I'm being redirected from Google searches

Solved
By Ardat
Apr 4, 2012
  1. The system has recently been infiltrated by SMARTHDD, provoking a series a fake integrity problems messages. I managed to remove it, but since then, I'm periodically being redirected from Google searches to random sites. After seeking informations, I made a few attempts to remove to problem (Gmer, Smitfraudfix, SUPERAntiSpyware), but nothing seems to work. I also attempted to remove the malware manually using a linux partition, but I can't locate it. I really don't know what else to do, except actively asking for help or reinstalling Windows completely, and I'd rather avoid the latter option. I'd be extremely thankful if you could help me.

    Gmer doesn't spot any problem, but an exception pops up when I launch it [LoadDriver("C:\...\awlyyuoc.sys") error 0XC000010E An instance of the service is already running.] and I can only scan the services, registry and files with it. As for my mbytes and DDL logs, here they are:

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.04.02

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Afunakwa :: AFUNAKWA_LAPTOP [administrator]

    4/04/2012 12:52:25
    mbam-log-2012-04-04 (12-52-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 188062
    Time elapsed: 11 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Afunakwa at 13:06:09 on 2012-04-04
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.403 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\afunakwa\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.10
    TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892} : DhcpNameServer = 192.168.0.10
    TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\2416271636B656E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\2456C6B696E6F574F505C65737F5D494D4F4F5632373334333 : DhcpNameServer = 195.54.122.198 195.54.122.199
    TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\3547F636B686F6C6D637F53747164637269626C696F64756B6 : DhcpNameServer = 172.21.127.4
    TCP: Interfaces\{4E8BC692-EB45-43D7-97BF-96B1DAF0E06D} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-1-19 63616]
    R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-1-19 32384]
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-7 218688]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-6 176128]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2010-11-18 284160]
    R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\sony\vaio care\VCPerfService.exe [2011-1-19 187792]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-1-19 104960]
    R2 VSNService;VSNService;c:\program files\sony\vaio smart network\VSNService.exe [2011-1-19 704512]
    R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-1-19 37944]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-6 6574080]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-6 229888]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-1-19 17408]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-6 102416]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-1-19 297000]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-19 33320]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-1 68208]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-1-19 186912]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-6-2 9344]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-1-19 30464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-14 214016]
    S3 HPEPZWX;HPEPZWX;c:\users\afunakwa\appdata\local\temp\hpepzwx.exe --> c:\users\afunakwa\appdata\local\temp\HPEPZWX.exe [?]
    S3 IYYXY;IYYXY;c:\users\afunakwa\appdata\local\temp\iyyxy.exe --> c:\users\afunakwa\appdata\local\temp\IYYXY.exe [?]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 QKGZZFJK;QKGZZFJK;c:\users\afunakwa\appdata\local\temp\qkgzzfjk.exe --> c:\users\afunakwa\appdata\local\temp\QKGZZFJK.exe [?]
    S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-9-10 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-10-12 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-9-10 67952]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-9-27 222464]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-9-27 864000]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-10-25 549168]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-10-25 387896]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-10-25 84256]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2011-1-19 746864]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-8 1343400]
    S3 XZYUIJ;XZYUIJ;c:\users\afunakwa\appdata\local\temp\xzyuij.exe --> c:\users\afunakwa\appdata\local\temp\XZYUIJ.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-04-04 10:33:52 691 ----a-w- c:\users\afunakwa\appdata\roaming\GetValue.vbs
    2012-04-04 10:33:52 35 ----a-w- c:\users\afunakwa\appdata\roaming\SetValue.bat
    2012-04-04 10:12:19 3586 ----a-w- c:\windows\system32\tmp.reg
    2012-04-04 05:57:29 -------- d-----w- c:\users\afunakwa\appdata\roaming\SUPERAntiSpyware.com
    2012-04-04 05:56:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-04-04 05:56:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-03 15:59:38 -------- d-----w- c:\users\afunakwa\appdata\roaming\Process Hacker 2
    2012-04-03 15:48:37 -------- d-----w- c:\program files\Process Hacker 2
    2012-04-03 15:04:45 -------- d-----w- c:\programdata\SecTaskMan
    2012-04-02 20:10:09 -------- d-----r- c:\program files\Skype
    2012-04-02 17:15:12 355 ----a-w- C:\Start_.cmd
    2012-04-02 17:15:11 -------- d-----w- C:\ComboFix
    2012-04-02 16:45:51 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-04-02 14:51:53 -------- d-----w- c:\users\afunakwa\appdata\roaming\Wise Registry Cleaner
    2012-04-02 14:50:57 -------- d-----w- c:\program files\Wise
    2012-04-02 14:35:21 -------- d-----w- c:\program files\RegistryNuke 2012
    2012-04-01 10:38:11 -------- d-----w- C:\found.000
    2012-04-01 09:22:41 -------- d---a-w- C:\.Trash-1000
    2012-04-01 09:19:41 -------- d-----w- c:\users\afunakwa\appdata\roaming\Malwarebytes
    2012-04-01 09:19:32 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-01 09:19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-01 06:47:07 -------- d-----w- c:\users\afunakwa\appdata\local\{2DD712B5-7AA5-461E-8E08-A8D4EF4AEE35}
    2012-03-31 16:47:20 -------- d-----w- c:\users\afunakwa\appdata\local\{D9A82576-0E67-45AF-97D8-1A4F4CB7B398}
    2012-03-28 20:30:34 -------- d-----w- c:\users\afunakwa\appdata\local\{FF64F043-0868-4A27-8EBA-F4ECDA300D36}
    2012-03-28 20:30:19 -------- d-----w- c:\users\afunakwa\appdata\local\{4AAA978F-2E35-4898-8C34-8E76EB0E13F1}
    2012-03-21 20:17:37 -------- d-----w- c:\users\afunakwa\appdata\local\{2BA32D5A-95AF-4693-A7AE-145098D92640}
    2012-03-21 20:17:31 -------- d-----w- c:\users\afunakwa\appdata\local\{B96D3F17-9916-4F90-9BB6-433F653254C0}
    2012-03-18 23:33:09 -------- d-----w- c:\users\afunakwa\appdata\local\{40E4B9E5-CF60-4876-AC00-6052E2BA97BF}
    2012-03-18 23:32:55 -------- d-----w- c:\users\afunakwa\appdata\local\{38229EAD-4219-4D64-9159-F03F1F9805CF}
    2012-03-18 14:50:28 -------- d-----w- c:\users\afunakwa\appdata\local\{17CE50C8-C8E1-4185-83F9-5CE6BB3F0727}
    2012-03-18 14:50:20 -------- d-----w- c:\users\afunakwa\appdata\local\{2CE06B02-5477-42A1-8DC6-5201C2139D0C}
    2012-03-17 23:05:51 -------- d-----w- c:\users\afunakwa\appdata\local\{BDA8695B-B295-4852-9640-95315D174567}
    2012-03-17 02:16:02 -------- d-----w- c:\users\afunakwa\appdata\local\{3E369F04-5A75-4CC7-93E4-D06E7C4E74F4}
    2012-03-17 02:16:00 -------- d-----w- c:\users\afunakwa\appdata\local\{525BF40E-3383-4E9E-AD52-FABE299E77A8}
    2012-03-16 02:01:35 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-16 02:01:28 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-15 08:00:47 -------- d-----w- c:\users\afunakwa\appdata\local\{D454BA2D-1F57-4966-93EB-1E69AEBB01B9}
    2012-03-15 08:00:42 -------- d-----w- c:\users\afunakwa\appdata\local\{4F96D523-F531-4F2E-BE71-6B412C8A4664}
    2012-03-14 07:38:06 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 07:38:04 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 07:38:04 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 07:38:03 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 07:38:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 07:38:03 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 07:37:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 07:37:30 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 07:37:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 07:37:27 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 07:37:25 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-14 07:37:25 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 23:00:37 -------- d-----w- c:\users\afunakwa\appdata\local\{A70AC7AC-7712-4DE5-A03C-B63527FC1F19}
    2012-03-13 23:00:30 -------- d-----w- c:\users\afunakwa\appdata\local\{6DC55C1B-B4AA-4F90-A056-7FCD0366E468}
    2012-03-06 00:30:42 -------- d-----w- c:\users\afunakwa\appdata\local\{BE0704E2-D154-48C9-8CC0-04BCEB6EA1F0}
    2012-03-05 12:30:47 -------- d-----w- c:\users\afunakwa\appdata\local\{BA35BF6D-3C52-4A10-8A0E-F87D6670C9BF}
    .
    ==================== Find3M ====================
    .
    2012-04-02 15:08:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-16 02:10:59 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-02-16 02:10:59 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-02-16 02:10:55 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-16 02:10:54 35840 ----a-w- c:\windows\system32\imgutil.dll
    .
    ============= FINISH: 13:13:39,62 ===============


    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/06/2011 12:58:36
    System Uptime: 4/04/2012 12:39:37 (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: AMD E-350 Processor | N/A | 800/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 167 GiB total, 14,344 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP148: 2/04/2012 17:06:22 - Installed Java(TM) 6 Update 31
    RP149: 2/04/2012 21:59:44 - Removed Skype™ 5.8
    RP150: 2/04/2012 22:04:30 - Removed Skype™ 5.8
    RP151: 2/04/2012 22:08:30 - Removed Skype™ 5.5
    RP152: 3/04/2012 20:37:20 - Installed ESET NOD32 Antivirus
    RP153: 4/04/2012 03:00:17 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    ????? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ???????? ?????????? Windows Live
    ????????? Messenger
    ?????????? Windows Live
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.0 MUI
    AMD Fuel
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 4
    ATI Catalyst Install Manager
    µTorrent
    AVG 2012
    Beyond Good & Evil
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    Complément Messenger
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    D3DX10
    DAEMON Tools Lite
    DjVuLibre+DjView
    Document Express DjVu Plug-in
    EasyBCD 2.1
    Evernote
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mass Effect
    Mass Effect 2
    Media Gallery
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Norton Online Backup
    NVIDIA PhysX
    OpenOffice.org 3.3
    Opera 11.62
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition Plug-in
    Portal
    Portal 2
    Process Hacker 2.27 (r4957)
    Raccolta foto di Windows Live
    Rampant Logic Postscript Viewer 1.1
    Reader for PC
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Remote Keyboard
    Remote Play with PlayStation 3
    Remote Play with PlayStation®3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Sexy Beach 3
    Skype™ 4.2
    Star Wars®: Knights of the Old Republic (TM)
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition Plug-in
    VAIO - Remote Keyboard
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Manual
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Sample Contents
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VLC media player 1.1.11
    WIDCOMM Bluetooth Software
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalerie
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    Wise Registry Cleaner 7.12
    WMV9/VC-1 Video Playback
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/04/2012 12:44:29, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
    4/04/2012 12:40:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: evsewoi
    4/04/2012 12:38:41, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/04/2012 12:20:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/04/2012 12:20:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/04/2012 12:20:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache ehdrv evsewoi NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/04/2012 12:20:14, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/04/2012 20:41:50, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  3. Ardat

    Ardat Newcomer, in training Topic Starter

    I can't launch aswMBR

    Thank you for helping me.

    I tried to launch aswMBR.exe several times, without results. I then restarted my computer and tried again, but it made no difference.
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Proceed with Bootkit Remover.
  5. Ardat

    Ardat Newcomer, in training Topic Starter

    Here's bootkit's data:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`9d300000

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. Ardat

    Ardat Newcomer, in training Topic Starter

    Here's the TDSSKiller's log:

    20:22:56.0473 5596 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
    20:22:56.0950 5596 ============================================================
    20:22:56.0950 5596 Current date / time: 2012/04/04 20:22:56.0950
    20:22:56.0950 5596 SystemInfo:
    20:22:56.0950 5596
    20:22:56.0950 5596 OS Version: 6.1.7600 ServicePack: 0.0
    20:22:56.0950 5596 Product type: Workstation
    20:22:56.0950 5596 ComputerName: AFUNAKWA_LAPTOP
    20:22:56.0953 5596 UserName: Afunakwa
    20:22:56.0953 5596 Windows directory: C:\Windows
    20:22:56.0953 5596 System windows directory: C:\Windows
    20:22:56.0953 5596 Processor architecture: Intel x86
    20:22:56.0953 5596 Number of processors: 2
    20:22:56.0953 5596 Page size: 0x1000
    20:22:56.0953 5596 Boot type: Normal boot
    20:22:56.0953 5596 ============================================================
    20:22:58.0543 5596 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:22:58.0548 5596 \Device\Harddisk0\DR0:
    20:22:58.0548 5596 MBR used
    20:22:58.0548 5596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14B7800, BlocksNum 0x32000
    20:22:58.0548 5596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14E9800, BlocksNum 0x14E88AB0
    20:22:58.0660 5596 Initialize success
    20:22:58.0660 5596 ============================================================
    20:23:07.0810 5184 ============================================================
    20:23:07.0810 5184 Scan started
    20:23:07.0810 5184 Mode: Manual;
    20:23:07.0810 5184 ============================================================
    20:23:10.0773 5184 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    20:23:10.0818 5184 !SASCORE - ok
    20:23:11.0110 5184 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
    20:23:11.0118 5184 1394ohci - ok
    20:23:11.0225 5184 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    20:23:11.0235 5184 ACDaemon - ok
    20:23:11.0325 5184 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    20:23:11.0333 5184 ACPI - ok
    20:23:11.0398 5184 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    20:23:11.0403 5184 AcpiPmi - ok
    20:23:11.0510 5184 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    20:23:11.0520 5184 adp94xx - ok
    20:23:11.0635 5184 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    20:23:11.0643 5184 adpahci - ok
    20:23:11.0670 5184 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    20:23:11.0675 5184 adpu320 - ok
    20:23:11.0718 5184 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    20:23:11.0740 5184 AeLookupSvc - ok
    20:23:11.0870 5184 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
    20:23:11.0880 5184 AFD - ok
    20:23:11.0925 5184 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    20:23:11.0930 5184 agp440 - ok
    20:23:12.0045 5184 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    20:23:12.0050 5184 aic78xx - ok
    20:23:12.0118 5184 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    20:23:12.0120 5184 ALG - ok
    20:23:12.0210 5184 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    20:23:12.0215 5184 aliide - ok
    20:23:12.0270 5184 AMD External Events Utility (4381a9a99f56b33dac58852669e300e8) C:\Windows\system32\atiesrxx.exe
    20:23:12.0275 5184 AMD External Events Utility - ok
    20:23:12.0338 5184 AMD FUEL Service - ok
    20:23:12.0410 5184 AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    20:23:12.0415 5184 AMD Reservation Manager - ok
    20:23:12.0515 5184 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    20:23:12.0523 5184 amdagp - ok
    20:23:12.0565 5184 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    20:23:12.0570 5184 amdide - ok
    20:23:12.0648 5184 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
    20:23:12.0653 5184 amdiox86 - ok
    20:23:12.0700 5184 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    20:23:12.0705 5184 AmdK8 - ok
    20:23:12.0980 5184 amdkmdag (5d3816a677ca50a618ad7138d2c21ced) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:23:13.0353 5184 amdkmdag - ok
    20:23:13.0433 5184 amdkmdap (f3dc5d5c36fee050a6c7204f0cb12c4c) C:\Windows\system32\DRIVERS\atikmpag.sys
    20:23:13.0440 5184 amdkmdap - ok
    20:23:13.0495 5184 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    20:23:13.0495 5184 AmdPPM - ok
    20:23:13.0603 5184 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
    20:23:13.0610 5184 amdsata - ok
    20:23:13.0645 5184 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    20:23:13.0660 5184 amdsbs - ok
    20:23:13.0688 5184 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
    20:23:13.0690 5184 amdxata - ok
    20:23:13.0718 5184 amd_sata (c67abecd78888b58bffa1f9c60c3153b) C:\Windows\system32\DRIVERS\amd_sata.sys
    20:23:13.0720 5184 amd_sata - ok
    20:23:13.0800 5184 amd_xata (acf7e74a5a813364d0c0bb101e1ac0d5) C:\Windows\system32\DRIVERS\amd_xata.sys
    20:23:13.0805 5184 amd_xata - ok
    20:23:13.0860 5184 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    20:23:13.0863 5184 AppID - ok
    20:23:13.0935 5184 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    20:23:13.0938 5184 AppIDSvc - ok
    20:23:13.0988 5184 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
    20:23:13.0990 5184 Appinfo - ok
    20:23:14.0088 5184 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    20:23:14.0096 5184 arc - ok
    20:23:14.0131 5184 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    20:23:14.0136 5184 arcsas - ok
    20:23:14.0188 5184 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    20:23:14.0193 5184 ArcSoftKsUFilter - ok
    20:23:14.0281 5184 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:23:14.0286 5184 AsyncMac - ok
    20:23:14.0321 5184 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    20:23:14.0323 5184 atapi - ok
    20:23:14.0463 5184 athr (92ce48a7b48d2f836a9706ae215a8caa) C:\Windows\system32\DRIVERS\athr.sys
    20:23:14.0501 5184 athr - ok
    20:23:14.0623 5184 AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
    20:23:14.0628 5184 AtiHDAudioService - ok
    20:23:14.0688 5184 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
    20:23:14.0701 5184 AudioEndpointBuilder - ok
    20:23:14.0723 5184 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
    20:23:14.0731 5184 Audiosrv - ok
    20:23:14.0978 5184 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    20:23:15.0246 5184 AVGIDSAgent - ok
    20:23:15.0343 5184 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    20:23:15.0353 5184 AVGIDSDriver - ok
    20:23:15.0386 5184 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    20:23:15.0388 5184 AVGIDSEH - ok
    20:23:15.0411 5184 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    20:23:15.0416 5184 AVGIDSFilter - ok
    20:23:15.0546 5184 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    20:23:15.0551 5184 AVGIDSShim - ok
    20:23:15.0621 5184 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    20:23:15.0631 5184 Avgldx86 - ok
    20:23:15.0716 5184 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    20:23:15.0736 5184 Avgmfx86 - ok
    20:23:15.0818 5184 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    20:23:15.0826 5184 Avgrkx86 - ok
    20:23:15.0926 5184 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    20:23:15.0933 5184 Avgtdix - ok
    20:23:16.0068 5184 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    20:23:16.0076 5184 avgwd - ok
    20:23:16.0148 5184 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
    20:23:16.0156 5184 AxInstSV - ok
    20:23:16.0251 5184 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    20:23:16.0268 5184 b06bdrv - ok
    20:23:16.0366 5184 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    20:23:16.0373 5184 b57nd60x - ok
    20:23:16.0418 5184 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    20:23:16.0421 5184 BDESVC - ok
    20:23:16.0493 5184 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    20:23:16.0498 5184 Beep - ok
    20:23:16.0563 5184 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
    20:23:16.0576 5184 BFE - ok
    20:23:16.0656 5184 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
    20:23:16.0771 5184 BITS - ok
    20:23:16.0908 5184 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    20:23:16.0916 5184 blbdrive - ok
    20:23:16.0971 5184 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    20:23:16.0976 5184 bowser - ok
    20:23:17.0071 5184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:23:17.0073 5184 BrFiltLo - ok
    20:23:17.0113 5184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:23:17.0116 5184 BrFiltUp - ok
    20:23:17.0263 5184 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    20:23:17.0268 5184 BridgeMP - ok
    20:23:17.0321 5184 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
    20:23:17.0326 5184 Browser - ok
    20:23:17.0438 5184 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    20:23:17.0446 5184 Brserid - ok
    20:23:17.0481 5184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    20:23:17.0486 5184 BrSerWdm - ok
    20:23:17.0571 5184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:23:17.0573 5184 BrUsbMdm - ok
    20:23:17.0646 5184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    20:23:17.0651 5184 BrUsbSer - ok
    20:23:17.0756 5184 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    20:23:17.0763 5184 BthEnum - ok
    20:23:17.0851 5184 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    20:23:17.0856 5184 BTHMODEM - ok
    20:23:17.0913 5184 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    20:23:17.0916 5184 BthPan - ok
    20:23:18.0021 5184 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
    20:23:18.0063 5184 BTHPORT - ok
    20:23:18.0511 5184 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    20:23:18.0513 5184 bthserv - ok
    20:23:18.0651 5184 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
    20:23:18.0663 5184 BTHUSB - ok
    20:23:18.0771 5184 btwampfl (525432cfd6d8c004860af7ecd0a84234) C:\Windows\system32\drivers\btwampfl.sys
    20:23:18.0781 5184 btwampfl - ok
    20:23:18.0908 5184 btwaudio (cf8799a563f734984d4e053cacec1426) C:\Windows\system32\drivers\btwaudio.sys
    20:23:18.0916 5184 btwaudio - ok
    20:23:19.0083 5184 btwavdt (9ed9932043d599aea04f6ea2d86964a1) C:\Windows\system32\DRIVERS\btwavdt.sys
    20:23:19.0088 5184 btwavdt - ok
    20:23:19.0268 5184 btwdins (110496cf8143fea63b7a31dad175829b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    20:23:19.0283 5184 btwdins - ok
    20:23:19.0406 5184 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\Windows\system32\DRIVERS\btwl2cap.sys
    20:23:19.0411 5184 btwl2cap - ok
    20:23:19.0453 5184 btwrchid (373d1bb0f7dc8f1931f9b7e0de3e9a30) C:\Windows\system32\DRIVERS\btwrchid.sys
    20:23:19.0458 5184 btwrchid - ok
    20:23:19.0548 5184 catchme - ok
    20:23:19.0656 5184 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    20:23:19.0663 5184 cdfs - ok
    20:23:19.0756 5184 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    20:23:19.0763 5184 cdrom - ok
    20:23:19.0876 5184 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
    20:23:19.0881 5184 CertPropSvc - ok
    20:23:19.0953 5184 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    20:23:19.0961 5184 circlass - ok
    20:23:20.0061 5184 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    20:23:20.0073 5184 CLFS - ok
    20:23:20.0151 5184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:23:20.0161 5184 clr_optimization_v2.0.50727_32 - ok
    20:23:20.0288 5184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:23:20.0316 5184 clr_optimization_v4.0.30319_32 - ok
    20:23:20.0393 5184 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:23:20.0398 5184 CmBatt - ok
    20:23:20.0443 5184 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    20:23:20.0446 5184 cmdide - ok
    20:23:20.0548 5184 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
    20:23:20.0573 5184 CNG - ok
    20:23:20.0638 5184 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    20:23:20.0643 5184 Compbatt - ok
    20:23:20.0791 5184 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    20:23:20.0798 5184 CompositeBus - ok
    20:23:20.0871 5184 COMSysApp - ok
    20:23:20.0923 5184 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    20:23:20.0926 5184 crcdisk - ok
    20:23:21.0021 5184 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
    20:23:21.0028 5184 CryptSvc - ok
    20:23:21.0146 5184 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
    20:23:21.0158 5184 DcomLaunch - ok
    20:23:21.0226 5184 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    20:23:21.0236 5184 defragsvc - ok
    20:23:21.0333 5184 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
    20:23:21.0343 5184 DfsC - ok
    20:23:21.0416 5184 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
    20:23:21.0423 5184 Dhcp - ok
    20:23:21.0501 5184 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    20:23:21.0506 5184 discache - ok
    20:23:21.0591 5184 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    20:23:21.0596 5184 Disk - ok
    20:23:21.0656 5184 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
    20:23:21.0661 5184 Dnscache - ok
    20:23:21.0716 5184 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
    20:23:21.0723 5184 dot3svc - ok
    20:23:21.0766 5184 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
    20:23:21.0771 5184 DPS - ok
    20:23:21.0846 5184 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    20:23:21.0851 5184 drmkaud - ok
    20:23:21.0946 5184 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    20:23:21.0956 5184 dtsoftbus01 - ok
    20:23:22.0036 5184 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    20:23:22.0051 5184 DXGKrnl - ok
    20:23:22.0163 5184 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
    20:23:22.0171 5184 e1yexpress - ok
    20:23:22.0233 5184 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    20:23:22.0238 5184 EapHost - ok
    20:23:22.0413 5184 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    20:23:22.0548 5184 ebdrv - ok
    20:23:22.0658 5184 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
    20:23:22.0661 5184 EFS - ok
    20:23:22.0723 5184 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
    20:23:22.0738 5184 ehRecvr - ok
    20:23:22.0791 5184 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    20:23:22.0796 5184 ehSched - ok
    20:23:22.0888 5184 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    20:23:23.0016 5184 elxstor - ok
    20:23:23.0396 5184 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    20:23:23.0401 5184 ErrDev - ok
    20:23:23.0498 5184 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    20:23:23.0508 5184 EventSystem - ok
    20:23:23.0548 5184 evsewoi - ok
    20:23:23.0601 5184 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    20:23:23.0608 5184 exfat - ok
    20:23:23.0698 5184 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    20:23:23.0708 5184 fastfat - ok
    20:23:23.0788 5184 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
    20:23:23.0803 5184 Fax - ok
    20:23:23.0906 5184 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    20:23:23.0911 5184 fdc - ok
    20:23:23.0951 5184 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    20:23:23.0956 5184 fdPHost - ok
    20:23:24.0001 5184 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    20:23:24.0003 5184 FDResPub - ok
    20:23:24.0048 5184 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    20:23:24.0053 5184 FileInfo - ok
    20:23:24.0076 5184 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    20:23:24.0086 5184 Filetrace - ok
    20:23:24.0191 5184 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:23:24.0196 5184 flpydisk - ok
    20:23:24.0243 5184 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    20:23:24.0251 5184 FltMgr - ok
    20:23:24.0301 5184 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
    20:23:24.0318 5184 FontCache - ok
    20:23:24.0386 5184 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    20:23:24.0391 5184 FontCache3.0.0.0 - ok
    20:23:24.0446 5184 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    20:23:24.0451 5184 FsDepends - ok
    20:23:24.0493 5184 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    20:23:24.0496 5184 Fs_Rec - ok
    20:23:24.0551 5184 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    20:23:24.0568 5184 fvevol - ok
    20:23:24.0646 5184 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:23:24.0651 5184 gagp30kx - ok
    20:23:24.0723 5184 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
    20:23:24.0736 5184 gpsvc - ok
    20:23:24.0811 5184 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    20:23:24.0813 5184 hcw85cir - ok
    20:23:24.0898 5184 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    20:23:24.0906 5184 HdAudAddService - ok
    20:23:25.0008 5184 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:23:25.0016 5184 HDAudBus - ok
    20:23:25.0076 5184 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    20:23:25.0081 5184 HidBatt - ok
    20:23:25.0156 5184 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    20:23:25.0161 5184 HidBth - ok
    20:23:25.0216 5184 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    20:23:25.0221 5184 HidIr - ok
    20:23:25.0276 5184 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    20:23:25.0281 5184 hidserv - ok
    20:23:25.0368 5184 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    20:23:25.0373 5184 HidUsb - ok
    20:23:25.0436 5184 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
    20:23:25.0443 5184 hkmsvc - ok
    20:23:25.0488 5184 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
    20:23:25.0498 5184 HomeGroupListener - ok
    20:23:25.0538 5184 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
    20:23:25.0546 5184 HomeGroupProvider - ok
    20:23:25.0658 5184 HPEPZWX - ok
    20:23:25.0781 5184 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    20:23:25.0788 5184 HpSAMD - ok
    20:23:25.0833 5184 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    20:23:25.0846 5184 HTTP - ok
    20:23:25.0936 5184 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    20:23:25.0941 5184 hwpolicy - ok
    20:23:25.0998 5184 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:23:26.0001 5184 i8042prt - ok
    20:23:26.0096 5184 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    20:23:26.0111 5184 iaStorV - ok
    20:23:26.0193 5184 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:23:26.0213 5184 idsvc - ok
    20:23:26.0436 5184 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    20:23:26.0601 5184 igfx - ok
    20:23:26.0763 5184 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    20:23:26.0768 5184 iirsp - ok
    20:23:26.0843 5184 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
    20:23:26.0858 5184 IKEEXT - ok
    20:23:27.0076 5184 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
    20:23:27.0151 5184 IntcAzAudAddService - ok
    20:23:27.0238 5184 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    20:23:27.0246 5184 intelide - ok
    20:23:27.0296 5184 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    20:23:27.0301 5184 intelppm - ok
    20:23:27.0381 5184 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    20:23:27.0386 5184 IPBusEnum - ok
    20:23:27.0426 5184 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:23:27.0428 5184 IpFilterDriver - ok
    20:23:27.0528 5184 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
    20:23:27.0546 5184 iphlpsvc - ok
    20:23:27.0633 5184 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    20:23:27.0638 5184 IPMIDRV - ok
    20:23:27.0668 5184 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    20:23:27.0673 5184 IPNAT - ok
    20:23:27.0713 5184 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    20:23:27.0718 5184 IRENUM - ok
    20:23:27.0811 5184 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    20:23:27.0818 5184 isapnp - ok
    20:23:27.0858 5184 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:23:27.0866 5184 iScsiPrt - ok
    20:23:27.0948 5184 IYYXY - ok
    20:23:28.0063 5184 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:23:28.0071 5184 kbdclass - ok
    20:23:28.0116 5184 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:23:28.0121 5184 kbdhid - ok
    20:23:28.0203 5184 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    20:23:28.0208 5184 KeyIso - ok
    20:23:28.0248 5184 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
    20:23:28.0253 5184 KSecDD - ok
    20:23:28.0286 5184 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
    20:23:28.0291 5184 KSecPkg - ok
    20:23:28.0351 5184 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    20:23:28.0363 5184 KtmRm - ok
    20:23:28.0468 5184 L1C (c8fa09049e640b0a27e4b4446d958fe5) C:\Windows\system32\DRIVERS\L1C62x86.sys
    20:23:28.0478 5184 L1C - ok
    20:23:28.0618 5184 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
    20:23:28.0663 5184 LanmanServer - ok
    20:23:28.0958 5184 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
    20:23:28.0968 5184 LanmanWorkstation - ok
    20:23:29.0038 5184 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    20:23:29.0041 5184 lltdio - ok
    20:23:29.0121 5184 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    20:23:29.0131 5184 lltdsvc - ok
    20:23:29.0163 5184 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    20:23:29.0168 5184 lmhosts - ok
    20:23:29.0243 5184 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:23:29.0251 5184 LSI_FC - ok
    20:23:29.0323 5184 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:23:29.0331 5184 LSI_SAS - ok
    20:23:29.0373 5184 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:23:29.0378 5184 LSI_SAS2 - ok
    20:23:29.0413 5184 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:23:29.0418 5184 LSI_SCSI - ok
    20:23:29.0498 5184 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    20:23:29.0506 5184 luafv - ok
    20:23:29.0561 5184 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    20:23:29.0568 5184 mcdbus - ok
    20:23:29.0663 5184 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
    20:23:29.0668 5184 Mcx2Svc - ok
    20:23:29.0738 5184 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    20:23:29.0743 5184 megasas - ok
    20:23:29.0816 5184 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    20:23:29.0826 5184 MegaSR - ok
    20:23:29.0881 5184 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    20:23:29.0886 5184 MMCSS - ok
    20:23:29.0971 5184 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    20:23:29.0978 5184 Modem - ok
    20:23:30.0013 5184 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    20:23:30.0013 5184 monitor - ok
    20:23:30.0101 5184 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    20:23:30.0106 5184 mouclass - ok
    20:23:30.0146 5184 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    20:23:30.0148 5184 mouhid - ok
    20:23:30.0198 5184 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    20:23:30.0201 5184 mountmgr - ok
    20:23:30.0278 5184 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    20:23:30.0288 5184 mpio - ok
    20:23:30.0331 5184 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    20:23:30.0336 5184 mpsdrv - ok
    20:23:30.0373 5184 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
    20:23:30.0388 5184 MpsSvc - ok
    20:23:30.0478 5184 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    20:23:30.0483 5184 MRxDAV - ok
    20:23:30.0536 5184 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:23:30.0541 5184 mrxsmb - ok
    20:23:30.0661 5184 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:23:30.0668 5184 mrxsmb10 - ok
    20:23:30.0726 5184 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:23:30.0733 5184 mrxsmb20 - ok
    20:23:30.0841 5184 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    20:23:30.0848 5184 msahci - ok
    20:23:30.0911 5184 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    20:23:30.0918 5184 msdsm - ok
    20:23:30.0996 5184 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    20:23:31.0008 5184 MSDTC - ok
    20:23:31.0106 5184 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    20:23:31.0111 5184 Msfs - ok
    20:23:31.0201 5184 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    20:23:31.0206 5184 mshidkmdf - ok
    20:23:31.0241 5184 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    20:23:31.0243 5184 msisadrv - ok
    20:23:31.0318 5184 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    20:23:31.0323 5184 MSiSCSI - ok
    20:23:31.0363 5184 msiserver - ok
    20:23:31.0476 5184 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    20:23:31.0481 5184 MSKSSRV - ok
    20:23:31.0546 5184 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:23:31.0548 5184 MSPCLOCK - ok
    20:23:31.0583 5184 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    20:23:31.0586 5184 MSPQM - ok
    20:23:31.0656 5184 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    20:23:31.0661 5184 MsRPC - ok
    20:23:31.0718 5184 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:23:31.0721 5184 mssmbios - ok
    20:23:31.0793 5184 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    20:23:31.0803 5184 MSTEE - ok
    20:23:31.0881 5184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    20:23:31.0886 5184 MTConfig - ok
    20:23:31.0913 5184 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    20:23:31.0918 5184 Mup - ok
    20:23:31.0976 5184 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
    20:23:31.0988 5184 napagent - ok
    20:23:32.0093 5184 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    20:23:32.0106 5184 NativeWifiP - ok
    20:23:32.0193 5184 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    20:23:32.0208 5184 NDIS - ok
    20:23:32.0313 5184 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    20:23:32.0321 5184 NdisCap - ok
    20:23:32.0373 5184 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:23:32.0383 5184 NdisTapi - ok
    20:23:32.0473 5184 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:23:32.0478 5184 Ndisuio - ok
    20:23:32.0513 5184 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:23:32.0518 5184 NdisWan - ok
    20:23:32.0536 5184 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    20:23:32.0541 5184 NDProxy - ok
  8. Ardat

    Ardat Newcomer, in training Topic Starter

    3:32.0643 5184 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    20:23:32.0648 5184 NetBIOS - ok
    20:23:32.0676 5184 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    20:23:32.0683 5184 NetBT - ok
    20:23:32.0736 5184 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    20:23:32.0738 5184 Netlogon - ok
    20:23:32.0833 5184 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    20:23:32.0841 5184 Netman - ok
    20:23:32.0896 5184 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    20:23:32.0906 5184 netprofm - ok
    20:23:32.0976 5184 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:23:32.0986 5184 NetTcpPortSharing - ok
    20:23:33.0231 5184 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    20:23:33.0373 5184 netw5v32 - ok
    20:23:33.0483 5184 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    20:23:33.0491 5184 nfrd960 - ok
    20:23:33.0531 5184 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
    20:23:33.0538 5184 NlaSvc - ok
    20:23:33.0681 5184 NOBU (a634584c506f2c82680039371aa1772c) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    20:23:33.0723 5184 NOBU - ok
    20:23:33.0803 5184 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    20:23:33.0808 5184 Npfs - ok
    20:23:33.0851 5184 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    20:23:33.0856 5184 nsi - ok
    20:23:33.0933 5184 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    20:23:33.0938 5184 nsiproxy - ok
    20:23:34.0028 5184 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    20:23:34.0051 5184 Ntfs - ok
    20:23:34.0148 5184 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    20:23:34.0156 5184 Null - ok
    20:23:34.0213 5184 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    20:23:34.0218 5184 nvraid - ok
    20:23:34.0301 5184 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    20:23:34.0308 5184 nvstor - ok
    20:23:34.0353 5184 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    20:23:34.0358 5184 nv_agp - ok
    20:23:34.0431 5184 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:23:34.0433 5184 ohci1394 - ok
    20:23:34.0476 5184 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    20:23:34.0486 5184 p2pimsvc - ok
    20:23:34.0571 5184 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    20:23:34.0583 5184 p2psvc - ok
    20:23:34.0633 5184 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    20:23:34.0638 5184 Parport - ok
    20:23:34.0666 5184 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    20:23:34.0668 5184 partmgr - ok
    20:23:34.0746 5184 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    20:23:34.0748 5184 Parvdm - ok
    20:23:34.0808 5184 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    20:23:34.0821 5184 PcaSvc - ok
    20:23:35.0053 5184 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    20:23:35.0121 5184 pci - ok
    20:23:35.0266 5184 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    20:23:35.0271 5184 pciide - ok
    20:23:35.0318 5184 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:23:35.0326 5184 pcmcia - ok
    20:23:35.0408 5184 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    20:23:35.0413 5184 pcw - ok
    20:23:35.0476 5184 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    20:23:35.0488 5184 PEAUTH - ok
    20:23:35.0641 5184 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
    20:23:35.0671 5184 pla - ok
    20:23:35.0771 5184 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
    20:23:35.0783 5184 PlugPlay - ok
    20:23:35.0893 5184 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    20:23:35.0911 5184 PMBDeviceInfoProvider - ok
    20:23:35.0973 5184 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    20:23:35.0981 5184 PNRPAutoReg - ok
    20:23:36.0021 5184 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    20:23:36.0028 5184 PNRPsvc - ok
    20:23:36.0088 5184 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
    20:23:36.0096 5184 PolicyAgent - ok
    20:23:36.0346 5184 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
    20:23:36.0351 5184 Power - ok
    20:23:36.0443 5184 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    20:23:36.0448 5184 PptpMiniport - ok
    20:23:36.0483 5184 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    20:23:36.0486 5184 Processor - ok
    20:23:36.0536 5184 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
    20:23:36.0543 5184 ProfSvc - ok
    20:23:36.0681 5184 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    20:23:36.0683 5184 ProtectedStorage - ok
    20:23:36.0773 5184 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    20:23:36.0781 5184 Psched - ok
    20:23:36.0871 5184 QKGZZFJK - ok
    20:23:37.0026 5184 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    20:23:37.0053 5184 ql2300 - ok
    20:23:37.0143 5184 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    20:23:37.0151 5184 ql40xx - ok
    20:23:37.0188 5184 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    20:23:37.0198 5184 QWAVE - ok
    20:23:37.0273 5184 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    20:23:37.0276 5184 QWAVEdrv - ok
    20:23:37.0303 5184 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    20:23:37.0306 5184 RasAcd - ok
    20:23:37.0353 5184 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:23:37.0356 5184 RasAgileVpn - ok
    20:23:37.0423 5184 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    20:23:37.0431 5184 RasAuto - ok
    20:23:37.0491 5184 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:23:37.0493 5184 Rasl2tp - ok
    20:23:37.0573 5184 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
    20:23:37.0583 5184 RasMan - ok
    20:23:37.0638 5184 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:23:37.0641 5184 RasPppoe - ok
    20:23:37.0721 5184 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    20:23:37.0726 5184 RasSstp - ok
    20:23:37.0766 5184 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    20:23:37.0776 5184 rdbss - ok
    20:23:37.0823 5184 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    20:23:37.0828 5184 rdpbus - ok
    20:23:37.0923 5184 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:23:37.0928 5184 RDPCDD - ok
    20:23:37.0961 5184 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    20:23:37.0966 5184 RDPENCDD - ok
    20:23:38.0003 5184 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    20:23:38.0008 5184 RDPREFMP - ok
    20:23:38.0121 5184 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
    20:23:38.0148 5184 RDPWD - ok
    20:23:38.0256 5184 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys
    20:23:38.0266 5184 rdyboost - ok
    20:23:38.0316 5184 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    20:23:38.0323 5184 RemoteAccess - ok
    20:23:38.0388 5184 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    20:23:38.0398 5184 RemoteRegistry - ok
    20:23:38.0473 5184 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    20:23:38.0478 5184 RFCOMM - ok
    20:23:38.0561 5184 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    20:23:38.0571 5184 RpcEptMapper - ok
    20:23:38.0608 5184 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    20:23:38.0616 5184 RpcLocator - ok
    20:23:38.0703 5184 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
    20:23:38.0711 5184 RpcSs - ok
    20:23:38.0788 5184 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    20:23:38.0793 5184 rspndr - ok
    20:23:38.0896 5184 RSUSBSTOR (867beb23207ba425c85293bb0d3ea971) C:\Windows\system32\Drivers\RtsUStor.sys
    20:23:38.0906 5184 RSUSBSTOR - ok
    20:23:38.0981 5184 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    20:23:38.0986 5184 SamSs - ok
    20:23:39.0083 5184 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:23:39.0091 5184 SASDIFSV - ok
    20:23:39.0136 5184 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:23:39.0141 5184 SASKUTIL - ok
    20:23:39.0231 5184 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    20:23:39.0236 5184 sbp2port - ok
    20:23:39.0276 5184 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    20:23:39.0283 5184 SCardSvr - ok
    20:23:39.0351 5184 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    20:23:39.0353 5184 scfilter - ok
    20:23:39.0411 5184 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
    20:23:39.0428 5184 Schedule - ok
    20:23:39.0501 5184 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
    20:23:39.0503 5184 SCPolicySvc - ok
    20:23:39.0568 5184 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
    20:23:39.0573 5184 sdbus - ok
    20:23:39.0636 5184 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
    20:23:39.0648 5184 SDRSVC - ok
    20:23:39.0721 5184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    20:23:39.0726 5184 secdrv - ok
    20:23:39.0803 5184 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    20:23:39.0813 5184 seclogon - ok
    20:23:39.0843 5184 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    20:23:39.0848 5184 SENS - ok
    20:23:39.0881 5184 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    20:23:39.0886 5184 SensrSvc - ok
    20:23:39.0973 5184 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    20:23:39.0976 5184 Serenum - ok
    20:23:40.0006 5184 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    20:23:40.0011 5184 Serial - ok
    20:23:40.0038 5184 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    20:23:40.0041 5184 sermouse - ok
    20:23:40.0108 5184 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
    20:23:40.0116 5184 SessionEnv - ok
    20:23:40.0213 5184 SFEP (dcaff7089185e6461b92d3d3a17ba295) C:\Windows\system32\DRIVERS\SFEP.sys
    20:23:40.0218 5184 SFEP - ok
    20:23:40.0256 5184 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    20:23:40.0258 5184 sffdisk - ok
    20:23:40.0283 5184 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    20:23:40.0288 5184 sffp_mmc - ok
    20:23:40.0366 5184 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    20:23:40.0371 5184 sffp_sd - ok
    20:23:40.0418 5184 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    20:23:40.0423 5184 sfloppy - ok
    20:23:40.0516 5184 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    20:23:40.0528 5184 SharedAccess - ok
    20:23:40.0581 5184 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
    20:23:40.0593 5184 ShellHWDetection - ok
    20:23:40.0706 5184 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    20:23:40.0713 5184 sisagp - ok
    20:23:40.0753 5184 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:23:40.0758 5184 SiSRaid2 - ok
    20:23:40.0838 5184 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    20:23:40.0843 5184 SiSRaid4 - ok
    20:23:40.0891 5184 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    20:23:40.0898 5184 Smb - ok
    20:23:41.0001 5184 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    20:23:41.0008 5184 SNMPTRAP - ok
    20:23:41.0113 5184 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    20:23:41.0126 5184 SOHCImp - ok
    20:23:41.0198 5184 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
    20:23:41.0208 5184 SOHDms - ok
    20:23:41.0343 5184 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
    20:23:41.0351 5184 SOHDs - ok
    20:23:41.0483 5184 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    20:23:41.0501 5184 Sony SCSI Helper Service - ok
    20:23:41.0556 5184 SpfService (b91c063fe1d572dfb3fd8c3898e0d0c1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
    20:23:41.0571 5184 SpfService - ok
    20:23:41.0666 5184 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    20:23:41.0676 5184 spldr - ok
    20:23:41.0716 5184 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
    20:23:41.0726 5184 Spooler - ok
    20:23:41.0841 5184 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
    20:23:41.0926 5184 sppsvc - ok
    20:23:42.0018 5184 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
    20:23:42.0031 5184 sppuinotify - ok
    20:23:42.0118 5184 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
    20:23:42.0128 5184 srv - ok
    20:23:42.0188 5184 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
    20:23:42.0198 5184 srv2 - ok
    20:23:42.0291 5184 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    20:23:42.0301 5184 SrvHsfHDA - ok
    20:23:42.0386 5184 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    20:23:42.0428 5184 SrvHsfV92 - ok
    20:23:42.0541 5184 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    20:23:42.0563 5184 SrvHsfWinac - ok
    20:23:42.0681 5184 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
    20:23:42.0691 5184 srvnet - ok
    20:23:42.0751 5184 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    20:23:42.0758 5184 SSDPSRV - ok
    20:23:42.0861 5184 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    20:23:42.0871 5184 SstpSvc - ok
    20:23:42.0988 5184 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    20:23:42.0993 5184 stexstor - ok
    20:23:43.0063 5184 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
    20:23:43.0078 5184 StiSvc - ok
    20:23:43.0158 5184 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    20:23:43.0163 5184 swenum - ok
    20:23:43.0211 5184 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    20:23:43.0223 5184 swprv - ok
    20:23:43.0363 5184 SynTP (7dddf7b78bf4f67aff691e6ea15e24c0) C:\Windows\system32\DRIVERS\SynTP.sys
    20:23:43.0388 5184 SynTP - ok
    20:23:43.0496 5184 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
    20:23:43.0521 5184 SysMain - ok
    20:23:43.0586 5184 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
    20:23:43.0598 5184 TabletInputService - ok
    20:23:43.0653 5184 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
    20:23:43.0661 5184 TapiSrv - ok
    20:23:43.0698 5184 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    20:23:43.0706 5184 TBS - ok
    20:23:43.0881 5184 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
    20:23:43.0921 5184 Tcpip - ok
    20:23:44.0091 5184 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
    20:23:44.0116 5184 TCPIP6 - ok
    20:23:44.0213 5184 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    20:23:44.0221 5184 tcpipreg - ok
    20:23:44.0268 5184 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    20:23:44.0273 5184 TDPIPE - ok
    20:23:44.0331 5184 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
    20:23:44.0336 5184 TDTCP - ok
    20:23:44.0468 5184 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    20:23:44.0476 5184 tdx - ok
    20:23:44.0526 5184 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    20:23:44.0531 5184 TermDD - ok
    20:23:44.0588 5184 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
    20:23:44.0603 5184 TermService - ok
    20:23:44.0671 5184 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    20:23:44.0681 5184 Themes - ok
    20:23:44.0736 5184 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    20:23:44.0741 5184 THREADORDER - ok
    20:23:44.0833 5184 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    20:23:44.0841 5184 TPM - ok
    20:23:44.0938 5184 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    20:23:44.0951 5184 TrkWks - ok
    20:23:45.0058 5184 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
    20:23:45.0068 5184 TrustedInstaller - ok
    20:23:45.0158 5184 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:23:45.0163 5184 tssecsrv - ok
    20:23:45.0276 5184 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    20:23:45.0283 5184 tunnel - ok
    20:23:45.0368 5184 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    20:23:45.0376 5184 uagp35 - ok
    20:23:45.0463 5184 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    20:23:45.0468 5184 uCamMonitor - ok
    20:23:45.0581 5184 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys
    20:23:45.0596 5184 udfs - ok
    20:23:45.0671 5184 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    20:23:45.0676 5184 UI0Detect - ok
    20:23:45.0771 5184 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    20:23:45.0773 5184 uliagpkx - ok
    20:23:45.0818 5184 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    20:23:45.0823 5184 umbus - ok
    20:23:45.0851 5184 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    20:23:45.0856 5184 UmPass - ok
    20:23:45.0926 5184 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    20:23:45.0936 5184 upnphost - ok
    20:23:46.0008 5184 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:23:46.0013 5184 usbccgp - ok
    20:23:46.0056 5184 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    20:23:46.0061 5184 usbcir - ok
    20:23:46.0148 5184 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
    20:23:46.0156 5184 usbehci - ok
    20:23:46.0228 5184 usbfilter (fb0e8b624d1f7e214edb3d6e56b4ec88) C:\Windows\system32\DRIVERS\usbfilter.sys
    20:23:46.0236 5184 usbfilter - ok
    20:23:46.0356 5184 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
    20:23:46.0368 5184 usbhub - ok
    20:23:46.0418 5184 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
    20:23:46.0423 5184 usbohci - ok
    20:23:46.0461 5184 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    20:23:46.0466 5184 usbprint - ok
    20:23:46.0576 5184 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:23:46.0583 5184 USBSTOR - ok
    20:23:46.0638 5184 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
    20:23:46.0643 5184 usbuhci - ok
    20:23:46.0764 5184 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
    20:23:46.0774 5184 usbvideo - ok
    20:23:46.0834 5184 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    20:23:46.0841 5184 UxSms - ok
    20:23:46.0951 5184 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    20:23:46.0961 5184 VAIO Event Service - ok
    20:23:47.0071 5184 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    20:23:47.0079 5184 VaultSvc - ok
    20:23:47.0254 5184 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    20:23:47.0276 5184 VCFw - ok
    20:23:47.0384 5184 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
    20:23:47.0391 5184 VClone - ok
    20:23:47.0521 5184 VcmIAlzMgr (f0672b2368e859284a4c44ae2cca4c72) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    20:23:47.0539 5184 VcmIAlzMgr - ok
    20:23:47.0649 5184 VcmINSMgr (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    20:23:47.0669 5184 VcmINSMgr - ok
    20:23:47.0756 5184 VcmXmlIfHelper (a9aeaa21fc7b30e48a682f43deb389fc) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    20:23:47.0764 5184 VcmXmlIfHelper - ok
    20:23:47.0876 5184 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    20:23:47.0884 5184 vdrvroot - ok
    20:23:47.0941 5184 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
    20:23:47.0956 5184 vds - ok
    20:23:48.0059 5184 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:23:48.0064 5184 vga - ok
    20:23:48.0099 5184 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    20:23:48.0101 5184 VgaSave - ok
    20:23:48.0134 5184 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    20:23:48.0141 5184 vhdmp - ok
    20:23:48.0276 5184 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    20:23:48.0281 5184 viaagp - ok
    20:23:48.0306 5184 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    20:23:48.0311 5184 ViaC7 - ok
    20:23:48.0381 5184 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    20:23:48.0384 5184 viaide - ok
    20:23:48.0491 5184 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    20:23:48.0494 5184 volmgr - ok
    20:23:48.0544 5184 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    20:23:48.0554 5184 volmgrx - ok
    20:23:48.0606 5184 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    20:23:48.0616 5184 volsnap - ok
    20:23:48.0689 5184 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    20:23:48.0696 5184 vsmraid - ok
    20:23:48.0839 5184 VSNService (8034beb807db1ffd29047689486c849d) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    20:23:48.0859 5184 VSNService - ok
    20:23:48.0991 5184 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
    20:23:49.0016 5184 VSS - ok
    20:23:49.0149 5184 VUAgent (ad08d6157a85ad150a028238253c7666) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    20:23:49.0164 5184 VUAgent - ok
    20:23:49.0274 5184 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    20:23:49.0281 5184 vwifibus - ok
    20:23:49.0361 5184 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    20:23:49.0366 5184 vwififlt - ok
    20:23:49.0479 5184 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    20:23:49.0491 5184 W32Time - ok
    20:23:49.0566 5184 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    20:23:49.0571 5184 WacomPen - ok
    20:23:49.0706 5184 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    20:23:49.0716 5184 WANARP - ok
    20:23:49.0731 5184 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    20:23:49.0734 5184 Wanarpv6 - ok
    20:23:49.0861 5184 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    20:23:49.0896 5184 WatAdminSvc - ok
    20:23:50.0014 5184 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
    20:23:50.0041 5184 wbengine - ok
    20:23:50.0114 5184 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    20:23:50.0131 5184 WbioSrvc - ok
    20:23:50.0191 5184 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
    20:23:50.0201 5184 wcncsvc - ok
    20:23:50.0289 5184 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    20:23:50.0296 5184 WcsPlugInService - ok
    20:23:50.0349 5184 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    20:23:50.0354 5184 Wd - ok
    20:23:50.0456 5184 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    20:23:50.0469 5184 Wdf01000 - ok
    20:23:50.0561 5184 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    20:23:50.0569 5184 WdiServiceHost - ok
    20:23:50.0589 5184 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    20:23:50.0596 5184 WdiSystemHost - ok
    20:23:50.0666 5184 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
    20:23:50.0681 5184 WebClient - ok
    20:23:50.0809 5184 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    20:23:50.0819 5184 Wecsvc - ok
    20:23:50.0899 5184 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    20:23:50.0909 5184 wercplsupport - ok
    20:23:51.0026 5184 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    20:23:51.0034 5184 WerSvc - ok
    20:23:51.0181 5184 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    20:23:51.0184 5184 WfpLwf - ok
    20:23:51.0234 5184 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    20:23:51.0244 5184 WIMMount - ok
    20:23:51.0361 5184 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    20:23:51.0376 5184 WinDefend - ok
    20:23:51.0404 5184 WinHttpAutoProxySvc - ok
    20:23:51.0504 5184 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    20:23:51.0509 5184 Winmgmt - ok
    20:23:51.0584 5184 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
    20:23:51.0609 5184 WinRM - ok
    20:23:51.0861 5184 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    20:23:51.0886 5184 WinUsb - ok
    20:23:52.0041 5184 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    20:23:52.0069 5184 Wlansvc - ok
    20:23:52.0144 5184 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    20:23:52.0154 5184 wlcrasvc - ok
    20:23:52.0251 5184 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:23:52.0286 5184 wlidsvc - ok
    20:23:52.0381 5184 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:23:52.0384 5184 WmiAcpi - ok
    20:23:52.0459 5184 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    20:23:52.0464 5184 wmiApSrv - ok
    20:23:52.0559 5184 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:23:52.0581 5184 WMPNetworkSvc - ok
    20:23:52.0634 5184 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    20:23:52.0639 5184 WPCSvc - ok
    20:23:52.0686 5184 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
    20:23:52.0694 5184 WPDBusEnum - ok
    20:23:52.0736 5184 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    20:23:52.0741 5184 ws2ifsl - ok
    20:23:52.0814 5184 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
    20:23:52.0821 5184 wscsvc - ok
    20:23:52.0859 5184 WSearch - ok
    20:23:52.0966 5184 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
    20:23:53.0006 5184 wuauserv - ok
    20:23:53.0091 5184 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    20:23:53.0099 5184 WudfPf - ok
    20:23:53.0149 5184 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:23:53.0176 5184 WUDFRd - ok
    20:23:53.0499 5184 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
    20:23:53.0509 5184 wudfsvc - ok
    20:23:53.0596 5184 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    20:23:53.0606 5184 WwanSvc - ok
    20:23:53.0696 5184 XZYUIJ - ok
    20:23:53.0786 5184 ZTEusbmdm6k - ok
    20:23:53.0839 5184 ZTEusbnet - ok
    20:23:53.0874 5184 ZTEusbnmea - ok
    20:23:53.0899 5184 ZTEusbser6k - ok
    20:23:53.0959 5184 MBR (0x1B8) (56d36df138646d69b4ce488c42ae035c) \Device\Harddisk0\DR0
    20:23:53.0991 5184 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    20:23:53.0991 5184 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    20:23:54.0031 5184 Boot (0x1200) (7e3885f433ae0edcd92b71e3ba07c50a) \Device\Harddisk0\DR0\Partition0
    20:23:54.0034 5184 \Device\Harddisk0\DR0\Partition0 - ok
    20:23:54.0046 5184 Boot (0x1200) (a70f51747601a8b8c9b4dd86d08a6400) \Device\Harddisk0\DR0\Partition1
    20:23:54.0051 5184 \Device\Harddisk0\DR0\Partition1 - ok
    20:23:54.0051 5184 ============================================================
    20:23:54.0051 5184 Scan finished
    20:23:54.0051 5184 ============================================================
    20:23:54.0086 4468 Detected object count: 1
    20:23:54.0086 4468 Actual detected object count: 1
    20:24:04.0584 4468 \Device\Harddisk0\DR0\# - copied to quarantine
    20:24:04.0586 4468 \Device\Harddisk0\DR0 - copied to quarantine
    20:24:04.0711 4468 \Device\Harddisk0\DR0 - processing error
    20:24:26.0984 4468 \Device\Harddisk0\DR0 - will be restored on reboot
    20:24:27.0174 4468 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
    20:24:30.0132 1440 Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good.

    See if aswMBR will run now.
  10. Ardat

    Ardat Newcomer, in training Topic Starter

    aswMBR does start, but it doesn't seem to be able to scan properly.

    I saved the log anyway, here's what I got:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 20:38:51
    -----------------------------
    20:38:51.444 OS Version: Windows 6.1.7600
    20:38:51.444 Number of processors: 2 586 0x100
    20:38:51.446 ComputerName: AFUNAKWA_LAPTOP UserName: Afunakwa
    20:39:27.445 Initialze error C000010E - driver not loaded
    20:42:16.970 AVAST engine defs: 12040400
    20:42:41.506 Scan error: Incorrect function.
    20:51:43.161 The log file has been saved successfully to "C:\Users\Afunakwa\Desktop\aswMBR.txt"
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Re-run it from safe mode an be more patient.
  12. Ardat

    Ardat Newcomer, in training Topic Starter

    It worked. Here is the log I obtained:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 21:09:34
    -----------------------------
    21:09:34.296 OS Version: Windows 6.1.7600
    21:09:34.296 Number of processors: 2 586 0x100
    21:09:34.296 ComputerName: AFUNAKWA_LAPTOP UserName: Afunakwa
    21:10:12.220 Initialize success
    21:10:22.984 AVAST engine defs: 12040400
    21:10:30.862 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000082
    21:10:30.877 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
    21:10:30.893 Disk 0 MBR read successfully
    21:10:30.909 Disk 0 MBR scan
    21:10:30.909 Disk 0 Windows XP default MBR code
    21:10:30.955 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10606 MB offset 2048
    21:10:30.987 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21723136
    21:10:31.018 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 171281 MB offset 21927936
    21:10:31.033 Disk 0 Partition - 00 05 Extended 123256 MB offset 372713472
    21:10:31.080 Disk 0 Partition 4 00 83 Linux 300 MB offset 372715520
    21:10:31.096 Disk 0 Partition - 00 05 Extended 2001 MB offset 373329920
    21:10:31.127 Disk 0 scanning sectors +625141760
    21:10:31.236 Disk 0 scanning C:\Windows\system32\drivers
    21:10:46.665 Service scanning
    21:11:20.641 Modules scanning
    21:11:25.524 Disk 0 trace - called modules:
    21:11:25.587 ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
    21:11:25.602 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c97030]
    21:11:25.618 3 CLASSPNP.SYS[875b059e] -> nt!IofCallDriver -> [0x83e4ac08]
    21:11:25.649 5 amd_xata.sys[8714286f] -> nt!IofCallDriver -> \Device\00000082[0x84729c68]
    21:11:26.616 AVAST engine scan C:\Windows
    21:11:29.502 AVAST engine scan C:\Windows\system32
    21:15:58.525 AVAST engine scan C:\Windows\system32\drivers
    21:16:22.720 AVAST engine scan C:\Users\Afunakwa
    21:42:02.022 AVAST engine scan C:\ProgramData
    21:45:34.525 Scan finished successfully
    21:47:52.882 Disk 0 MBR has been saved successfully to "C:\Users\Afunakwa\Desktop\MBR.dat"
    21:47:52.929 The log file has been saved successfully to "C:\Users\Afunakwa\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. Ardat

    Ardat Newcomer, in training Topic Starter

    Okay, ComboFix has finished working, so here is the log (the titles are in French, I hope it's not a problem, I wasn't able to change that):

    ComboFix 12-04-04.02 - Afunakwa 05/04/2012 1:47.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.868 [GMT 2:00]
    Lancé depuis: c:\users\Afunakwa\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-03-05 au 2012-04-05 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 00:02 . 2012-04-05 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-04 18:24 . 2012-04-04 18:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-04 10:33 . 2012-04-04 10:33 691 ----a-w- c:\users\Afunakwa\AppData\Roaming\GetValue.vbs
    2012-04-04 10:33 . 2012-04-04 10:33 35 ----a-w- c:\users\Afunakwa\AppData\Roaming\SetValue.bat
    2012-04-04 10:12 . 2012-04-04 10:33 3586 ----a-w- c:\windows\system32\tmp.reg
    2012-04-04 05:57 . 2012-04-04 05:57 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-04 05:56 . 2012-04-04 05:57 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-04 05:56 . 2012-04-04 05:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-04-03 15:59 . 2012-04-03 15:59 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Process Hacker 2
    2012-04-03 15:48 . 2012-04-03 15:48 -------- d-----w- c:\program files\Process Hacker 2
    2012-04-03 15:04 . 2012-04-03 15:50 -------- d-----w- c:\programdata\SecTaskMan
    2012-04-02 20:15 . 2012-04-04 23:43 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\skypePM
    2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----w- c:\program files\Common Files\Skype
    2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----r- c:\program files\Skype
    2012-04-02 19:54 . 2012-04-04 23:43 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Skype
    2012-04-02 15:10 . 2012-04-02 15:10 -------- d-----w- c:\program files\Common Files\Java
    2012-04-02 14:51 . 2012-04-02 14:55 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Wise Registry Cleaner
    2012-04-02 14:50 . 2012-04-02 14:50 -------- d-----w- c:\program files\Wise
    2012-04-02 14:35 . 2012-04-02 14:49 -------- d-----w- c:\program files\RegistryNuke 2012
    2012-04-01 10:38 . 2012-04-01 10:38 -------- d-----w- C:\found.000
    2012-04-01 09:22 . 2012-04-01 09:22 -------- d---a-w- C:\.Trash-1000
    2012-04-01 09:19 . 2012-04-01 09:19 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Malwarebytes
    2012-04-01 09:19 . 2012-04-04 05:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-01 09:19 . 2012-04-03 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-01 09:09 . 2012-04-01 09:09 -------- d-----w- c:\windows\Sun
    2012-03-16 02:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-16 02:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 07:38 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 07:38 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 07:38 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 07:38 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 07:38 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 07:38 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 07:37 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 07:37 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 07:37 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 07:37 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 07:37 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 07:37 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-02 15:08 . 2011-01-19 05:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-02-16 02:11 . 2012-02-16 02:11 161792 ----a-w- c:\windows\system32\msls31.dll
    2012-02-16 02:11 . 2012-02-16 02:11 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-16 02:11 . 2012-02-16 02:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-02-16 02:11 . 2012-02-16 02:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-02-16 02:11 . 2012-02-16 02:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-02-16 02:11 . 2012-02-16 02:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-02-16 02:11 . 2012-02-16 02:11 63488 ----a-w- c:\windows\system32\tdc.ocx
    2012-02-16 02:11 . 2012-02-16 02:11 367104 ----a-w- c:\windows\system32\html.iec
    2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\iesetup.dll
    2012-02-16 02:11 . 2012-02-16 02:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-16 02:11 . 2012-02-16 02:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2012-02-16 02:11 . 2012-02-16 02:11 152064 ----a-w- c:\windows\system32\wextract.exe
    2012-02-16 02:11 . 2012-02-16 02:11 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-02-16 02:11 . 2012-02-16 02:11 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-02-16 02:11 . 2012-02-16 02:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-16 02:11 . 2012-02-16 02:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-02-16 02:10 . 2012-02-16 02:10 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-02-16 02:10 . 2012-02-16 02:10 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-02-16 02:10 . 2012-02-16 02:10 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-16 02:10 . 2012-02-16 02:10 35840 ----a-w- c:\windows\system32\imgutil.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9398888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-01 1873192]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
    "Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R0 evsewoi;evsewoi;c:\windows\System32\drivers\dwtqb.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-01 297000]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-01 33320]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
    R3 HPEPZWX;HPEPZWX;c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe [x]
    R3 IYYXY;IYYXY;c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 QKGZZFJK;QKGZZFJK;c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe [x]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-09-27 222464]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-10-25 84256]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 746864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1343400]
    R3 XZYUIJ;XZYUIJ;c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe [x]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 63616]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 32384]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 218688]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-03 176128]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
    S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-03 6574080]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-03 229888]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-03 102416]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-11-01 68208]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-01 186912]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 9344]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-01 30464]
    .
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.0.10
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3216)
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    Heure de fin: 2012-04-05 02:07:31
    ComboFix-quarantined-files.txt 2012-04-05 00:07
    .
    Avant-CF: 21.506.813.952 bytes free
    Après-CF: 21.748.154.368 bytes free
    .
    - - End Of File - - 79C1E5538A6B3B8B9083EB99559709DD
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Uninstall Wise Registry Cleaner.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =====================================================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\System32\drivers\dwtqb.sys
    c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe
    c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe
    c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe
    c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe
    
    
    Folder::
    
    Driver::
    evsewoi
    HPEPZWX
    IYYXY
    QKGZZFJK
    XZYUIJ
    
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  16. Ardat

    Ardat Newcomer, in training Topic Starter

    All done. Wise Registry Cleaner was uninstalled, and here's the log you've required:

    ComboFix 12-04-04.02 - Afunakwa 06/04/2012 2:30.3.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.516 [GMT 2:00]
    Lancé depuis: c:\users\Afunakwa\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Afunakwa\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe"
    "c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe"
    "c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe"
    "c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe"
    "c:\windows\System32\drivers\dwtqb.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_evsewoi
    -------\Service_HPEPZWX
    -------\Service_IYYXY
    -------\Service_QKGZZFJK
    -------\Service_XZYUIJ
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-03-06 au 2012-04-06 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-04-06 00:46 . 2012-04-06 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-05 05:33 . 2012-04-05 05:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96136DD6-C4D9-44D2-A90E-001239F5FA9D}\offreg.dll
    2012-04-05 05:28 . 2012-04-05 05:28 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\AVG2012
    2012-04-05 05:25 . 2012-04-05 05:29 -------- d-----w- c:\programdata\AVG2012
    2012-04-05 05:24 . 2012-04-05 05:24 -------- d-----w- c:\program files\AVG
    2012-04-05 05:23 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96136DD6-C4D9-44D2-A90E-001239F5FA9D}\mpengine.dll
    2012-04-04 18:24 . 2012-04-04 18:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-04 10:33 . 2012-04-04 10:33 691 ----a-w- c:\users\Afunakwa\AppData\Roaming\GetValue.vbs
    2012-04-04 10:33 . 2012-04-04 10:33 35 ----a-w- c:\users\Afunakwa\AppData\Roaming\SetValue.bat
    2012-04-04 10:12 . 2012-04-04 10:33 3586 ----a-w- c:\windows\system32\tmp.reg
    2012-04-04 05:57 . 2012-04-04 05:57 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-04 05:56 . 2012-04-04 05:57 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-04 05:56 . 2012-04-04 05:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-04-03 15:59 . 2012-04-03 15:59 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Process Hacker 2
    2012-04-03 15:48 . 2012-04-03 15:48 -------- d-----w- c:\program files\Process Hacker 2
    2012-04-03 15:04 . 2012-04-03 15:50 -------- d-----w- c:\programdata\SecTaskMan
    2012-04-02 20:15 . 2012-04-05 06:07 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\skypePM
    2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----w- c:\program files\Common Files\Skype
    2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----r- c:\program files\Skype
    2012-04-02 19:54 . 2012-04-06 04:00 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Skype
    2012-04-02 15:10 . 2012-04-02 15:10 -------- d-----w- c:\program files\Common Files\Java
    2012-04-02 14:35 . 2012-04-02 14:49 -------- d-----w- c:\program files\RegistryNuke 2012
    2012-04-01 10:38 . 2012-04-01 10:38 -------- d-----w- C:\found.000
    2012-04-01 09:22 . 2012-04-01 09:22 -------- d---a-w- C:\.Trash-1000
    2012-04-01 09:19 . 2012-04-01 09:19 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Malwarebytes
    2012-04-01 09:19 . 2012-04-04 05:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-01 09:19 . 2012-04-03 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-01 09:09 . 2012-04-01 09:09 -------- d-----w- c:\windows\Sun
    2012-03-16 02:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-16 02:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 07:38 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 07:38 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 07:38 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 07:38 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 07:38 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 07:38 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 07:37 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 07:37 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 07:37 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 07:37 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 07:37 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 07:37 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-02 15:08 . 2011-01-19 05:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-23 07:18 . 2011-06-07 17:09 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-22 03:25 . 2012-02-22 03:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-02-22 03:25 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-02-16 02:11 . 2012-02-16 02:11 161792 ----a-w- c:\windows\system32\msls31.dll
    2012-02-16 02:11 . 2012-02-16 02:11 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-16 02:11 . 2012-02-16 02:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-02-16 02:11 . 2012-02-16 02:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-02-16 02:11 . 2012-02-16 02:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-02-16 02:11 . 2012-02-16 02:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-02-16 02:11 . 2012-02-16 02:11 63488 ----a-w- c:\windows\system32\tdc.ocx
    2012-02-16 02:11 . 2012-02-16 02:11 367104 ----a-w- c:\windows\system32\html.iec
    2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\iesetup.dll
    2012-02-16 02:11 . 2012-02-16 02:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-16 02:11 . 2012-02-16 02:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2012-02-16 02:11 . 2012-02-16 02:11 152064 ----a-w- c:\windows\system32\wextract.exe
    2012-02-16 02:11 . 2012-02-16 02:11 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-02-16 02:11 . 2012-02-16 02:11 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-02-16 02:11 . 2012-02-16 02:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-16 02:11 . 2012-02-16 02:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-02-16 02:10 . 2012-02-16 02:10 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-02-16 02:10 . 2012-02-16 02:10 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-02-16 02:10 . 2012-02-16 02:10 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-16 02:10 . 2012-02-16 02:10 35840 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-31 02:46 . 2012-01-31 02:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
    2012-02-20 03:04 898912 ----a-w- c:\program files\AVG\AVG2012\avgdtiex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9398888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-01 1873192]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
    "Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
    .
    c:\users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
    R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-01 297000]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-01 33320]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-09-27 222464]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-10-25 84256]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 746864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1343400]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 63616]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 32384]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 218688]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-03 176128]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-03 6574080]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-03 229888]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-03 102416]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-11-01 68208]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-01 186912]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 9344]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-01 30464]
    .
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.0.10
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5572)
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DllHost.exe
    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Sony\VAIO Smart Network\VSNClient.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Sony\VAIO Care\listener.exe
    c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Sony\VAIO Care\VCsystray.exe
    c:\windows\System32\vdsldr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-04-06 06:05:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-04-06 04:05
    ComboFix2.txt 2012-04-05 00:07
    .
    Avant-CF: 25.125.421.056 bytes free
    Après-CF: 25.370.206.208 bytes free
    .
    - - End Of File - - 856DD4B75F1CAEE40EA0A7988D84A24C
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good.

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Ardat

    Ardat Newcomer, in training Topic Starter

    The computer is doing seemingly perfectly (as far as someone as unskilled as I am can make it run anyway). It's been a while since I've been redirected, I'd say since the TDSSKiller or the aswMBR scan.

    Here are the logs you've asked for:

    OTL.txt:

    OTL logfile created on: 06/04/2012 06:37:12 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Afunakwa\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

    1.60 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 25.01% Memory free
    3.21 Gb Paging File | 1.56 Gb Available in Paging File | 48.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 167.27 Gb Total Space | 24.05 Gb Free Space | 14.38% Space Free | Partition Type: NTFS

    Computer Name: AFUNAKWA_LAPTOP | User Name: Afunakwa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
    PRC - [2012/03/31 18:37:38 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
    PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/11/23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/12/03 10:53:22 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/12/03 10:53:22 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/11/27 02:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/11/18 18:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2010/10/20 15:53:48 | 001,144,720 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
    PRC - [2010/09/27 22:41:54 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
    PRC - [2010/08/12 17:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    PRC - [2010/07/29 20:45:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2010/07/29 20:45:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    PRC - [2010/06/08 19:00:04 | 001,897,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    PRC - [2010/06/08 19:00:02 | 000,704,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    PRC - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    PRC - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2010/05/31 21:18:28 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2010/05/31 20:25:46 | 001,463,664 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2010/05/31 19:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2010/05/18 15:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/31 18:37:59 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
    MOD - [2012/03/31 18:37:59 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
    MOD - [2012/03/31 18:37:59 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
    MOD - [2012/03/31 18:37:58 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
    MOD - [2012/03/31 18:37:58 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
    MOD - [2012/03/31 18:37:57 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
    MOD - [2012/03/31 18:37:57 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
    MOD - [2012/03/31 18:37:57 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
    MOD - [2012/03/31 18:37:56 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
    MOD - [2012/03/31 18:37:56 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
    MOD - [2012/03/31 18:37:56 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
    MOD - [2012/03/31 18:37:55 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
    MOD - [2012/03/31 18:37:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
    MOD - [2012/02/16 04:50:49 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
    MOD - [2012/02/16 04:46:38 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll
    MOD - [2012/02/16 04:44:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
    MOD - [2012/02/16 04:44:08 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
    MOD - [2012/02/16 04:43:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/16 04:43:20 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
    MOD - [2012/02/16 04:42:46 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 04:42:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
    MOD - [2012/02/16 04:42:24 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
    MOD - [2012/02/16 04:42:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
    MOD - [2012/02/16 04:41:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
    MOD - [2012/02/16 04:41:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
    MOD - [2012/02/16 04:41:31 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
    MOD - [2011/12/15 02:49:36 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/11/23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll
    MOD - [2011/11/23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
    MOD - [2011/11/23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll
    MOD - [2011/11/23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
    MOD - [2011/11/23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll
    MOD - [2011/11/23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
    MOD - [2011/11/23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
    MOD - [2011/11/23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll
    MOD - [2011/11/23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
    MOD - [2011/11/23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
    MOD - [2011/11/23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
    MOD - [2011/11/23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll
    MOD - [2011/11/23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
    MOD - [2011/11/17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll
    MOD - [2011/11/17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll
    MOD - [2011/10/13 03:30:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
    MOD - [2011/06/27 15:24:28 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/11/18 18:13:28 | 000,096,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    MOD - [2010/11/18 18:02:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2010/10/14 07:32:56 | 000,226,304 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
    MOD - [2010/10/14 07:32:56 | 000,163,328 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
    MOD - [2010/10/14 07:32:56 | 000,139,776 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
    MOD - [2010/10/14 07:32:56 | 000,117,760 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
    MOD - [2010/10/14 07:32:56 | 000,108,032 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
    MOD - [2010/10/14 07:32:56 | 000,051,200 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
    MOD - [2010/10/14 07:32:56 | 000,050,176 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
    MOD - [2010/10/14 07:32:56 | 000,047,104 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
    MOD - [2010/10/14 07:32:56 | 000,034,304 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
    MOD - [2010/10/14 07:32:56 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
    MOD - [2010/10/14 07:32:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
    MOD - [2010/08/24 16:39:36 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2011/11/17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
    SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/08 14:12:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/12/03 10:53:22 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/11/18 18:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV - [2010/10/25 19:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV - [2010/10/25 19:26:32 | 000,084,256 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2010/10/25 19:12:24 | 000,549,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2010/10/12 17:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2010/09/27 17:13:22 | 000,222,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
    SRV - [2010/09/27 17:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2010/09/10 10:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2010/09/10 10:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2010/08/12 17:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV - [2010/06/08 19:00:02 | 000,704,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010/05/31 20:25:44 | 000,746,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Afunakwa\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidsehx.sys -- (AVGIDSEH)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/07 17:54:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2010/12/03 10:53:30 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2010/12/03 10:53:23 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/12/03 10:53:23 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/05 16:28:52 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
    DRV - [2010/11/05 16:28:50 | 000,063,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
    DRV - [2010/11/01 05:20:30 | 001,800,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/11/01 05:17:29 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
    DRV - [2010/11/01 05:13:51 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2010/11/01 04:23:02 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2010/04/26 22:20:29 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
    DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/07/14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
    DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/05/26 16:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{52D2C5E6-1274-4610-89A0-6AAB82D92476}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-20/4?mpre=http://shop.ebay.co.uk/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{6A9E8D44-7E06-4812-A52A-8931BA909625}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{713C9AB0-202A-4E81-A188-5149A37FD9E5}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{856B4664-6F00-4D96-B60F-70259D8C28B4}: "URL" = http://uk.shopping.com/?linkin_id=8056359
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/04/05 07:26:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/05 07:26:02 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/04/06 05:59:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - Startup: C:\Users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}: DhcpNameServer = 192.168.0.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8BC692-EB45-43D7-97BF-96B1DAF0E06D}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/06 06:34:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
    [2012/04/06 06:05:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/06 06:03:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/06 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{3CABBF9D-05D5-4F02-A083-05A803A799BD}
    [2012/04/05 07:28:16 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\AVG2012
    [2012/04/05 07:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/04/05 07:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/04/05 07:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/04/05 01:44:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/05 01:44:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/05 01:44:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/05 01:44:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/05 01:31:00 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
    [2012/04/05 01:23:05 | 004,456,875 | R--- | C] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
    [2012/04/04 20:24:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/04 20:22:32 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
    [2012/04/04 19:53:05 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Afunakwa\Desktop\boot_cleaner.exe
    [2012/04/04 19:09:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
    [2012/04/04 13:05:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Afunakwa\Desktop\dds.com
    [2012/04/04 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\SmitfraudFix
    [2012/04/04 07:57:29 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
    [2012/04/04 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/04/04 07:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/04/04 07:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/03 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Process Hacker 2
    [2012/04/03 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
    [2012/04/03 17:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
    [2012/04/03 17:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/04/03 15:44:51 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\ProcessExplorer
    [2012/04/02 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\skypePM
    [2012/04/02 22:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/04/02 22:10:09 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/04/02 22:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/04/02 21:54:45 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Skype
    [2012/04/02 17:22:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/02 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/04/02 16:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryNuke 2012
    [2012/04/01 12:38:11 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/04/01 11:22:41 | 000,000,000 | ---D | C] -- C:\.Trash-1000
    [2012/04/01 11:19:41 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Malwarebytes
    [2012/04/01 11:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/01 11:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/01 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/04/01 11:09:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/04/01 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2DD712B5-7AA5-461E-8E08-A8D4EF4AEE35}
    [2012/03/31 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{D9A82576-0E67-45AF-97D8-1A4F4CB7B398}
    [2012/03/28 22:30:34 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{FF64F043-0868-4A27-8EBA-F4ECDA300D36}
    [2012/03/28 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{4AAA978F-2E35-4898-8C34-8E76EB0E13F1}
    [2012/03/27 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\Professional stuff
    [2012/03/21 22:17:37 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2BA32D5A-95AF-4693-A7AE-145098D92640}
    [2012/03/21 22:17:31 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{B96D3F17-9916-4F90-9BB6-433F653254C0}
    [2012/03/19 01:33:09 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{40E4B9E5-CF60-4876-AC00-6052E2BA97BF}
    [2012/03/19 01:32:55 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{38229EAD-4219-4D64-9159-F03F1F9805CF}
    [2012/03/18 16:50:28 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{17CE50C8-C8E1-4185-83F9-5CE6BB3F0727}
    [2012/03/18 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2CE06B02-5477-42A1-8DC6-5201C2139D0C}
    [2012/03/18 01:05:51 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{BDA8695B-B295-4852-9640-95315D174567}
    [2012/03/17 04:16:02 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{3E369F04-5A75-4CC7-93E4-D06E7C4E74F4}
    [2012/03/17 04:16:00 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{525BF40E-3383-4E9E-AD52-FABE299E77A8}
    [2012/03/15 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{D454BA2D-1F57-4966-93EB-1E69AEBB01B9}
    [2012/03/15 10:00:42 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{4F96D523-F531-4F2E-BE71-6B412C8A4664}
    [2012/03/14 01:00:37 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{A70AC7AC-7712-4DE5-A03C-B63527FC1F19}
    [2012/03/14 01:00:30 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{6DC55C1B-B4AA-4F90-A056-7FCD0366E468}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
    [2012/04/06 06:16:36 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 06:16:36 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 06:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/06 06:07:07 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/06 05:59:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/05 19:42:26 | 093,771,669 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/04/05 12:09:33 | 000,040,919 | ---- | M] () -- C:\Users\Afunakwa\Desktop\Your001.PDF
    [2012/04/05 01:31:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
    [2012/04/05 01:23:05 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
    [2012/04/04 21:47:52 | 000,000,512 | ---- | M] () -- C:\Users\Afunakwa\Desktop\MBR.dat
    [2012/04/04 19:09:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
    [2012/04/04 16:40:20 | 000,022,624 | ---- | M] () -- C:\Users\Public\Documents\Thoughts.odt
    [2012/04/04 16:34:54 | 000,035,763 | ---- | M] () -- C:\Users\Afunakwa\Desktop\p1_2012.pdf
    [2012/04/04 13:05:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\dds.com
    [2012/04/04 12:33:52 | 000,000,691 | ---- | M] () -- C:\Users\Afunakwa\AppData\Roaming\GetValue.vbs
    [2012/04/04 12:33:52 | 000,000,035 | ---- | M] () -- C:\Users\Afunakwa\AppData\Roaming\SetValue.bat
    [2012/04/04 12:33:47 | 000,003,586 | ---- | M] () -- C:\Windows\System32\tmp.reg
    [2012/04/04 12:03:51 | 001,872,472 | ---- | M] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
    [2012/04/04 07:56:48 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
    [2012/04/02 19:22:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/02 19:22:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/02 15:11:14 | 000,302,592 | ---- | M] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe
    [2012/04/01 11:19:33 | 000,001,091 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber
    [2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
    [2012/03/31 18:47:16 | 000,000,671 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    [2012/03/30 01:30:29 | 000,050,913 | ---- | M] () -- C:\Users\Afunakwa\Desktop\qpan.pdf
    [2012/03/27 18:00:47 | 001,209,141 | ---- | M] () -- C:\Users\Afunakwa\Desktop\MSc Thesis.pdf
    [2012/03/23 08:15:24 | 000,270,035 | ---- | M] () -- C:\Users\Afunakwa\Desktop\1.pdf
    [2012/03/20 18:22:34 | 000,267,044 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/03/15 20:34:53 | 000,017,578 | ---- | M] () -- C:\Users\Afunakwa\Documents\JO8OP.jpg
    [2012/03/15 08:33:56 | 000,317,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  19. Ardat

    Ardat Newcomer, in training Topic Starter

    ========== Files Created - No Company Name ==========

    [2012/04/05 12:09:33 | 000,040,919 | ---- | C] () -- C:\Users\Afunakwa\Desktop\Your001.PDF
    [2012/04/05 01:44:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/05 01:44:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/05 01:44:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/05 01:44:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/05 01:44:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/04 21:47:52 | 000,000,512 | ---- | C] () -- C:\Users\Afunakwa\Desktop\MBR.dat
    [2012/04/04 16:34:54 | 000,035,763 | ---- | C] () -- C:\Users\Afunakwa\Desktop\p1_2012.pdf
    [2012/04/04 12:33:52 | 000,000,691 | ---- | C] () -- C:\Users\Afunakwa\AppData\Roaming\GetValue.vbs
    [2012/04/04 12:33:52 | 000,000,035 | ---- | C] () -- C:\Users\Afunakwa\AppData\Roaming\SetValue.bat
    [2012/04/04 12:12:19 | 000,003,586 | ---- | C] () -- C:\Windows\System32\tmp.reg
    [2012/04/04 12:03:51 | 001,872,472 | ---- | C] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
    [2012/04/04 07:56:48 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/02 17:52:09 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
    [2012/04/02 15:11:14 | 000,302,592 | ---- | C] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe
    [2012/04/01 12:52:53 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/04/01 12:52:53 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/04/01 12:52:53 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2012/04/01 12:52:53 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/04/01 12:52:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/04/01 12:52:53 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/04/01 12:52:53 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/04/01 12:52:53 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/04/01 12:52:53 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/04/01 12:52:53 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
    [2012/04/01 12:52:52 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
    [2012/04/01 12:52:52 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
    [2012/04/01 12:52:52 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
    [2012/04/01 12:52:52 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
    [2012/04/01 12:52:52 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
    [2012/04/01 12:52:52 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/04/01 12:52:52 | 000,001,233 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
    [2012/04/01 12:52:52 | 000,001,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
    [2012/04/01 12:52:52 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk
    [2012/04/01 12:52:52 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/04/01 12:52:51 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    [2012/04/01 12:52:51 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
    [2012/04/01 12:52:50 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
    [2012/04/01 12:52:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/04/01 12:52:50 | 000,001,261 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
    [2012/04/01 12:52:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/04/01 11:19:33 | 000,001,091 | ---- | C] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/03/31 18:47:17 | 000,000,208 | ---- | C] () -- C:\ProgramData\-mmZW7gJurRAHber
    [2012/03/31 18:47:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\-mmZW7gJurRAHbe
    [2012/03/31 18:47:16 | 000,000,671 | ---- | C] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    [2012/03/30 01:30:29 | 000,050,913 | ---- | C] () -- C:\Users\Afunakwa\Desktop\qpan.pdf
    [2012/03/27 18:00:45 | 001,209,141 | ---- | C] () -- C:\Users\Afunakwa\Desktop\MSc Thesis.pdf
    [2012/03/23 08:15:23 | 000,270,035 | ---- | C] () -- C:\Users\Afunakwa\Desktop\1.pdf
    [2012/03/15 20:34:52 | 000,017,578 | ---- | C] () -- C:\Users\Afunakwa\Documents\JO8OP.jpg
    [2011/09/23 21:01:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/19 07:50:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/12/06 06:23:48 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2010/12/06 06:23:48 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

    ========== LOP Check ==========

    [2011/11/06 05:55:29 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\.minecraft
    [2012/04/05 07:28:16 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\AVG2012
    [2011/06/07 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\DAEMON Tools Lite
    [2011/08/07 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Minemapper
    [2012/04/02 21:49:34 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Old_Skype
    [2011/06/27 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\OpenOffice.org
    [2011/10/24 09:36:44 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Opera
    [2012/04/03 17:59:38 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Process Hacker 2
    [2012/04/06 02:45:00 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\uTorrent
    [2012/03/18 01:05:01 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/07/18 14:43:44 | 000,255,312 | ---- | M] () -- C:\ANG0
    [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2012/04/06 06:05:20 | 000,019,702 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/04/06 06:07:07 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/06 06:07:06 | 1722,707,968 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/04 12:38:34 | 000,002,688 | ---- | M] () -- C:\rapport.txt
    [2011/01/19 07:42:16 | 000,002,054 | ---- | M] () -- C:\RHDSetup.log
    [2012/04/01 11:17:03 | 000,000,469 | ---- | M] () -- C:\rkill.log
    [2012/04/04 20:24:30 | 000,133,136 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_20.22.56_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/16 04:59:42 | 000,000,221 | -HS- | M] () -- C:\Users\Afunakwa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/05 01:31:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
    [2012/04/04 19:09:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Afunakwa\Desktop\boot_cleaner.exe
    [2012/04/05 01:23:05 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
    [2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
    [2012/04/04 12:03:51 | 001,872,472 | ---- | M] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
    [2012/04/02 15:11:14 | 000,302,592 | ---- | M] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/06 06:07:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/18 01:05:01 | 000,032,542 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/07 13:47:03 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/06/07 13:47:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/06/07 13:47:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/06/07 13:47:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/06/07 13:47:02 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/06/07 13:47:03 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 04:59:39 | 000,000,402 | -HS- | M] () -- C:\Users\Afunakwa\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
    [2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  20. Ardat

    Ardat Newcomer, in training Topic Starter

    Extras.txt:

    OTL Extras logfile created on: 06/04/2012 06:37:12 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Afunakwa\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

    1.60 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 25.01% Memory free
    3.21 Gb Paging File | 1.56 Gb Available in Paging File | 48.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 167.27 Gb Total Space | 24.05 Gb Free Space | 14.38% Space Free | Partition Type: NTFS

    Computer Name: AFUNAKWA_LAPTOP | User Name: Afunakwa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{022CB62F-2B1E-B41C-807B-9849C083DE42}" = CCC Help English
    "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
    "{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
    "{0D1FFDF2-E93C-9320-2989-2C94022D5ACD}" = CCC Help Polish
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{1027BE37-7C5D-BBA1-B333-A5F57036F8AF}" = CCC Help Italian
    "{12979187-C46B-46C4-A51C-9A4A67E3DC4A}" = Beyond Good & Evil
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F59639F-8631-17FD-5745-2173DF23F13E}" = CCC Help Finnish
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{250ACB6C-8AFB-8FDB-D771-91136DD553D6}" = CCC Help German
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
    "{285D5872-D7DD-43CB-9A59-EE7D18EF7DBA}" = VAIO Media plus
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
    "{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
    "{38106F09-45DF-4919-8798-667C77A0F8F6}" = Remote Keyboard
    "{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
    "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3BBDC032-4DE3-9B75-8413-9B6D4E31285B}" = CCC Help Korean
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{453CA17F-9DBE-EB97-C404-9379367623E6}" = Catalyst Control Center Profiles Mobile
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{466F988F-9C3F-CDEE-CCCC-000CF2573164}" = Catalyst Control Center Localization All
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
    "{4B59576E-E748-415A-BAD4-7B5E2CFDE2D1}" = Document Express DjVu Plug-in
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
    "{4F4F286C-DF69-EF9D-86FC-22685389D665}" = WMV9/VC-1 Video Playback
    "{4F86B339-5FA0-4261-A08F-CF2A85FDD8C2}" = Catalyst Control Center - Branding
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5C18CEAF-7FAD-A2E2-495B-9299B01CC722}" = Catalyst Control Center Graphics Previews Common
    "{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{6F663FE6-3ED0-4ABF-816C-44744F7ACABA}" = Media Gallery
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
    "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{767A8531-12F2-8AE3-892E-3AE1D0ADAD52}" = CCC Help Japanese
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{772F3FAB-0BB0-77A8-EB7D-E7E9B69F9DC3}" = ATI Catalyst Install Manager
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{79ACFD18-AD87-480B-88E0-CF74DD9BBA63}" = PMB VAIO Edition Plug-in
    "{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
    "{7C864AA5-A706-A847-1A98-4DEA354E8738}" = CCC Help Norwegian
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
    "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
    "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8453F789-2683-90DC-5449-CBC75E2693BD}" = CCC Help Russian
    "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
    "{92CABC24-F56E-2044-7DD2-002EE0D7FEEB}" = CCC Help Swedish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{950174DD-FA73-448C-BDD3-A86B0F588EE8}" = Sexy Beach 3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2CCC3D-8C56-7D90-9252-432C59682F19}" = CCC Help French
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A063E1A7-4292-4FFF-9B66-9D2ECF612FE4}" = VAIO Care
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
    "{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
    "{ACB674B8-A3F1-D0C3-2DBD-43E8DB7EEF81}" = AMD Fuel
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B1F6C84B-B527-1C2F-E5AD-0C27979ECAF9}" = Catalyst Control Center InstallProxy
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{BC5D57AE-2708-FAAB-2EC6-823701E51056}" = CCC Help Danish
    "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    "{C498A8E2-50A3-9199-AB0F-2BF18BF14BB0}" = CCC Help Dutch
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
    "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
    "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
    "{C8459C05-CBB5-4011-C7D5-ACFDF41D1837}" = CCC Help Thai
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
    "{D3A3AAAB-40E3-0B87-B3EA-1DD659FF1563}" = CCC Help Portuguese
    "{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6F8BFC7-AF21-B5E0-EAEE-3663A1626C1A}" = CCC Help Spanish
    "{D8A8F5E0-0AC2-410E-9BC5-FCBC07977FAC}" = ccc-utility
    "{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack
    "{DAD19566-39E2-6739-C7BE-A35C1558BDB3}" = CCC Help Chinese Traditional
    "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E200E500-17F2-D30D-CA9A-D06F4CBFBE76}" = ccc-core-static
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6FE050F-CB41-B88B-D63C-EEA4DB46BE67}" = CCC Help Greek
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E88BE13E-9EB8-31F8-9A4D-CDE0F8FEE72C}" = CCC Help Chinese Standard
    "{E9487AEC-16E8-7637-256D-07FDD7ED8849}" = CCC Help Hungarian
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB62E6D5-E217-45DD-9C42-A3BBEBA89955}" = AVG 2012
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3D92DE3-F248-5A61-FAAB-FA1F255AE3E8}" = CCC Help Czech
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2012
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DjVuLibre+DjView" = DjVuLibre+DjView
    "EasyBCD" = EasyBCD 2.1
    "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
    "InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Opera 11.62.1347" = Opera 11.62
    "Portal" = Portal
    "Postal 2_is1" = Portal 2
    "Process_Hacker2_is1" = Process Hacker 2.27 (r4957)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "VAIO Help and Support" =
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 13/03/2012 18:51:22 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x4ce596f0 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
    stamp: 0x4ec49caf Exception code: 0xc0000005 Fault offset: 0x0002f963 Faulting process
    id: 0xa5c Faulting application start time: 0x01ccfacba5b28367 Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0d92053d-6d5f-11e1-88c9-d192064eb347

    Error - 15/03/2012 01:31:54 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 15/03/2012 21:44:30 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 16/03/2012 02:19:50 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: AcroRd32.exe, version: 9.4.0.195, time
    stamp: 0x4c9b3e3c Faulting module name: AcroRd32.dll, version: 9.4.0.195, time stamp:
    0x4c9b259e Exception code: 0xc0000005 Fault offset: 0x00278f72 Faulting process id:
    0x1c70 Faulting application start time: 0x01cd032c06a1841d Faulting application path:
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe Faulting module path: C:\Program
    Files\Adobe\Reader 9.0\Reader\AcroRd32.dll Report Id: 08e2c4b7-6f30-11e1-9403-eddbfd55855a

    Error - 17/03/2012 21:07:16 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 20/03/2012 09:16:47 | Computer Name = Afunakwa_laptop | Source = System Restore | ID = 8193
    Description =

    Error - 20/03/2012 09:16:47 | Computer Name = Afunakwa_laptop | Source = System Restore | ID = 8211
    Description =

    Error - 25/03/2012 23:04:54 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: MassEffect2.exe, version: 1.2.1604.0, time
    stamp: 0x4bd60ba2 Faulting module name: MassEffect2.exe, version: 1.2.1604.0, time
    stamp: 0x4bd60ba2 Exception code: 0xc0000005 Fault offset: 0x005119e6 Faulting process
    id: 0x1a1c Faulting application start time: 0x01cd0af60ddd14bf Faulting application
    path: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe Faulting module path:
    C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe Report Id: 75bdcee1-76f0-11e1-8f42-c3d7903e0761

    Error - 26/03/2012 09:07:34 | Computer Name = Afunakwa_laptop | Source = SampleCollector | ID = 131331
    Description = CreateFile:SState: failed with error 0x20: The process cannot access
    the file because it is being used by another process.

    Error - 27/03/2012 03:57:56 | Computer Name = Afunakwa_laptop | Source = SampleCollector | ID = 131331
    Description = init_sstates_file:CreateFile:prev_SState: failed with error 0x20:
    The process cannot access the file because it is being used by another process.

    [ System Events ]
    Error - 04/04/2012 19:46:59 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 04/04/2012 19:56:17 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 04/04/2012 20:04:00 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 05/04/2012 01:17:28 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    evsewoi

    Error - 05/04/2012 20:30:14 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 05/04/2012 20:39:57 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 05/04/2012 20:47:08 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 05/04/2012 20:47:24 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 05/04/2012 20:49:16 | Computer Name = Afunakwa_laptop | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 02:46:53 on ?6/?04/?2012 was unexpected.

    Error - 06/04/2012 00:11:26 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7022
    Description = The VAIO Care Performance Service service hung on starting.


    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      [2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber
      [2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
      [2012/03/31 18:47:16 | 000,000,671 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. Ardat

    Ardat Newcomer, in training Topic Starter

    Everything is done. ESET didn't find anything and hence, didn't produce any log. For the rest, here they are:

    OTL:

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    C:\ProgramData\-mmZW7gJurRAHber moved successfully.
    C:\ProgramData\-mmZW7gJurRAHbe moved successfully.
    C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Afunakwa
    ->Temp folder emptied: 376413 bytes
    ->Temporary Internet Files folder emptied: 3084757 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 6967109 bytes
    ->Flash cache emptied: 3961499 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 738 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 593920 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYJAVA]

    User: Afunakwa
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Afunakwa
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04072012_025503

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Security Check:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SUPERAntiSpyware
    Java(TM) 6 Update 31
    Adobe Flash Player 11.1.102.55
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Symantec Norton Online Backup NOBuAgent.exe
    ``````````End of Log````````````


    FSS:

    Farbar Service Scanner Version: 01-03-2012
    Ran by Afunakwa (administrator) on 07-04-2012 at 03:05:43
    Running from "C:\Users\Afunakwa\Desktop"
    Microsoft Windows 7 Home Premium (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-09 08:37] - [2011-09-29 17:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

    C:\Windows\system32\dnsrslvr.dll
    [2011-06-08 10:32] - [2011-03-03 07:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

    C:\Windows\system32\mpssvc.dll
    [2009-07-14 01:53] - [2009-07-14 03:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-14 01:54] - [2009-07-14 03:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-14 01:23] - [2009-07-14 03:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-14 01:24] - [2009-07-14 03:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll
    [2011-06-08 10:23] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-14 02:15] - [2009-07-14 03:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-14 01:30] - [2009-07-14 03:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  24. Ardat

    Ardat Newcomer, in training Topic Starter

    I followed, and I'll continue to follow, your advices. The Malwarebytes scan came clean.


    Thank you, you've been a tremendous help.
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.