4260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:47:05.0401 4260 AsyncMac - ok
23:47:05.0588 4260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:47:05.0635 4260 atapi - ok
23:47:05.0698 4260 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:47:05.0744 4260 AudioEndpointBuilder - ok
23:47:05.0744 4260 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:47:05.0791 4260 Audiosrv - ok
23:47:05.0854 4260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:47:05.0900 4260 Beep - ok
23:47:05.0963 4260 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:47:06.0010 4260 BFE - ok
23:47:06.0353 4260 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
23:47:06.0400 4260 BITS - ok
23:47:06.0400 4260 blbdrive - ok
23:47:07.0367 4260 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:47:07.0398 4260 Bonjour Service - ok
23:47:07.0460 4260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:47:07.0507 4260 bowser - ok
23:47:07.0554 4260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:47:07.0585 4260 BrFiltLo - ok
23:47:07.0616 4260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:47:07.0648 4260 BrFiltUp - ok
23:47:07.0928 4260 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:47:07.0960 4260 Browser - ok
23:47:08.0006 4260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:47:08.0053 4260 Brserid - ok
23:47:08.0084 4260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:47:08.0116 4260 BrSerWdm - ok
23:47:08.0225 4260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:47:08.0318 4260 BrUsbMdm - ok
23:47:08.0396 4260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:47:08.0459 4260 BrUsbSer - ok
23:47:08.0506 4260 BthEnum (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
23:47:08.0537 4260 BthEnum - ok
23:47:08.0568 4260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:47:08.0630 4260 BTHMODEM - ok
23:47:08.0677 4260 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
23:47:08.0724 4260 BthPan - ok
23:47:08.0755 4260 BTHPORT (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
23:47:08.0771 4260 BTHPORT - ok
23:47:08.0833 4260 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
23:47:08.0864 4260 BthServ - ok
23:47:08.0880 4260 BTHUSB (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
23:47:08.0896 4260 BTHUSB - ok
23:47:08.0942 4260 btwaudio (6ca69fa57cf251e890105923ad215b99) C:\Windows\system32\drivers\btwaudio.sys
23:47:08.0974 4260 btwaudio - ok
23:47:09.0005 4260 btwavdt (12b4a9afa82bfe5a7d8819bf7ae20601) C:\Windows\system32\drivers\btwavdt.sys
23:47:09.0020 4260 btwavdt - ok
23:47:09.0036 4260 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:47:09.0052 4260 btwl2cap - ok
23:47:09.0223 4260 btwrchid (d5e554f6c1a3baeb79daf9e1684f8102) C:\Windows\system32\DRIVERS\btwrchid.sys
23:47:09.0239 4260 btwrchid - ok
23:47:09.0364 4260 catchme - ok
23:47:09.0442 4260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:47:09.0488 4260 cdfs - ok
23:47:09.0551 4260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:47:09.0582 4260 cdrom - ok
23:47:10.0019 4260 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:47:10.0097 4260 CertPropSvc - ok
23:47:10.0253 4260 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:47:10.0346 4260 circlass - ok
23:47:11.0407 4260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:47:11.0423 4260 CLFS - ok
23:47:12.0374 4260 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:47:12.0390 4260 clr_optimization_v2.0.50727_32 - ok
23:47:12.0983 4260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:47:12.0998 4260 clr_optimization_v4.0.30319_32 - ok
23:47:13.0076 4260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:47:13.0108 4260 CmBatt - ok
23:47:13.0139 4260 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
23:47:13.0170 4260 cmdide - ok
23:47:13.0217 4260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:47:13.0232 4260 Compbatt - ok
23:47:13.0232 4260 COMSysApp - ok
23:47:13.0232 4260 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:47:13.0248 4260 crcdisk - ok
23:47:13.0310 4260 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:47:13.0373 4260 Crusoe - ok
23:47:13.0435 4260 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:47:13.0482 4260 CryptSvc - ok
23:47:13.0513 4260 CVirtA - ok
23:47:14.0449 4260 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:47:14.0512 4260 DcomLaunch - ok
23:47:14.0543 4260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:47:14.0574 4260 DfsC - ok
23:47:15.0635 4260 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:47:15.0931 4260 DFSR - ok
23:47:16.0321 4260 dg_ssudbus (73fc5bc52572084ec1241514cf6230a0) C:\Windows\system32\DRIVERS\ssudbus.sys
23:47:16.0321 4260 dg_ssudbus - ok
23:47:16.0399 4260 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:47:16.0430 4260 Dhcp - ok
23:47:16.0508 4260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:47:16.0524 4260 disk - ok
23:47:16.0586 4260 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
23:47:16.0602 4260 DMICall - ok
23:47:16.0649 4260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
23:47:16.0649 4260 DNE - ok
23:47:16.0711 4260 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:47:16.0789 4260 Dnscache - ok
23:47:16.0836 4260 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:47:16.0867 4260 dot3svc - ok
23:47:16.0930 4260 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:47:16.0961 4260 Dot4 - ok
23:47:16.0992 4260 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:47:17.0023 4260 Dot4Print - ok
23:47:17.0039 4260 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:47:17.0070 4260 dot4usb - ok
23:47:17.0117 4260 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:47:17.0164 4260 DPS - ok
23:47:17.0226 4260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:47:17.0257 4260 drmkaud - ok
23:47:17.0444 4260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:47:17.0476 4260 DXGKrnl - ok
23:47:17.0522 4260 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:47:17.0569 4260 E1G60 - ok
23:47:17.0694 4260 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:47:17.0741 4260 EapHost - ok
23:47:17.0803 4260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:47:17.0819 4260 Ecache - ok
23:47:18.0053 4260 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:47:18.0084 4260 ehRecvr - ok
23:47:18.0505 4260 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:47:18.0536 4260 ehSched - ok
23:47:18.0568 4260 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:47:18.0599 4260 ehstart - ok
23:47:18.0677 4260 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:47:18.0692 4260 elxstor - ok
23:47:18.0926 4260 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:47:18.0973 4260 EMDMgmt - ok
23:47:19.0379 4260 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
23:47:19.0379 4260 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
23:47:19.0379 4260 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
23:47:19.0519 4260 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
23:47:19.0566 4260 EPSON_EB_RPCV4_01 - ok
23:47:19.0628 4260 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
23:47:19.0628 4260 EPSON_PM_RPCV4_01 - ok
23:47:19.0738 4260 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:47:19.0784 4260 EventSystem - ok
23:47:20.0284 4260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:47:20.0315 4260 exfat - ok
23:47:20.0533 4260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:47:20.0549 4260 fastfat - ok
23:47:20.0596 4260 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:47:20.0642 4260 fdc - ok
23:47:20.0767 4260 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:47:20.0798 4260 fdPHost - ok
23:47:21.0001 4260 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:47:21.0079 4260 FDResPub - ok
23:47:21.0110 4260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:47:21.0142 4260 FileInfo - ok
23:47:21.0204 4260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:47:21.0235 4260 Filetrace - ok
23:47:21.0282 4260 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:47:21.0329 4260 flpydisk - ok
23:47:21.0391 4260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:47:21.0422 4260 FltMgr - ok
23:47:21.0547 4260 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:47:21.0578 4260 FontCache - ok
23:47:21.0859 4260 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:47:21.0890 4260 FontCache3.0.0.0 - ok
23:47:21.0953 4260 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
23:47:21.0968 4260 fssfltr - ok
23:47:22.0468 4260 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:47:22.0499 4260 fsssvc - ok
23:47:22.0530 4260 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:47:22.0561 4260 Fs_Rec - ok
23:47:22.0608 4260 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:47:22.0608 4260 gagp30kx - ok
23:47:22.0686 4260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:47:22.0686 4260 GEARAspiWDM - ok
23:47:22.0780 4260 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:47:22.0858 4260 gpsvc - ok
23:47:23.0123 4260 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:47:23.0138 4260 gusvc - ok
23:47:23.0216 4260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:47:23.0279 4260 HdAudAddService - ok
23:47:23.0341 4260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:47:23.0388 4260 HDAudBus - ok
23:47:23.0419 4260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:47:23.0450 4260 HidBth - ok
23:47:23.0497 4260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:47:23.0544 4260 HidIr - ok
23:47:23.0575 4260 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
23:47:23.0606 4260 hidserv - ok
23:47:23.0684 4260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:47:23.0700 4260 HidUsb - ok
23:47:23.0731 4260 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:47:23.0762 4260 hkmsvc - ok
23:47:23.0794 4260 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:47:23.0794 4260 HpCISSs - ok
23:47:23.0856 4260 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:47:23.0903 4260 HSFHWAZL - ok
23:47:24.0028 4260 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:47:24.0090 4260 HSF_DPV - ok
23:47:24.0121 4260 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:47:24.0184 4260 HSXHWAZL - ok
23:47:24.0246 4260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:47:24.0308 4260 HTTP - ok
23:47:24.0340 4260 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:47:24.0355 4260 i2omp - ok
23:47:24.0418 4260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:47:24.0433 4260 i8042prt - ok
23:47:24.0496 4260 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
23:47:24.0511 4260 iaStor - ok
23:47:24.0542 4260 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:47:24.0558 4260 iaStorV - ok
23:47:24.0714 4260 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:47:24.0714 4260 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:47:24.0714 4260 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:47:25.0634 4260 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:47:25.0681 4260 idsvc - ok
23:47:27.0272 4260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:47:27.0319 4260 iirsp - ok
23:47:27.0475 4260 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:47:27.0506 4260 IKEEXT - ok
23:47:27.0569 4260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:47:27.0584 4260 intelide - ok
23:47:27.0616 4260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:47:27.0631 4260 intelppm - ok
23:47:27.0787 4260 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:47:27.0834 4260 IPBusEnum - ok
23:47:27.0990 4260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:47:28.0021 4260 IpFilterDriver - ok
23:47:28.0115 4260 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:47:28.0146 4260 iphlpsvc - ok
23:47:28.0162 4260 IpInIp - ok
23:47:28.0208 4260 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:47:28.0255 4260 IPMIDRV - ok
23:47:28.0630 4260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:47:28.0676 4260 IPNAT - ok
23:47:28.0942 4260 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:47:28.0973 4260 iPod Service - ok
23:47:29.0144 4260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:47:29.0191 4260 IRENUM - ok
23:47:29.0488 4260 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:47:29.0503 4260 isapnp - ok
23:47:29.0566 4260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:47:29.0581 4260 iScsiPrt - ok
23:47:29.0612 4260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:47:29.0628 4260 iteatapi - ok
23:47:29.0659 4260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:47:29.0675 4260 iteraid - ok
23:47:29.0815 4260 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:47:29.0831 4260 IviRegMgr - ok
23:47:30.0002 4260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:47:30.0018 4260 kbdclass - ok
23:47:30.0127 4260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:47:30.0158 4260 kbdhid - ok
23:47:30.0205 4260 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:47:30.0268 4260 KeyIso - ok
23:47:30.0299 4260 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:47:30.0330 4260 KSecDD - ok
23:47:30.0392 4260 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:47:30.0424 4260 KtmRm - ok
23:47:30.0673 4260 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
23:47:30.0720 4260 LanmanServer - ok
23:47:30.0923 4260 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:47:30.0938 4260 LanmanWorkstation - ok
23:47:30.0985 4260 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:47:31.0001 4260 LHidFilt - ok
23:47:31.0063 4260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:47:31.0110 4260 lltdio - ok
23:47:31.0375 4260 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:47:31.0438 4260 lltdsvc - ok
23:47:31.0484 4260 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:47:31.0562 4260 lmhosts - ok
23:47:31.0594 4260 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:47:31.0594 4260 LMouFilt - ok
23:47:31.0672 4260 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:47:31.0687 4260 LSI_FC - ok
23:47:31.0734 4260 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:47:31.0750 4260 LSI_SAS - ok
23:47:31.0984 4260 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:47:31.0984 4260 LSI_SCSI - ok
23:47:32.0467 4260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:47:32.0530 4260 luafv - ok
23:47:32.0561 4260 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:47:32.0576 4260 Mcx2Svc - ok
23:47:32.0748 4260 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:47:32.0764 4260 MDM - ok
23:47:32.0857 4260 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:47:32.0873 4260 mdmxsdk - ok
23:47:32.0920 4260 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:47:32.0935 4260 megasas - ok
23:47:33.0060 4260 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:47:33.0091 4260 MMCSS - ok
23:47:33.0247 4260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:47:33.0294 4260 Modem - ok
23:47:33.0590 4260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:47:33.0653 4260 monitor - ok
23:47:33.0731 4260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:47:33.0746 4260 mouclass - ok
23:47:33.0871 4260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:47:33.0918 4260 mouhid - ok
23:47:33.0949 4260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:47:33.0965 4260 MountMgr - ok
23:47:34.0027 4260 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:47:34.0043 4260 MozillaMaintenance - ok
23:47:34.0729 4260 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:47:34.0760 4260 MpFilter - ok
23:47:35.0057 4260 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:47:35.0072 4260 mpio - ok
23:47:35.0603 4260 MpKsl0dd545f3 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B6AFD09-B985-4C1B-BBEE-6C1635E8B201}\MpKsl0dd545f3.sys
23:47:35.0618 4260 MpKsl0dd545f3 - ok
23:47:35.0696 4260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:47:35.0712 4260 mpsdrv - ok
23:47:35.0962 4260 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:47:36.0008 4260 MpsSvc - ok
23:47:36.0071 4260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:47:36.0071 4260 Mraid35x - ok
23:47:36.0133 4260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:47:36.0149 4260 MRxDAV - ok
23:47:36.0196 4260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:47:36.0227 4260 mrxsmb - ok
23:47:36.0274 4260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:47:36.0320 4260 mrxsmb10 - ok
23:47:36.0352 4260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:47:36.0383 4260 mrxsmb20 - ok
23:47:36.0430 4260 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
23:47:36.0430 4260 msahci - ok
23:47:36.0757 4260 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
23:47:36.0773 4260 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
23:47:36.0773 4260 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
23:47:36.0804 4260 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:47:36.0820 4260 msdsm - ok
23:47:37.0288 4260 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:47:37.0303 4260 MSDTC - ok
23:47:37.0459 4260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:47:37.0490 4260 Msfs - ok
23:47:37.0553 4260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:47:37.0568 4260 msisadrv - ok
23:47:37.0615 4260 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:47:37.0678 4260 MSiSCSI - ok
23:47:37.0678 4260 msiserver - ok
23:47:37.0724 4260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:47:37.0771 4260 MSKSSRV - ok
23:47:37.0865 4260 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:47:37.0880 4260 MsMpSvc - ok
23:47:37.0896 4260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:47:37.0927 4260 MSPCLOCK - ok
23:47:37.0958 4260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:47:38.0005 4260 MSPQM - ok
23:47:38.0177 4260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:47:38.0192 4260 MsRPC - ok
23:47:38.0458 4260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:47:38.0473 4260 mssmbios - ok
23:47:38.0489 4260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:47:38.0536 4260 MSTEE - ok
23:47:38.0551 4260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:47:38.0567 4260 Mup - ok
23:47:38.0614 4260 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:47:38.0629 4260 napagent - ok
23:47:38.0692 4260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:47:38.0707 4260 NativeWifiP - ok
23:47:38.0816 4260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:47:38.0863 4260 NDIS - ok
23:47:38.0894 4260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:47:38.0926 4260 NdisTapi - ok
23:47:38.0988 4260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:47:39.0019 4260 Ndisuio - ok
23:47:39.0050 4260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:47:39.0097 4260 NdisWan - ok
23:47:39.0128 4260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:47:39.0144 4260 NDProxy - ok
23:47:39.0253 4260 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll
23:47:39.0269 4260 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:47:39.0269 4260 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:47:39.0316 4260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:47:39.0347 4260 NetBIOS - ok
23:47:39.0799 4260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:47:39.0815 4260 netbt - ok
23:47:39.0940 4260 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:47:39.0955 4260 Netlogon - ok
23:47:40.0111 4260 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:47:40.0174 4260 Netman - ok
23:47:40.0813 4260 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:47:40.0860 4260 netprofm - ok
23:47:41.0047 4260 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:47:41.0078 4260 NetTcpPortSharing - ok
23:47:42.0030 4260 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
23:47:42.0248 4260 NETw4v32 - ok
23:47:42.0810 4260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:47:42.0826 4260 nfrd960 - ok
23:47:42.0857 4260 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:47:42.0872 4260 NisDrv - ok
23:47:43.0106 4260 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:47:43.0122 4260 NisSrv - ok
23:47:43.0262 4260 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:47:43.0325 4260 NlaSvc - ok
23:47:43.0387 4260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:47:43.0403 4260 Npfs - ok
23:47:43.0434 4260 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:47:43.0465 4260 nsi - ok
23:47:43.0543 4260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:47:43.0559 4260 nsiproxy - ok
23:47:43.0715 4260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:47:43.0808 4260 Ntfs - ok
23:47:43.0855 4260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:47:43.0918 4260 ntrigdigi - ok
23:47:43.0964 4260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:47:43.0996 4260 Null - ok
23:47:44.0947 4260 nvlddmkm (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:47:46.0226 4260 nvlddmkm - ok
23:47:47.0474 4260 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:47:47.0490 4260 nvraid - ok
23:47:47.0521 4260 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:47:47.0537 4260 nvstor - ok
23:47:47.0911 4260 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:47:47.0927 4260 nv_agp - ok
23:47:47.0927 4260 NwlnkFlt - ok
23:47:47.0942 4260 NwlnkFwd - ok
23:47:48.0925 4260 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:47:48.0941 4260 odserv - ok
23:47:49.0128 4260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:47:49.0159 4260 ohci1394 - ok
23:47:49.0222 4260 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:47:49.0237 4260 ose - ok
23:47:49.0346 4260 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:47:49.0424 4260 p2pimsvc - ok
23:47:49.0440 4260 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:47:49.0471 4260 p2psvc - ok
23:47:49.0643 4260 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
23:47:49.0643 4260 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
23:47:49.0643 4260 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
23:47:49.0892 4260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:47:49.0939 4260 Parport - ok
23:47:50.0282 4260 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:47:50.0314 4260 partmgr - ok
23:47:50.0345 4260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:47:50.0392 4260 Parvdm - ok
23:47:50.0454 4260 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:47:50.0485 4260 PcaSvc - ok
23:47:50.0735 4260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:47:50.0750 4260 pci - ok
23:47:50.0938 4260 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
23:47:50.0953 4260 pciide - ok
23:47:51.0000 4260 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
23:47:51.0016 4260 pcmcia - ok
23:47:51.0078 4260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:47:51.0203 4260 PEAUTH - ok
23:47:51.0998 4260 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:47:52.0108 4260 pla - ok
23:47:53.0044 4260 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:47:53.0090 4260 PlugPlay - ok
23:47:53.0137 4260 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll
23:47:53.0137 4260 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:47:53.0137 4260 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:47:53.0574 4260 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:47:53.0590 4260 PNRPAutoReg - ok
23:47:53.0605 4260 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:47:53.0621 4260 PNRPsvc - ok
23:47:54.0011 4260 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:47:54.0073 4260 PolicyAgent - ok
23:47:54.0619 4260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:47:54.0635 4260 PptpMiniport - ok
23:47:54.0713 4260 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:47:54.0775 4260 Processor - ok
23:47:54.0822 4260 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:47:54.0853 4260 ProfSvc - ok
23:47:54.0884 4260 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:47:54.0900 4260 ProtectedStorage - ok
23:47:55.0025 4260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:47:55.0056 4260 PSched - ok
23:47:55.0352 4260 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:47:55.0384 4260 PxHelp20 - ok
23:47:55.0540 4260 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:47:55.0602 4260 ql2300 - ok
23:47:55.0664 4260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:47:55.0680 4260 ql40xx - ok
23:47:55.0727 4260 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:47:55.0758 4260 QWAVE - ok
23:47:55.0789 4260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:47:55.0820 4260 QWAVEdrv - ok
23:47:56.0039 4260 R5U870FLx86 (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys
23:47:56.0086 4260 R5U870FLx86 - ok
23:47:56.0101 4260 R5U870FUx86 (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys
23:47:56.0117 4260 R5U870FUx86 - ok
23:47:56.0242 4260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:47:56.0288 4260 RasAcd - ok
23:47:56.0335 4260 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:47:56.0366 4260 RasAuto - ok
23:47:56.0398 4260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:47:56.0429 4260 Rasl2tp - ok
23:47:56.0491 4260 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:47:56.0538 4260 RasMan - ok
23:47:56.0569 4260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:47:56.0585 4260 RasPppoe - ok
23:47:56.0678 4260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:47:56.0710 4260 RasSstp - ok
23:47:56.0756 4260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:47:56.0772 4260 rdbss - ok
23:47:56.0819 4260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:47:56.0850 4260 RDPCDD - ok
23:47:56.0881 4260 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:47:56.0944 4260 rdpdr - ok
23:47:56.0944 4260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:47:56.0990 4260 RDPENCDD - ok
23:47:57.0864 4260 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:47:57.0864 4260 RDPWD - ok
23:47:57.0989 4260 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
23:47:58.0020 4260 regi - ok
23:47:58.0067 4260 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:47:58.0082 4260 RemoteAccess - ok
23:47:58.0129 4260 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:47:58.0192 4260 RemoteRegistry - ok
23:47:58.0238 4260 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
23:47:58.0285 4260 RFCOMM - ok
23:47:58.0379 4260 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:47:58.0457 4260 RpcLocator - ok
23:47:58.0628 4260 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
23:47:58.0660 4260 RpcSs - ok
23:47:58.0722 4260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:47:58.0769 4260 rspndr - ok
23:47:58.0878 4260 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:47:58.0894 4260 SamSs - ok
23:47:59.0065 4260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:47:59.0081 4260 sbp2port - ok
23:47:59.0377 4260 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:47:59.0393 4260 SCardSvr - ok
23:48:00.0110 4260 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:48:00.0157 4260 Schedule - ok
23:48:00.0173 4260 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:48:00.0188 4260 SCPolicySvc - ok
23:48:00.0890 4260 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:48:00.0953 4260 SDRSVC - ok
23:48:00.0968 4260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:48:01.0062 4260 secdrv - ok
23:48:01.0093 4260 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:48:01.0124 4260 seclogon - ok
23:48:01.0265 4260 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
23:48:01.0312 4260 SENS - ok
23:48:01.0327 4260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:48:01.0358 4260 Serenum - ok
23:48:01.0780 4260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:48:01.0873 4260 Serial - ok
23:48:01.0920 4260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:48:01.0936 4260 sermouse - ok
23:48:01.0982 4260 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:48:02.0014 4260 SessionEnv - ok
23:48:02.0123 4260 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:48:02.0170 4260 sffdisk - ok
23:48:02.0216 4260 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:48:02.0263 4260 sffp_mmc - ok
23:48:02.0419 4260 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:48:02.0497 4260 sffp_sd - ok
23:48:02.0513 4260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
23:48:02.0544 4260 sfloppy - ok
23:48:02.0669 4260 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:48:02.0700 4260 SharedAccess - ok
23:48:02.0856 4260 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:48:02.0887 4260 ShellHWDetection - ok
23:48:02.0934 4260 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:48:02.0981 4260 sisagp - ok
23:48:03.0012 4260 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:48:03.0012 4260 SiSRaid2 - ok
23:48:03.0059 4260 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:48:03.0059 4260 SiSRaid4 - ok
23:48:03.0355 4260 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:48:03.0542 4260 slsvc - ok
23:48:03.0730 4260 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:48:03.0761 4260 SLUINotify - ok
23:48:03.0917 4260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:48:03.0948 4260 Smb - ok
23:48:04.0010 4260 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
23:48:04.0026 4260 SNC - ok
23:48:04.0057 4260 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:48:04.0073 4260 SNMPTRAP - ok
23:48:04.0229 4260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:48:04.0244 4260 spldr - ok
23:48:04.0322 4260 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:48:04.0354 4260 Spooler - ok
23:48:04.0822 4260 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
23:48:04.0822 4260 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
23:48:04.0822 4260 SPTISRV - detected UnsignedFile.Multi.Generic (1)
23:48:05.0180 4260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:48:05.0227 4260 srv - ok
23:48:05.0336 4260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:48:05.0368 4260 srv2 - ok
23:48:05.0461 4260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:48:05.0477 4260 srvnet - ok
23:48:05.0539 4260 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:48:05.0617 4260 SSDPSRV - ok
23:48:05.0664 4260 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:48:05.0680 4260 SstpSvc - ok
23:48:05.0726 4260 ssudmdm (e3d493bfb7cd108ec50b2f560c96367c) C:\Windows\system32\DRIVERS\ssudmdm.sys
23:48:05.0742 4260 ssudmdm - ok
23:48:05.0804 4260 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\stacsv.exe
23:48:05.0851 4260 STacSV - ok
23:48:05.0898 4260 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
23:48:05.0898 4260 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:48:05.0898 4260 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:48:05.0945 4260 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
23:48:05.0992 4260 STHDA - ok
23:48:06.0085 4260 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
23:48:06.0101 4260 StillCam - ok
23:48:06.0179 4260 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:48:06.0257 4260 stisvc - ok
23:48:06.0397 4260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:48:06.0413 4260 swenum - ok
23:48:06.0475 4260 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:48:06.0491 4260 swprv - ok
23:48:06.0538 4260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:48:06.0553 4260 Symc8xx - ok
23:48:06.0584 4260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:48:06.0584 4260 Sym_hi - ok
23:48:06.0616 4260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:48:06.0631 4260 Sym_u3 - ok
23:48:07.0193 4260 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:48:07.0255 4260 SysMain - ok
23:48:07.0286 4260 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:48:07.0318 4260 TabletInputService - ok
23:48:08.0222 4260 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:48:08.0254 4260 TapiSrv - ok
23:48:08.0612 4260 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:48:08.0659 4260 TBS - ok
23:48:09.0236 4260 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
23:48:09.0299 4260 Tcpip - ok
23:48:09.0299 4260 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
23:48:09.0361 4260 Tcpip6 - ok
23:48:09.0704 4260 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
23:48:09.0751 4260 tcpipreg - ok
23:48:09.0782 4260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:48:09.0814 4260 TDPIPE - ok
23:48:09.0845 4260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:48:09.0892 4260 TDTCP - ok
23:48:10.0204 4260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:48:10.0266 4260 tdx - ok
23:48:10.0562 4260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:48:10.0594 4260 TermDD - ok
23:48:10.0687 4260 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:48:10.0750 4260 TermService - ok
23:48:10.0874 4260 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:48:10.0906 4260 Themes - ok
23:48:10.0921 4260 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:48:10.0952 4260 THREADORDER - ok
23:48:11.0155 4260 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
23:48:11.0202 4260 ti21sony - ok
23:48:11.0233 4260 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:48:11.0264 4260 TrkWks - ok
23:48:11.0327 4260 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:48:11.0358 4260 TrustedInstaller - ok
23:48:11.0405 4260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:48:11.0436 4260 tssecsrv - ok
23:48:11.0467 4260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:48:11.0483 4260 tunmp - ok
23:48:11.0514 4260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:48:11.0530 4260 tunnel - ok
23:48:11.0904 4260 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:48:11.0951 4260 uagp35 - ok
23:48:12.0263 4260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:48:12.0278 4260 udfs - ok
23:48:12.0590 4260 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:48:12.0653 4260 UI0Detect - ok
23:48:12.0668 4260 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:48:12.0684 4260 uliagpkx - ok
23:48:12.0715 4260 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:48:12.0746 4260 uliahci - ok
23:48:12.0762 4260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:48:12.0778 4260 UlSata - ok
23:48:12.0793 4260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:48:12.0809 4260 ulsata2 - ok
23:48:12.0856 4260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:48:12.0918 4260 umbus - ok
23:48:13.0168 4260 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:48:13.0199 4260 upnphost - ok
23:48:13.0246 4260 USBAAPL - ok
23:48:13.0292 4260 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:48:13.0324 4260 usbaudio - ok
23:48:13.0355 4260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:48:13.0370 4260 usbccgp - ok
23:48:13.0698 4260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:48:13.0776 4260 usbcir - ok
23:48:13.0838 4260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:48:13.0854 4260 usbehci - ok
23:48:14.0041 4260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:48:14.0072 4260 usbhub - ok
23:48:14.0197 4260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:48:14.0260 4260 usbohci - ok
23:48:14.0306 4260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:48:14.0338 4260 usbprint - ok
23:48:14.0369 4260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:48:14.0400 4260 usbscan - ok
23:48:14.0462 4260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:48:14.0494 4260 USBSTOR - ok
23:48:14.0618 4260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:48:14.0650 4260 usbuhci - ok
23:48:14.0712 4260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:48:14.0774 4260 usbvideo - ok
23:48:14.0915 4260 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:48:14.0930 4260 UxSms - ok
23:48:15.0336 4260 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
23:48:15.0336 4260 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
23:48:15.0336 4260 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
23:48:15.0570 4260 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
23:48:15.0570 4260 VAIO Event Service - ok
23:48:16.0397 4260 VAIOMediaPlatform-IntegratedServer-AppServer (0a4cd617ed1f03c8b7310fc4871173a4) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
23:48:16.0600 4260 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
23:48:16.0600 4260 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
23:48:17.0317 4260 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
23:48:17.0364 4260 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
23:48:17.0364 4260 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
23:48:17.0504 4260 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
23:48:17.0536 4260 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
23:48:17.0536 4260 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
23:48:17.0676 4260 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
23:48:17.0692 4260 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
23:48:17.0692 4260 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
23:48:17.0754 4260 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
23:48:17.0770 4260 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
23:48:17.0770 4260 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
23:48:17.0816 4260 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
23:48:17.0910 4260 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
23:48:17.0910 4260 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
23:48:18.0113 4260 VcmIAlzMgr (5d325b6add78a111be62a3842cf05345) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
23:48:18.0128 4260 VcmIAlzMgr - ok
23:48:18.0737 4260 VcmXmlIfHelper (8fd247d84d168097d7bc3e4f21f3414d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
23:48:18.0784 4260 VcmXmlIfHelper - ok
23:48:18.0799 4260 Vcsw - ok
23:48:19.0174 4260 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:48:19.0220 4260 vds - ok
23:48:19.0361 4260 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:48:19.0423 4260 vga - ok
23:48:19.0688 4260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:48:19.0735 4260 VgaSave - ok
23:48:19.0782 4260 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:48:19.0782 4260 viaagp - ok
23:48:19.0813 4260 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:48:19.0860 4260 ViaC7 - ok
23:48:19.0891 4260 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
23:48:19.0907 4260 viaide - ok
23:48:19.0954 4260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:48:19.0969 4260 volmgr - ok
23:48:20.0125 4260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:48:20.0156 4260 volmgrx - ok
23:48:20.0266 4260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:48:20.0281 4260 volsnap - ok
23:48:20.0344 4260 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:48:20.0359 4260 vsmraid - ok
23:48:20.0609 4260 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:48:20.0827 4260 VSS - ok
23:48:21.0404 4260 VzCdbSvc (0b3244bab1fa37cf15fa7243504391a6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
23:48:21.0420 4260 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
23:48:21.0420 4260 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
23:48:21.0732 4260 VzFw (938fbfa83148dadd7db0b1303dccfa00) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
23:48:21.0732 4260 VzFw ( UnsignedFile.Multi.Generic ) - warning
23:48:21.0732 4260 VzFw - detected UnsignedFile.Multi.Generic (1)
23:48:22.0434 4260 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:48:22.0465 4260 W32Time - ok
23:48:22.0949 4260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:48:23.0011 4260 WacomPen - ok
23:48:23.0058 4260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:48:23.0105 4260 Wanarp - ok
23:48:23.0105 4260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:48:23.0120 4260 Wanarpv6 - ok
23:48:23.0401 4260 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:48:23.0448 4260 wcncsvc - ok
23:48:23.0604 4260 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:48:23.0651 4260 WcsPlugInService - ok
23:48:23.0713 4260 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:48:23.0729 4260 Wd - ok
23:48:24.0275 4260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:48:24.0337 4260 Wdf01000 - ok
23:48:24.0368 4260 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:48:24.0415 4260 WdiServiceHost - ok
23:48:24.0415 4260 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:48:24.0446 4260 WdiSystemHost - ok
23:48:25.0039 4260 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:48:25.0055 4260 WebClient - ok
23:48:25.0414 4260 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:48:25.0476 4260 Wecsvc - ok
23:48:25.0632 4260 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:48:25.0648 4260 wercplsupport - ok
23:48:25.0710 4260 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:48:25.0741 4260 WerSvc - ok
23:48:25.0788 4260 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
23:48:25.0804 4260 WimFltr - ok
23:48:25.0975 4260 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:48:26.0038 4260 winachsf - ok
23:48:26.0240 4260 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:48:26.0272 4260 WinDefend - ok
23:48:26.0272 4260 WinHttpAutoProxySvc - ok
23:48:26.0474 4260 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:48:26.0521 4260 Winmgmt - ok
23:48:26.0989 4260 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:48:27.0083 4260 WinRM - ok
23:48:27.0457 4260 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:48:27.0566 4260 Wlansvc - ok
23:48:27.0785 4260 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:48:27.0847 4260 WmiAcpi - ok
23:48:28.0206 4260 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:48:28.0237 4260 wmiApSrv - ok
23:48:28.0471 4260 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:48:28.0534 4260 WMPNetworkSvc - ok
23:48:29.0033 4260 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:48:29.0064 4260 WPCSvc - ok
23:48:29.0126 4260 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:48:29.0142 4260 WPDBusEnum - ok
23:48:29.0267 4260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:48:29.0267 4260 WpdUsb - ok
23:48:29.0501 4260 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:48:29.0516 4260 WPFFontCache_v0400 - ok
23:48:29.0626 4260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:48:29.0641 4260 ws2ifsl - ok
23:48:29.0704 4260 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
23:48:29.0719 4260 wscsvc - ok
23:48:29.0719 4260 WSearch - ok
23:48:30.0530 4260 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:48:30.0702 4260 wuauserv - ok
23:48:31.0061 4260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:48:31.0108 4260 WUDFRd - ok
23:48:31.0326 4260 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:48:31.0404 4260 wudfsvc - ok
23:48:31.0498 4260 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
23:48:31.0529 4260 XAudio - ok
23:48:31.0576 4260 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
23:48:31.0622 4260 XAudioService - ok
23:48:31.0669 4260 yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
23:48:31.0716 4260 yukonwlh - ok
23:48:31.0763 4260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:48:32.0012 4260 \Device\Harddisk0\DR0 - ok
23:48:32.0044 4260 Boot (0x1200) (eca5fb3e6c1e450a1d26c6112a1e8561) \Device\Harddisk0\DR0\Partition0
23:48:32.0075 4260 \Device\Harddisk0\DR0\Partition0 - ok
23:48:32.0075 4260 ============================================================
23:48:32.0075 4260 Scan finished
23:48:32.0075 4260 ============================================================
23:48:32.0075 4052 Detected object count: 17
23:48:32.0075 4052 Actual detected object count: 17
23:49:24.0491 4052 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0491 4052 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0491 4052 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0491 4052 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0491 4052 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0491 4052 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0491 4052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0491 4052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0506 4052 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0522 4052 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0522 4052 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0522 4052 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:24.0522 4052 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
23:49:24.0522 4052 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:49:36.0472 5412 Deinitialize success



OTL logfile created on: 11/05/2012 23:50:29 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Paul\Desktop\malware clean up
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.70% Memory free
4.23 Gb Paging File | 3.24 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.99 Gb Total Space | 60.55 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

Computer Name: KARIN-KIM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: meraksmtp - File not found
NetSvcs: asc3550 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

< End of report >


OTL only seemed to open OTL.TXT after it finished. It did not create an extra.txt this time

#11 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:07 PM

Posted 12 May 2012 - 05:11 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    NetSvcs: meraksmtp - File not found
    NetSvcs: asc3550 - File not found
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users