Solved I'm being redirected from Google searches

[Ardat]

The system has recently been infiltrated by SMARTHDD, provoking a series a fake integrity problems messages. I managed to remove it, but since then, I'm periodically being redirected from Google searches to random sites. After seeking informations, I made a few attempts to remove to problem (Gmer, Smitfraudfix, SUPERAntiSpyware), but nothing seems to work. I also attempted to remove the malware manually using a linux partition, but I can't locate it. I really don't know what else to do, except actively asking for help or reinstalling Windows completely, and I'd rather avoid the latter option. I'd be extremely thankful if you could help me.

Gmer doesn't spot any problem, but an exception pops up when I launch it [LoadDriver("C:\...\awlyyuoc.sys") error 0XC000010E An instance of the service is already running.] and I can only scan the services, registry and files with it. As for my mbytes and DDL logs, here they are:

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Afunakwa :: AFUNAKWA_LAPTOP [administrator]

4/04/2012 12:52:25
mbam-log-2012-04-04 (12-52-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188062
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Afunakwa at 13:06:09 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.403 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\afunakwa\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.10
TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892} : DhcpNameServer = 192.168.0.10
TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\2416271636B656E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\2456C6B696E6F574F505C65737F5D494D4F4F5632373334333 : DhcpNameServer = 195.54.122.198 195.54.122.199
TCP: Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}\3547F636B686F6C6D637F53747164637269626C696F64756B6 : DhcpNameServer = 172.21.127.4
TCP: Interfaces\{4E8BC692-EB45-43D7-97BF-96B1DAF0E06D} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-1-19 63616]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-1-19 32384]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-7 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-6 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2010-11-18 284160]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\sony\vaio care\VCPerfService.exe [2011-1-19 187792]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-1-19 104960]
R2 VSNService;VSNService;c:\program files\sony\vaio smart network\VSNService.exe [2011-1-19 704512]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-1-19 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-6 6574080]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-6 229888]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-1-19 17408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-6 102416]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-1-19 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-19 33320]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-1 68208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-1-19 186912]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-6-2 9344]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-1-19 30464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-14 214016]
S3 HPEPZWX;HPEPZWX;c:\users\afunakwa\appdata\local\temp\hpepzwx.exe --> c:\users\afunakwa\appdata\local\temp\HPEPZWX.exe [?]
S3 IYYXY;IYYXY;c:\users\afunakwa\appdata\local\temp\iyyxy.exe --> c:\users\afunakwa\appdata\local\temp\IYYXY.exe [?]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 QKGZZFJK;QKGZZFJK;c:\users\afunakwa\appdata\local\temp\qkgzzfjk.exe --> c:\users\afunakwa\appdata\local\temp\QKGZZFJK.exe [?]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-9-27 222464]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-9-27 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-10-25 549168]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-10-25 84256]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2011-1-19 746864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-8 1343400]
S3 XZYUIJ;XZYUIJ;c:\users\afunakwa\appdata\local\temp\xzyuij.exe --> c:\users\afunakwa\appdata\local\temp\XZYUIJ.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-04 10:33:52 691 ----a-w- c:\users\afunakwa\appdata\roaming\GetValue.vbs
2012-04-04 10:33:52 35 ----a-w- c:\users\afunakwa\appdata\roaming\SetValue.bat
2012-04-04 10:12:19 3586 ----a-w- c:\windows\system32\tmp.reg
2012-04-04 05:57:29 -------- d-----w- c:\users\afunakwa\appdata\roaming\SUPERAntiSpyware.com
2012-04-04 05:56:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-04 05:56:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-03 15:59:38 -------- d-----w- c:\users\afunakwa\appdata\roaming\Process Hacker 2
2012-04-03 15:48:37 -------- d-----w- c:\program files\Process Hacker 2
2012-04-03 15:04:45 -------- d-----w- c:\programdata\SecTaskMan
2012-04-02 20:10:09 -------- d-----r- c:\program files\Skype
2012-04-02 17:15:12 355 ----a-w- C:\Start_.cmd
2012-04-02 17:15:11 -------- d-----w- C:\ComboFix
2012-04-02 16:45:51 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-02 14:51:53 -------- d-----w- c:\users\afunakwa\appdata\roaming\Wise Registry Cleaner
2012-04-02 14:50:57 -------- d-----w- c:\program files\Wise
2012-04-02 14:35:21 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-01 10:38:11 -------- d-----w- C:\found.000
2012-04-01 09:22:41 -------- d---a-w- C:\.Trash-1000
2012-04-01 09:19:41 -------- d-----w- c:\users\afunakwa\appdata\roaming\Malwarebytes
2012-04-01 09:19:32 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 09:19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 06:47:07 -------- d-----w- c:\users\afunakwa\appdata\local\{2DD712B5-7AA5-461E-8E08-A8D4EF4AEE35}
2012-03-31 16:47:20 -------- d-----w- c:\users\afunakwa\appdata\local\{D9A82576-0E67-45AF-97D8-1A4F4CB7B398}
2012-03-28 20:30:34 -------- d-----w- c:\users\afunakwa\appdata\local\{FF64F043-0868-4A27-8EBA-F4ECDA300D36}
2012-03-28 20:30:19 -------- d-----w- c:\users\afunakwa\appdata\local\{4AAA978F-2E35-4898-8C34-8E76EB0E13F1}
2012-03-21 20:17:37 -------- d-----w- c:\users\afunakwa\appdata\local\{2BA32D5A-95AF-4693-A7AE-145098D92640}
2012-03-21 20:17:31 -------- d-----w- c:\users\afunakwa\appdata\local\{B96D3F17-9916-4F90-9BB6-433F653254C0}
2012-03-18 23:33:09 -------- d-----w- c:\users\afunakwa\appdata\local\{40E4B9E5-CF60-4876-AC00-6052E2BA97BF}
2012-03-18 23:32:55 -------- d-----w- c:\users\afunakwa\appdata\local\{38229EAD-4219-4D64-9159-F03F1F9805CF}
2012-03-18 14:50:28 -------- d-----w- c:\users\afunakwa\appdata\local\{17CE50C8-C8E1-4185-83F9-5CE6BB3F0727}
2012-03-18 14:50:20 -------- d-----w- c:\users\afunakwa\appdata\local\{2CE06B02-5477-42A1-8DC6-5201C2139D0C}
2012-03-17 23:05:51 -------- d-----w- c:\users\afunakwa\appdata\local\{BDA8695B-B295-4852-9640-95315D174567}
2012-03-17 02:16:02 -------- d-----w- c:\users\afunakwa\appdata\local\{3E369F04-5A75-4CC7-93E4-D06E7C4E74F4}
2012-03-17 02:16:00 -------- d-----w- c:\users\afunakwa\appdata\local\{525BF40E-3383-4E9E-AD52-FABE299E77A8}
2012-03-16 02:01:35 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-16 02:01:28 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 08:00:47 -------- d-----w- c:\users\afunakwa\appdata\local\{D454BA2D-1F57-4966-93EB-1E69AEBB01B9}
2012-03-15 08:00:42 -------- d-----w- c:\users\afunakwa\appdata\local\{4F96D523-F531-4F2E-BE71-6B412C8A4664}
2012-03-14 07:38:06 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:38:04 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:38:04 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:38:03 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:38:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:38:03 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:37:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:37:30 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:37:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:37:27 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:37:25 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:37:25 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:00:37 -------- d-----w- c:\users\afunakwa\appdata\local\{A70AC7AC-7712-4DE5-A03C-B63527FC1F19}
2012-03-13 23:00:30 -------- d-----w- c:\users\afunakwa\appdata\local\{6DC55C1B-B4AA-4F90-A056-7FCD0366E468}
2012-03-06 00:30:42 -------- d-----w- c:\users\afunakwa\appdata\local\{BE0704E2-D154-48C9-8CC0-04BCEB6EA1F0}
2012-03-05 12:30:47 -------- d-----w- c:\users\afunakwa\appdata\local\{BA35BF6D-3C52-4A10-8A0E-F87D6670C9BF}
.
==================== Find3M ====================
.
2012-04-02 15:08:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-16 02:10:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 02:10:59 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 02:10:55 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 02:10:54 35840 ----a-w- c:\windows\system32\imgutil.dll
.
============= FINISH: 13:13:39,62 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/06/2011 12:58:36
System Uptime: 4/04/2012 12:39:37 (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD E-350 Processor | N/A | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 167 GiB total, 14,344 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP148: 2/04/2012 17:06:22 - Installed Java(TM) 6 Update 31
RP149: 2/04/2012 21:59:44 - Removed Skype™ 5.8
RP150: 2/04/2012 22:04:30 - Removed Skype™ 5.8
RP151: 2/04/2012 22:08:30 - Removed Skype™ 5.5
RP152: 3/04/2012 20:37:20 - Installed ESET NOD32 Antivirus
RP153: 4/04/2012 03:00:17 - Windows Update
.
==== Installed Programs ======================
.
.
????? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0 MUI
AMD Fuel
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
ATI Catalyst Install Manager
µTorrent
AVG 2012
Beyond Good & Evil
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
DAEMON Tools Lite
DjVuLibre+DjView
Document Express DjVu Plug-in
EasyBCD 2.1
Evernote
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect
Mass Effect 2
Media Gallery
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Norton Online Backup
NVIDIA PhysX
OpenOffice.org 3.3
Opera 11.62
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Portal
Portal 2
Process Hacker 2.27 (r4957)
Raccolta foto di Windows Live
Rampant Logic Postscript Viewer 1.1
Reader for PC
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sexy Beach 3
Skype™ 4.2
Star Wars®: Knights of the Old Republic (TM)
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Sample Contents
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VLC media player 1.1.11
WIDCOMM Bluetooth Software
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Wise Registry Cleaner 7.12
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
4/04/2012 12:44:29, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
4/04/2012 12:40:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: evsewoi
4/04/2012 12:38:41, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/04/2012 12:20:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/04/2012 12:20:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/04/2012 12:20:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/04/2012 12:20:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache ehdrv evsewoi NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/04/2012 12:20:14, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/04/2012 20:41:50, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Ardat]

I can't launch aswMBR

Thank you for helping me.

I tried to launch aswMBR.exe several times, without results. I then restarted my computer and tried again, but it made no difference.

 

[Broni]

Proceed with Bootkit Remover.

 

[Ardat]

Here's bootkit's data:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`9d300000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Ardat]

Here's the TDSSKiller's log:

20:22:56.0473 5596 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
20:22:56.0950 5596 ============================================================
20:22:56.0950 5596 Current date / time: 2012/04/04 20:22:56.0950
20:22:56.0950 5596 SystemInfo:
20:22:56.0950 5596
20:22:56.0950 5596 OS Version: 6.1.7600 ServicePack: 0.0
20:22:56.0950 5596 Product type: Workstation
20:22:56.0950 5596 ComputerName: AFUNAKWA_LAPTOP
20:22:56.0953 5596 UserName: Afunakwa
20:22:56.0953 5596 Windows directory: C:\Windows
20:22:56.0953 5596 System windows directory: C:\Windows
20:22:56.0953 5596 Processor architecture: Intel x86
20:22:56.0953 5596 Number of processors: 2
20:22:56.0953 5596 Page size: 0x1000
20:22:56.0953 5596 Boot type: Normal boot
20:22:56.0953 5596 ============================================================
20:22:58.0543 5596 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:22:58.0548 5596 \Device\Harddisk0\DR0:
20:22:58.0548 5596 MBR used
20:22:58.0548 5596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14B7800, BlocksNum 0x32000
20:22:58.0548 5596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14E9800, BlocksNum 0x14E88AB0
20:22:58.0660 5596 Initialize success
20:22:58.0660 5596 ============================================================
20:23:07.0810 5184 ============================================================
20:23:07.0810 5184 Scan started
20:23:07.0810 5184 Mode: Manual;
20:23:07.0810 5184 ============================================================
20:23:10.0773 5184 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:23:10.0818 5184 !SASCORE - ok
20:23:11.0110 5184 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
20:23:11.0118 5184 1394ohci - ok
20:23:11.0225 5184 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:23:11.0235 5184 ACDaemon - ok
20:23:11.0325 5184 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:23:11.0333 5184 ACPI - ok
20:23:11.0398 5184 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:23:11.0403 5184 AcpiPmi - ok
20:23:11.0510 5184 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:11.0520 5184 adp94xx - ok
20:23:11.0635 5184 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:23:11.0643 5184 adpahci - ok
20:23:11.0670 5184 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:23:11.0675 5184 adpu320 - ok
20:23:11.0718 5184 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:23:11.0740 5184 AeLookupSvc - ok
20:23:11.0870 5184 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:23:11.0880 5184 AFD - ok
20:23:11.0925 5184 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:23:11.0930 5184 agp440 - ok
20:23:12.0045 5184 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:23:12.0050 5184 aic78xx - ok
20:23:12.0118 5184 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:23:12.0120 5184 ALG - ok
20:23:12.0210 5184 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:23:12.0215 5184 aliide - ok
20:23:12.0270 5184 AMD External Events Utility (4381a9a99f56b33dac58852669e300e8) C:\Windows\system32\atiesrxx.exe
20:23:12.0275 5184 AMD External Events Utility - ok
20:23:12.0338 5184 AMD FUEL Service - ok
20:23:12.0410 5184 AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:23:12.0415 5184 AMD Reservation Manager - ok
20:23:12.0515 5184 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:23:12.0523 5184 amdagp - ok
20:23:12.0565 5184 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:23:12.0570 5184 amdide - ok
20:23:12.0648 5184 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
20:23:12.0653 5184 amdiox86 - ok
20:23:12.0700 5184 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:23:12.0705 5184 AmdK8 - ok
20:23:12.0980 5184 amdkmdag (5d3816a677ca50a618ad7138d2c21ced) C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:13.0353 5184 amdkmdag - ok
20:23:13.0433 5184 amdkmdap (f3dc5d5c36fee050a6c7204f0cb12c4c) C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:13.0440 5184 amdkmdap - ok
20:23:13.0495 5184 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:23:13.0495 5184 AmdPPM - ok
20:23:13.0603 5184 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:23:13.0610 5184 amdsata - ok
20:23:13.0645 5184 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:13.0660 5184 amdsbs - ok
20:23:13.0688 5184 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:23:13.0690 5184 amdxata - ok
20:23:13.0718 5184 amd_sata (c67abecd78888b58bffa1f9c60c3153b) C:\Windows\system32\DRIVERS\amd_sata.sys
20:23:13.0720 5184 amd_sata - ok
20:23:13.0800 5184 amd_xata (acf7e74a5a813364d0c0bb101e1ac0d5) C:\Windows\system32\DRIVERS\amd_xata.sys
20:23:13.0805 5184 amd_xata - ok
20:23:13.0860 5184 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:23:13.0863 5184 AppID - ok
20:23:13.0935 5184 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:23:13.0938 5184 AppIDSvc - ok
20:23:13.0988 5184 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:23:13.0990 5184 Appinfo - ok
20:23:14.0088 5184 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:23:14.0096 5184 arc - ok
20:23:14.0131 5184 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:23:14.0136 5184 arcsas - ok
20:23:14.0188 5184 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:23:14.0193 5184 ArcSoftKsUFilter - ok
20:23:14.0281 5184 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:14.0286 5184 AsyncMac - ok
20:23:14.0321 5184 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:23:14.0323 5184 atapi - ok
20:23:14.0463 5184 athr (92ce48a7b48d2f836a9706ae215a8caa) C:\Windows\system32\DRIVERS\athr.sys
20:23:14.0501 5184 athr - ok
20:23:14.0623 5184 AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
20:23:14.0628 5184 AtiHDAudioService - ok
20:23:14.0688 5184 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:23:14.0701 5184 AudioEndpointBuilder - ok
20:23:14.0723 5184 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:23:14.0731 5184 Audiosrv - ok
20:23:14.0978 5184 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:23:15.0246 5184 AVGIDSAgent - ok
20:23:15.0343 5184 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:23:15.0353 5184 AVGIDSDriver - ok
20:23:15.0386 5184 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:23:15.0388 5184 AVGIDSEH - ok
20:23:15.0411 5184 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:23:15.0416 5184 AVGIDSFilter - ok
20:23:15.0546 5184 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:23:15.0551 5184 AVGIDSShim - ok
20:23:15.0621 5184 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
20:23:15.0631 5184 Avgldx86 - ok
20:23:15.0716 5184 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:23:15.0736 5184 Avgmfx86 - ok
20:23:15.0818 5184 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:23:15.0826 5184 Avgrkx86 - ok
20:23:15.0926 5184 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
20:23:15.0933 5184 Avgtdix - ok
20:23:16.0068 5184 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:23:16.0076 5184 avgwd - ok
20:23:16.0148 5184 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:23:16.0156 5184 AxInstSV - ok
20:23:16.0251 5184 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:23:16.0268 5184 b06bdrv - ok
20:23:16.0366 5184 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:23:16.0373 5184 b57nd60x - ok
20:23:16.0418 5184 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:23:16.0421 5184 BDESVC - ok
20:23:16.0493 5184 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:23:16.0498 5184 Beep - ok
20:23:16.0563 5184 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
20:23:16.0576 5184 BFE - ok
20:23:16.0656 5184 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
20:23:16.0771 5184 BITS - ok
20:23:16.0908 5184 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:16.0916 5184 blbdrive - ok
20:23:16.0971 5184 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:23:16.0976 5184 bowser - ok
20:23:17.0071 5184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:17.0073 5184 BrFiltLo - ok
20:23:17.0113 5184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:17.0116 5184 BrFiltUp - ok
20:23:17.0263 5184 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:23:17.0268 5184 BridgeMP - ok
20:23:17.0321 5184 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:23:17.0326 5184 Browser - ok
20:23:17.0438 5184 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:23:17.0446 5184 Brserid - ok
20:23:17.0481 5184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:17.0486 5184 BrSerWdm - ok
20:23:17.0571 5184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:17.0573 5184 BrUsbMdm - ok
20:23:17.0646 5184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:17.0651 5184 BrUsbSer - ok
20:23:17.0756 5184 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
20:23:17.0763 5184 BthEnum - ok
20:23:17.0851 5184 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:17.0856 5184 BTHMODEM - ok
20:23:17.0913 5184 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:23:17.0916 5184 BthPan - ok
20:23:18.0021 5184 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
20:23:18.0063 5184 BTHPORT - ok
20:23:18.0511 5184 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:23:18.0513 5184 bthserv - ok
20:23:18.0651 5184 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
20:23:18.0663 5184 BTHUSB - ok
20:23:18.0771 5184 btwampfl (525432cfd6d8c004860af7ecd0a84234) C:\Windows\system32\drivers\btwampfl.sys
20:23:18.0781 5184 btwampfl - ok
20:23:18.0908 5184 btwaudio (cf8799a563f734984d4e053cacec1426) C:\Windows\system32\drivers\btwaudio.sys
20:23:18.0916 5184 btwaudio - ok
20:23:19.0083 5184 btwavdt (9ed9932043d599aea04f6ea2d86964a1) C:\Windows\system32\DRIVERS\btwavdt.sys
20:23:19.0088 5184 btwavdt - ok
20:23:19.0268 5184 btwdins (110496cf8143fea63b7a31dad175829b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:23:19.0283 5184 btwdins - ok
20:23:19.0406 5184 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:23:19.0411 5184 btwl2cap - ok
20:23:19.0453 5184 btwrchid (373d1bb0f7dc8f1931f9b7e0de3e9a30) C:\Windows\system32\DRIVERS\btwrchid.sys
20:23:19.0458 5184 btwrchid - ok
20:23:19.0548 5184 catchme - ok
20:23:19.0656 5184 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:23:19.0663 5184 cdfs - ok
20:23:19.0756 5184 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:23:19.0763 5184 cdrom - ok
20:23:19.0876 5184 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:23:19.0881 5184 CertPropSvc - ok
20:23:19.0953 5184 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:23:19.0961 5184 circlass - ok
20:23:20.0061 5184 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:23:20.0073 5184 CLFS - ok
20:23:20.0151 5184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:20.0161 5184 clr_optimization_v2.0.50727_32 - ok
20:23:20.0288 5184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:20.0316 5184 clr_optimization_v4.0.30319_32 - ok
20:23:20.0393 5184 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:20.0398 5184 CmBatt - ok
20:23:20.0443 5184 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:23:20.0446 5184 cmdide - ok
20:23:20.0548 5184 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
20:23:20.0573 5184 CNG - ok
20:23:20.0638 5184 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:23:20.0643 5184 Compbatt - ok
20:23:20.0791 5184 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:23:20.0798 5184 CompositeBus - ok
20:23:20.0871 5184 COMSysApp - ok
20:23:20.0923 5184 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:20.0926 5184 crcdisk - ok
20:23:21.0021 5184 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
20:23:21.0028 5184 CryptSvc - ok
20:23:21.0146 5184 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:23:21.0158 5184 DcomLaunch - ok
20:23:21.0226 5184 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:23:21.0236 5184 defragsvc - ok
20:23:21.0333 5184 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:23:21.0343 5184 DfsC - ok
20:23:21.0416 5184 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:23:21.0423 5184 Dhcp - ok
20:23:21.0501 5184 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:23:21.0506 5184 discache - ok
20:23:21.0591 5184 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:23:21.0596 5184 Disk - ok
20:23:21.0656 5184 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
20:23:21.0661 5184 Dnscache - ok
20:23:21.0716 5184 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:23:21.0723 5184 dot3svc - ok
20:23:21.0766 5184 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:23:21.0771 5184 DPS - ok
20:23:21.0846 5184 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:23:21.0851 5184 drmkaud - ok
20:23:21.0946 5184 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:23:21.0956 5184 dtsoftbus01 - ok
20:23:22.0036 5184 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:23:22.0051 5184 DXGKrnl - ok
20:23:22.0163 5184 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
20:23:22.0171 5184 e1yexpress - ok
20:23:22.0233 5184 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:23:22.0238 5184 EapHost - ok
20:23:22.0413 5184 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:23:22.0548 5184 ebdrv - ok
20:23:22.0658 5184 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
20:23:22.0661 5184 EFS - ok
20:23:22.0723 5184 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
20:23:22.0738 5184 ehRecvr - ok
20:23:22.0791 5184 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:23:22.0796 5184 ehSched - ok
20:23:22.0888 5184 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:23:23.0016 5184 elxstor - ok
20:23:23.0396 5184 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:23:23.0401 5184 ErrDev - ok
20:23:23.0498 5184 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:23:23.0508 5184 EventSystem - ok
20:23:23.0548 5184 evsewoi - ok
20:23:23.0601 5184 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:23:23.0608 5184 exfat - ok
20:23:23.0698 5184 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:23:23.0708 5184 fastfat - ok
20:23:23.0788 5184 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:23:23.0803 5184 Fax - ok
20:23:23.0906 5184 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:23:23.0911 5184 fdc - ok
20:23:23.0951 5184 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:23:23.0956 5184 fdPHost - ok
20:23:24.0001 5184 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:23:24.0003 5184 FDResPub - ok
20:23:24.0048 5184 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:23:24.0053 5184 FileInfo - ok
20:23:24.0076 5184 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:23:24.0086 5184 Filetrace - ok
20:23:24.0191 5184 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:24.0196 5184 flpydisk - ok
20:23:24.0243 5184 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:23:24.0251 5184 FltMgr - ok
20:23:24.0301 5184 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
20:23:24.0318 5184 FontCache - ok
20:23:24.0386 5184 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:23:24.0391 5184 FontCache3.0.0.0 - ok
20:23:24.0446 5184 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:23:24.0451 5184 FsDepends - ok
20:23:24.0493 5184 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:23:24.0496 5184 Fs_Rec - ok
20:23:24.0551 5184 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:23:24.0568 5184 fvevol - ok
20:23:24.0646 5184 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:24.0651 5184 gagp30kx - ok
20:23:24.0723 5184 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:23:24.0736 5184 gpsvc - ok
20:23:24.0811 5184 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:23:24.0813 5184 hcw85cir - ok
20:23:24.0898 5184 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:23:24.0906 5184 HdAudAddService - ok
20:23:25.0008 5184 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:23:25.0016 5184 HDAudBus - ok
20:23:25.0076 5184 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:25.0081 5184 HidBatt - ok
20:23:25.0156 5184 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:23:25.0161 5184 HidBth - ok
20:23:25.0216 5184 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:23:25.0221 5184 HidIr - ok
20:23:25.0276 5184 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
20:23:25.0281 5184 hidserv - ok
20:23:25.0368 5184 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:23:25.0373 5184 HidUsb - ok
20:23:25.0436 5184 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:23:25.0443 5184 hkmsvc - ok
20:23:25.0488 5184 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:23:25.0498 5184 HomeGroupListener - ok
20:23:25.0538 5184 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:23:25.0546 5184 HomeGroupProvider - ok
20:23:25.0658 5184 HPEPZWX - ok
20:23:25.0781 5184 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:23:25.0788 5184 HpSAMD - ok
20:23:25.0833 5184 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:23:25.0846 5184 HTTP - ok
20:23:25.0936 5184 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:23:25.0941 5184 hwpolicy - ok
20:23:25.0998 5184 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:23:26.0001 5184 i8042prt - ok
20:23:26.0096 5184 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:23:26.0111 5184 iaStorV - ok
20:23:26.0193 5184 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:23:26.0213 5184 idsvc - ok
20:23:26.0436 5184 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:23:26.0601 5184 igfx - ok
20:23:26.0763 5184 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:23:26.0768 5184 iirsp - ok
20:23:26.0843 5184 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:23:26.0858 5184 IKEEXT - ok
20:23:27.0076 5184 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
20:23:27.0151 5184 IntcAzAudAddService - ok
20:23:27.0238 5184 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:23:27.0246 5184 intelide - ok
20:23:27.0296 5184 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:23:27.0301 5184 intelppm - ok
20:23:27.0381 5184 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:23:27.0386 5184 IPBusEnum - ok
20:23:27.0426 5184 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:27.0428 5184 IpFilterDriver - ok
20:23:27.0528 5184 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
20:23:27.0546 5184 iphlpsvc - ok
20:23:27.0633 5184 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:23:27.0638 5184 IPMIDRV - ok
20:23:27.0668 5184 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:23:27.0673 5184 IPNAT - ok
20:23:27.0713 5184 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:23:27.0718 5184 IRENUM - ok
20:23:27.0811 5184 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:23:27.0818 5184 isapnp - ok
20:23:27.0858 5184 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:23:27.0866 5184 iScsiPrt - ok
20:23:27.0948 5184 IYYXY - ok
20:23:28.0063 5184 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:23:28.0071 5184 kbdclass - ok
20:23:28.0116 5184 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:23:28.0121 5184 kbdhid - ok
20:23:28.0203 5184 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:23:28.0208 5184 KeyIso - ok
20:23:28.0248 5184 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
20:23:28.0253 5184 KSecDD - ok
20:23:28.0286 5184 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
20:23:28.0291 5184 KSecPkg - ok
20:23:28.0351 5184 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:23:28.0363 5184 KtmRm - ok
20:23:28.0468 5184 L1C (c8fa09049e640b0a27e4b4446d958fe5) C:\Windows\system32\DRIVERS\L1C62x86.sys
20:23:28.0478 5184 L1C - ok
20:23:28.0618 5184 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
20:23:28.0663 5184 LanmanServer - ok
20:23:28.0958 5184 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:23:28.0968 5184 LanmanWorkstation - ok
20:23:29.0038 5184 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:23:29.0041 5184 lltdio - ok
20:23:29.0121 5184 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:23:29.0131 5184 lltdsvc - ok
20:23:29.0163 5184 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:23:29.0168 5184 lmhosts - ok
20:23:29.0243 5184 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:29.0251 5184 LSI_FC - ok
20:23:29.0323 5184 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:29.0331 5184 LSI_SAS - ok
20:23:29.0373 5184 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:29.0378 5184 LSI_SAS2 - ok
20:23:29.0413 5184 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:29.0418 5184 LSI_SCSI - ok
20:23:29.0498 5184 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:23:29.0506 5184 luafv - ok
20:23:29.0561 5184 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
20:23:29.0568 5184 mcdbus - ok
20:23:29.0663 5184 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:23:29.0668 5184 Mcx2Svc - ok
20:23:29.0738 5184 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:23:29.0743 5184 megasas - ok
20:23:29.0816 5184 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:29.0826 5184 MegaSR - ok
20:23:29.0881 5184 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:23:29.0886 5184 MMCSS - ok
20:23:29.0971 5184 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:23:29.0978 5184 Modem - ok
20:23:30.0013 5184 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:23:30.0013 5184 monitor - ok
20:23:30.0101 5184 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:23:30.0106 5184 mouclass - ok
20:23:30.0146 5184 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:23:30.0148 5184 mouhid - ok
20:23:30.0198 5184 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:23:30.0201 5184 mountmgr - ok
20:23:30.0278 5184 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:23:30.0288 5184 mpio - ok
20:23:30.0331 5184 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:23:30.0336 5184 mpsdrv - ok
20:23:30.0373 5184 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
20:23:30.0388 5184 MpsSvc - ok
20:23:30.0478 5184 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:23:30.0483 5184 MRxDAV - ok
20:23:30.0536 5184 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:30.0541 5184 mrxsmb - ok
20:23:30.0661 5184 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:30.0668 5184 mrxsmb10 - ok
20:23:30.0726 5184 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:30.0733 5184 mrxsmb20 - ok
20:23:30.0841 5184 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:23:30.0848 5184 msahci - ok
20:23:30.0911 5184 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:23:30.0918 5184 msdsm - ok
20:23:30.0996 5184 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:23:31.0008 5184 MSDTC - ok
20:23:31.0106 5184 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:23:31.0111 5184 Msfs - ok
20:23:31.0201 5184 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:23:31.0206 5184 mshidkmdf - ok
20:23:31.0241 5184 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:23:31.0243 5184 msisadrv - ok
20:23:31.0318 5184 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:23:31.0323 5184 MSiSCSI - ok
20:23:31.0363 5184 msiserver - ok
20:23:31.0476 5184 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:23:31.0481 5184 MSKSSRV - ok
20:23:31.0546 5184 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:31.0548 5184 MSPCLOCK - ok
20:23:31.0583 5184 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:23:31.0586 5184 MSPQM - ok
20:23:31.0656 5184 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:23:31.0661 5184 MsRPC - ok
20:23:31.0718 5184 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:23:31.0721 5184 mssmbios - ok
20:23:31.0793 5184 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:23:31.0803 5184 MSTEE - ok
20:23:31.0881 5184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:31.0886 5184 MTConfig - ok
20:23:31.0913 5184 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:23:31.0918 5184 Mup - ok
20:23:31.0976 5184 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:23:31.0988 5184 napagent - ok
20:23:32.0093 5184 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:23:32.0106 5184 NativeWifiP - ok
20:23:32.0193 5184 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:23:32.0208 5184 NDIS - ok
20:23:32.0313 5184 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:32.0321 5184 NdisCap - ok
20:23:32.0373 5184 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:32.0383 5184 NdisTapi - ok
20:23:32.0473 5184 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:32.0478 5184 Ndisuio - ok
20:23:32.0513 5184 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:32.0518 5184 NdisWan - ok
20:23:32.0536 5184 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:23:32.0541 5184 NDProxy - ok

 

[Ardat]

3:32.0643 5184 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:23:32.0648 5184 NetBIOS - ok
20:23:32.0676 5184 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:23:32.0683 5184 NetBT - ok
20:23:32.0736 5184 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:23:32.0738 5184 Netlogon - ok
20:23:32.0833 5184 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:23:32.0841 5184 Netman - ok
20:23:32.0896 5184 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:23:32.0906 5184 netprofm - ok
20:23:32.0976 5184 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:32.0986 5184 NetTcpPortSharing - ok
20:23:33.0231 5184 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
20:23:33.0373 5184 netw5v32 - ok
20:23:33.0483 5184 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:33.0491 5184 nfrd960 - ok
20:23:33.0531 5184 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:23:33.0538 5184 NlaSvc - ok
20:23:33.0681 5184 NOBU (a634584c506f2c82680039371aa1772c) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
20:23:33.0723 5184 NOBU - ok
20:23:33.0803 5184 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:23:33.0808 5184 Npfs - ok
20:23:33.0851 5184 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:23:33.0856 5184 nsi - ok
20:23:33.0933 5184 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:23:33.0938 5184 nsiproxy - ok
20:23:34.0028 5184 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:23:34.0051 5184 Ntfs - ok
20:23:34.0148 5184 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:23:34.0156 5184 Null - ok
20:23:34.0213 5184 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:23:34.0218 5184 nvraid - ok
20:23:34.0301 5184 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:23:34.0308 5184 nvstor - ok
20:23:34.0353 5184 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:23:34.0358 5184 nv_agp - ok
20:23:34.0431 5184 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:23:34.0433 5184 ohci1394 - ok
20:23:34.0476 5184 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:23:34.0486 5184 p2pimsvc - ok
20:23:34.0571 5184 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:23:34.0583 5184 p2psvc - ok
20:23:34.0633 5184 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:23:34.0638 5184 Parport - ok
20:23:34.0666 5184 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:23:34.0668 5184 partmgr - ok
20:23:34.0746 5184 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:23:34.0748 5184 Parvdm - ok
20:23:34.0808 5184 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:23:34.0821 5184 PcaSvc - ok
20:23:35.0053 5184 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:23:35.0121 5184 pci - ok
20:23:35.0266 5184 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:23:35.0271 5184 pciide - ok
20:23:35.0318 5184 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:35.0326 5184 pcmcia - ok
20:23:35.0408 5184 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:23:35.0413 5184 pcw - ok
20:23:35.0476 5184 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:23:35.0488 5184 PEAUTH - ok
20:23:35.0641 5184 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:23:35.0671 5184 pla - ok
20:23:35.0771 5184 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
20:23:35.0783 5184 PlugPlay - ok
20:23:35.0893 5184 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
20:23:35.0911 5184 PMBDeviceInfoProvider - ok
20:23:35.0973 5184 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:23:35.0981 5184 PNRPAutoReg - ok
20:23:36.0021 5184 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:23:36.0028 5184 PNRPsvc - ok
20:23:36.0088 5184 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:23:36.0096 5184 PolicyAgent - ok
20:23:36.0346 5184 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:23:36.0351 5184 Power - ok
20:23:36.0443 5184 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:23:36.0448 5184 PptpMiniport - ok
20:23:36.0483 5184 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:23:36.0486 5184 Processor - ok
20:23:36.0536 5184 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
20:23:36.0543 5184 ProfSvc - ok
20:23:36.0681 5184 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:23:36.0683 5184 ProtectedStorage - ok
20:23:36.0773 5184 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:23:36.0781 5184 Psched - ok
20:23:36.0871 5184 QKGZZFJK - ok
20:23:37.0026 5184 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:23:37.0053 5184 ql2300 - ok
20:23:37.0143 5184 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:37.0151 5184 ql40xx - ok
20:23:37.0188 5184 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:23:37.0198 5184 QWAVE - ok
20:23:37.0273 5184 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:23:37.0276 5184 QWAVEdrv - ok
20:23:37.0303 5184 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:23:37.0306 5184 RasAcd - ok
20:23:37.0353 5184 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:37.0356 5184 RasAgileVpn - ok
20:23:37.0423 5184 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:23:37.0431 5184 RasAuto - ok
20:23:37.0491 5184 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:37.0493 5184 Rasl2tp - ok
20:23:37.0573 5184 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:23:37.0583 5184 RasMan - ok
20:23:37.0638 5184 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:37.0641 5184 RasPppoe - ok
20:23:37.0721 5184 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:23:37.0726 5184 RasSstp - ok
20:23:37.0766 5184 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:23:37.0776 5184 rdbss - ok
20:23:37.0823 5184 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:37.0828 5184 rdpbus - ok
20:23:37.0923 5184 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:37.0928 5184 RDPCDD - ok
20:23:37.0961 5184 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:23:37.0966 5184 RDPENCDD - ok
20:23:38.0003 5184 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:23:38.0008 5184 RDPREFMP - ok
20:23:38.0121 5184 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
20:23:38.0148 5184 RDPWD - ok
20:23:38.0256 5184 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys
20:23:38.0266 5184 rdyboost - ok
20:23:38.0316 5184 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:23:38.0323 5184 RemoteAccess - ok
20:23:38.0388 5184 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:23:38.0398 5184 RemoteRegistry - ok
20:23:38.0473 5184 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:23:38.0478 5184 RFCOMM - ok
20:23:38.0561 5184 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:23:38.0571 5184 RpcEptMapper - ok
20:23:38.0608 5184 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:23:38.0616 5184 RpcLocator - ok
20:23:38.0703 5184 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:23:38.0711 5184 RpcSs - ok
20:23:38.0788 5184 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:23:38.0793 5184 rspndr - ok
20:23:38.0896 5184 RSUSBSTOR (867beb23207ba425c85293bb0d3ea971) C:\Windows\system32\Drivers\RtsUStor.sys
20:23:38.0906 5184 RSUSBSTOR - ok
20:23:38.0981 5184 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:23:38.0986 5184 SamSs - ok
20:23:39.0083 5184 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:23:39.0091 5184 SASDIFSV - ok
20:23:39.0136 5184 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:23:39.0141 5184 SASKUTIL - ok
20:23:39.0231 5184 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:23:39.0236 5184 sbp2port - ok
20:23:39.0276 5184 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:23:39.0283 5184 SCardSvr - ok
20:23:39.0351 5184 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:23:39.0353 5184 scfilter - ok
20:23:39.0411 5184 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
20:23:39.0428 5184 Schedule - ok
20:23:39.0501 5184 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:23:39.0503 5184 SCPolicySvc - ok
20:23:39.0568 5184 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
20:23:39.0573 5184 sdbus - ok
20:23:39.0636 5184 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:23:39.0648 5184 SDRSVC - ok
20:23:39.0721 5184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:23:39.0726 5184 secdrv - ok
20:23:39.0803 5184 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:23:39.0813 5184 seclogon - ok
20:23:39.0843 5184 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
20:23:39.0848 5184 SENS - ok
20:23:39.0881 5184 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:23:39.0886 5184 SensrSvc - ok
20:23:39.0973 5184 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:23:39.0976 5184 Serenum - ok
20:23:40.0006 5184 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:23:40.0011 5184 Serial - ok
20:23:40.0038 5184 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:23:40.0041 5184 sermouse - ok
20:23:40.0108 5184 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:23:40.0116 5184 SessionEnv - ok
20:23:40.0213 5184 SFEP (dcaff7089185e6461b92d3d3a17ba295) C:\Windows\system32\DRIVERS\SFEP.sys
20:23:40.0218 5184 SFEP - ok
20:23:40.0256 5184 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:23:40.0258 5184 sffdisk - ok
20:23:40.0283 5184 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:23:40.0288 5184 sffp_mmc - ok
20:23:40.0366 5184 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:23:40.0371 5184 sffp_sd - ok
20:23:40.0418 5184 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:40.0423 5184 sfloppy - ok
20:23:40.0516 5184 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:23:40.0528 5184 SharedAccess - ok
20:23:40.0581 5184 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:23:40.0593 5184 ShellHWDetection - ok
20:23:40.0706 5184 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:23:40.0713 5184 sisagp - ok
20:23:40.0753 5184 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:40.0758 5184 SiSRaid2 - ok
20:23:40.0838 5184 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:40.0843 5184 SiSRaid4 - ok
20:23:40.0891 5184 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:23:40.0898 5184 Smb - ok
20:23:41.0001 5184 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:23:41.0008 5184 SNMPTRAP - ok
20:23:41.0113 5184 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
20:23:41.0126 5184 SOHCImp - ok
20:23:41.0198 5184 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
20:23:41.0208 5184 SOHDms - ok
20:23:41.0343 5184 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
20:23:41.0351 5184 SOHDs - ok
20:23:41.0483 5184 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
20:23:41.0501 5184 Sony SCSI Helper Service - ok
20:23:41.0556 5184 SpfService (b91c063fe1d572dfb3fd8c3898e0d0c1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
20:23:41.0571 5184 SpfService - ok
20:23:41.0666 5184 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:23:41.0676 5184 spldr - ok
20:23:41.0716 5184 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
20:23:41.0726 5184 Spooler - ok
20:23:41.0841 5184 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:23:41.0926 5184 sppsvc - ok
20:23:42.0018 5184 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:23:42.0031 5184 sppuinotify - ok
20:23:42.0118 5184 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:23:42.0128 5184 srv - ok
20:23:42.0188 5184 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:23:42.0198 5184 srv2 - ok
20:23:42.0291 5184 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:23:42.0301 5184 SrvHsfHDA - ok
20:23:42.0386 5184 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:23:42.0428 5184 SrvHsfV92 - ok
20:23:42.0541 5184 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:23:42.0563 5184 SrvHsfWinac - ok
20:23:42.0681 5184 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:23:42.0691 5184 srvnet - ok
20:23:42.0751 5184 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:23:42.0758 5184 SSDPSRV - ok
20:23:42.0861 5184 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:23:42.0871 5184 SstpSvc - ok
20:23:42.0988 5184 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:23:42.0993 5184 stexstor - ok
20:23:43.0063 5184 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:23:43.0078 5184 StiSvc - ok
20:23:43.0158 5184 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:23:43.0163 5184 swenum - ok
20:23:43.0211 5184 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:23:43.0223 5184 swprv - ok
20:23:43.0363 5184 SynTP (7dddf7b78bf4f67aff691e6ea15e24c0) C:\Windows\system32\DRIVERS\SynTP.sys
20:23:43.0388 5184 SynTP - ok
20:23:43.0496 5184 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:23:43.0521 5184 SysMain - ok
20:23:43.0586 5184 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:23:43.0598 5184 TabletInputService - ok
20:23:43.0653 5184 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:23:43.0661 5184 TapiSrv - ok
20:23:43.0698 5184 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:23:43.0706 5184 TBS - ok
20:23:43.0881 5184 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
20:23:43.0921 5184 Tcpip - ok
20:23:44.0091 5184 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
20:23:44.0116 5184 TCPIP6 - ok
20:23:44.0213 5184 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:23:44.0221 5184 tcpipreg - ok
20:23:44.0268 5184 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:23:44.0273 5184 TDPIPE - ok
20:23:44.0331 5184 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
20:23:44.0336 5184 TDTCP - ok
20:23:44.0468 5184 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:23:44.0476 5184 tdx - ok
20:23:44.0526 5184 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:23:44.0531 5184 TermDD - ok
20:23:44.0588 5184 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:23:44.0603 5184 TermService - ok
20:23:44.0671 5184 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:23:44.0681 5184 Themes - ok
20:23:44.0736 5184 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:23:44.0741 5184 THREADORDER - ok
20:23:44.0833 5184 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
20:23:44.0841 5184 TPM - ok
20:23:44.0938 5184 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:23:44.0951 5184 TrkWks - ok
20:23:45.0058 5184 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:23:45.0068 5184 TrustedInstaller - ok
20:23:45.0158 5184 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:45.0163 5184 tssecsrv - ok
20:23:45.0276 5184 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:23:45.0283 5184 tunnel - ok
20:23:45.0368 5184 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:23:45.0376 5184 uagp35 - ok
20:23:45.0463 5184 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:23:45.0468 5184 uCamMonitor - ok
20:23:45.0581 5184 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys
20:23:45.0596 5184 udfs - ok
20:23:45.0671 5184 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:23:45.0676 5184 UI0Detect - ok
20:23:45.0771 5184 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:23:45.0773 5184 uliagpkx - ok
20:23:45.0818 5184 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:23:45.0823 5184 umbus - ok
20:23:45.0851 5184 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:23:45.0856 5184 UmPass - ok
20:23:45.0926 5184 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:23:45.0936 5184 upnphost - ok
20:23:46.0008 5184 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:46.0013 5184 usbccgp - ok
20:23:46.0056 5184 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:23:46.0061 5184 usbcir - ok
20:23:46.0148 5184 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
20:23:46.0156 5184 usbehci - ok
20:23:46.0228 5184 usbfilter (fb0e8b624d1f7e214edb3d6e56b4ec88) C:\Windows\system32\DRIVERS\usbfilter.sys
20:23:46.0236 5184 usbfilter - ok
20:23:46.0356 5184 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
20:23:46.0368 5184 usbhub - ok
20:23:46.0418 5184 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
20:23:46.0423 5184 usbohci - ok
20:23:46.0461 5184 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:23:46.0466 5184 usbprint - ok
20:23:46.0576 5184 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:46.0583 5184 USBSTOR - ok
20:23:46.0638 5184 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
20:23:46.0643 5184 usbuhci - ok
20:23:46.0764 5184 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
20:23:46.0774 5184 usbvideo - ok
20:23:46.0834 5184 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:23:46.0841 5184 UxSms - ok
20:23:46.0951 5184 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:23:46.0961 5184 VAIO Event Service - ok
20:23:47.0071 5184 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:23:47.0079 5184 VaultSvc - ok
20:23:47.0254 5184 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
20:23:47.0276 5184 VCFw - ok
20:23:47.0384 5184 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
20:23:47.0391 5184 VClone - ok
20:23:47.0521 5184 VcmIAlzMgr (f0672b2368e859284a4c44ae2cca4c72) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
20:23:47.0539 5184 VcmIAlzMgr - ok
20:23:47.0649 5184 VcmINSMgr (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
20:23:47.0669 5184 VcmINSMgr - ok
20:23:47.0756 5184 VcmXmlIfHelper (a9aeaa21fc7b30e48a682f43deb389fc) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
20:23:47.0764 5184 VcmXmlIfHelper - ok
20:23:47.0876 5184 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:23:47.0884 5184 vdrvroot - ok
20:23:47.0941 5184 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:23:47.0956 5184 vds - ok
20:23:48.0059 5184 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:48.0064 5184 vga - ok
20:23:48.0099 5184 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:23:48.0101 5184 VgaSave - ok
20:23:48.0134 5184 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:23:48.0141 5184 vhdmp - ok
20:23:48.0276 5184 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:23:48.0281 5184 viaagp - ok
20:23:48.0306 5184 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:23:48.0311 5184 ViaC7 - ok
20:23:48.0381 5184 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:23:48.0384 5184 viaide - ok
20:23:48.0491 5184 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:23:48.0494 5184 volmgr - ok
20:23:48.0544 5184 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:23:48.0554 5184 volmgrx - ok
20:23:48.0606 5184 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:23:48.0616 5184 volsnap - ok
20:23:48.0689 5184 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:48.0696 5184 vsmraid - ok
20:23:48.0839 5184 VSNService (8034beb807db1ffd29047689486c849d) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
20:23:48.0859 5184 VSNService - ok
20:23:48.0991 5184 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:23:49.0016 5184 VSS - ok
20:23:49.0149 5184 VUAgent (ad08d6157a85ad150a028238253c7666) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
20:23:49.0164 5184 VUAgent - ok
20:23:49.0274 5184 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:23:49.0281 5184 vwifibus - ok
20:23:49.0361 5184 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:23:49.0366 5184 vwififlt - ok
20:23:49.0479 5184 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:23:49.0491 5184 W32Time - ok
20:23:49.0566 5184 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:23:49.0571 5184 WacomPen - ok
20:23:49.0706 5184 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:49.0716 5184 WANARP - ok
20:23:49.0731 5184 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:49.0734 5184 Wanarpv6 - ok
20:23:49.0861 5184 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:23:49.0896 5184 WatAdminSvc - ok
20:23:50.0014 5184 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:23:50.0041 5184 wbengine - ok
20:23:50.0114 5184 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:23:50.0131 5184 WbioSrvc - ok
20:23:50.0191 5184 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
20:23:50.0201 5184 wcncsvc - ok
20:23:50.0289 5184 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:23:50.0296 5184 WcsPlugInService - ok
20:23:50.0349 5184 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:23:50.0354 5184 Wd - ok
20:23:50.0456 5184 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:23:50.0469 5184 Wdf01000 - ok
20:23:50.0561 5184 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:23:50.0569 5184 WdiServiceHost - ok
20:23:50.0589 5184 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:23:50.0596 5184 WdiSystemHost - ok
20:23:50.0666 5184 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
20:23:50.0681 5184 WebClient - ok
20:23:50.0809 5184 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:23:50.0819 5184 Wecsvc - ok
20:23:50.0899 5184 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:23:50.0909 5184 wercplsupport - ok
20:23:51.0026 5184 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:23:51.0034 5184 WerSvc - ok
20:23:51.0181 5184 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:51.0184 5184 WfpLwf - ok
20:23:51.0234 5184 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:23:51.0244 5184 WIMMount - ok
20:23:51.0361 5184 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:23:51.0376 5184 WinDefend - ok
20:23:51.0404 5184 WinHttpAutoProxySvc - ok
20:23:51.0504 5184 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:23:51.0509 5184 Winmgmt - ok
20:23:51.0584 5184 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:23:51.0609 5184 WinRM - ok
20:23:51.0861 5184 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
20:23:51.0886 5184 WinUsb - ok
20:23:52.0041 5184 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:23:52.0069 5184 Wlansvc - ok
20:23:52.0144 5184 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:23:52.0154 5184 wlcrasvc - ok
20:23:52.0251 5184 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:23:52.0286 5184 wlidsvc - ok
20:23:52.0381 5184 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:23:52.0384 5184 WmiAcpi - ok
20:23:52.0459 5184 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:23:52.0464 5184 wmiApSrv - ok
20:23:52.0559 5184 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:23:52.0581 5184 WMPNetworkSvc - ok
20:23:52.0634 5184 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:23:52.0639 5184 WPCSvc - ok
20:23:52.0686 5184 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:23:52.0694 5184 WPDBusEnum - ok
20:23:52.0736 5184 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:23:52.0741 5184 ws2ifsl - ok
20:23:52.0814 5184 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
20:23:52.0821 5184 wscsvc - ok
20:23:52.0859 5184 WSearch - ok
20:23:52.0966 5184 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
20:23:53.0006 5184 wuauserv - ok
20:23:53.0091 5184 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:23:53.0099 5184 WudfPf - ok
20:23:53.0149 5184 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:53.0176 5184 WUDFRd - ok
20:23:53.0499 5184 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
20:23:53.0509 5184 wudfsvc - ok
20:23:53.0596 5184 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:23:53.0606 5184 WwanSvc - ok
20:23:53.0696 5184 XZYUIJ - ok
20:23:53.0786 5184 ZTEusbmdm6k - ok
20:23:53.0839 5184 ZTEusbnet - ok
20:23:53.0874 5184 ZTEusbnmea - ok
20:23:53.0899 5184 ZTEusbser6k - ok
20:23:53.0959 5184 MBR (0x1B8) (56d36df138646d69b4ce488c42ae035c) \Device\Harddisk0\DR0
20:23:53.0991 5184 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
20:23:53.0991 5184 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
20:23:54.0031 5184 Boot (0x1200) (7e3885f433ae0edcd92b71e3ba07c50a) \Device\Harddisk0\DR0\Partition0
20:23:54.0034 5184 \Device\Harddisk0\DR0\Partition0 - ok
20:23:54.0046 5184 Boot (0x1200) (a70f51747601a8b8c9b4dd86d08a6400) \Device\Harddisk0\DR0\Partition1
20:23:54.0051 5184 \Device\Harddisk0\DR0\Partition1 - ok
20:23:54.0051 5184 ============================================================
20:23:54.0051 5184 Scan finished
20:23:54.0051 5184 ============================================================
20:23:54.0086 4468 Detected object count: 1
20:23:54.0086 4468 Actual detected object count: 1
20:24:04.0584 4468 \Device\Harddisk0\DR0\# - copied to quarantine
20:24:04.0586 4468 \Device\Harddisk0\DR0 - copied to quarantine
20:24:04.0711 4468 \Device\Harddisk0\DR0 - processing error
20:24:26.0984 4468 \Device\Harddisk0\DR0 - will be restored on reboot
20:24:27.0174 4468 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
20:24:30.0132 1440 Deinitialize success

 

[Broni]

Good.

See if aswMBR will run now.

 

[Ardat]

aswMBR does start, but it doesn't seem to be able to scan properly.

I saved the log anyway, here's what I got:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 20:38:51
-----------------------------
20:38:51.444 OS Version: Windows 6.1.7600
20:38:51.444 Number of processors: 2 586 0x100
20:38:51.446 ComputerName: AFUNAKWA_LAPTOP UserName: Afunakwa
20:39:27.445 Initialze error C000010E - driver not loaded
20:42:16.970 AVAST engine defs: 12040400
20:42:41.506 Scan error: Incorrect function.
20:51:43.161 The log file has been saved successfully to "C:\Users\Afunakwa\Desktop\aswMBR.txt"

 

[Broni]

Re-run it from safe mode an be more patient.

 

[Ardat]

It worked. Here is the log I obtained:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 21:09:34
-----------------------------
21:09:34.296 OS Version: Windows 6.1.7600
21:09:34.296 Number of processors: 2 586 0x100
21:09:34.296 ComputerName: AFUNAKWA_LAPTOP UserName: Afunakwa
21:10:12.220 Initialize success
21:10:22.984 AVAST engine defs: 12040400
21:10:30.862 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000082
21:10:30.877 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
21:10:30.893 Disk 0 MBR read successfully
21:10:30.909 Disk 0 MBR scan
21:10:30.909 Disk 0 Windows XP default MBR code
21:10:30.955 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10606 MB offset 2048
21:10:30.987 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21723136
21:10:31.018 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 171281 MB offset 21927936
21:10:31.033 Disk 0 Partition - 00 05 Extended 123256 MB offset 372713472
21:10:31.080 Disk 0 Partition 4 00 83 Linux 300 MB offset 372715520
21:10:31.096 Disk 0 Partition - 00 05 Extended 2001 MB offset 373329920
21:10:31.127 Disk 0 scanning sectors +625141760
21:10:31.236 Disk 0 scanning C:\Windows\system32\drivers
21:10:46.665 Service scanning
21:11:20.641 Modules scanning
21:11:25.524 Disk 0 trace - called modules:
21:11:25.587 ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
21:11:25.602 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c97030]
21:11:25.618 3 CLASSPNP.SYS[875b059e] -> nt!IofCallDriver -> [0x83e4ac08]
21:11:25.649 5 amd_xata.sys[8714286f] -> nt!IofCallDriver -> \Device\00000082[0x84729c68]
21:11:26.616 AVAST engine scan C:\Windows
21:11:29.502 AVAST engine scan C:\Windows\system32
21:15:58.525 AVAST engine scan C:\Windows\system32\drivers
21:16:22.720 AVAST engine scan C:\Users\Afunakwa
21:42:02.022 AVAST engine scan C:\ProgramData
21:45:34.525 Scan finished successfully
21:47:52.882 Disk 0 MBR has been saved successfully to "C:\Users\Afunakwa\Desktop\MBR.dat"
21:47:52.929 The log file has been saved successfully to "C:\Users\Afunakwa\Desktop\aswMBR.txt"

 

[Broni]

Very good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Ardat]

Okay, ComboFix has finished working, so here is the log (the titles are in French, I hope it's not a problem, I wasn't able to change that):

ComboFix 12-04-04.02 - Afunakwa 05/04/2012 1:47.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.868 [GMT 2:00]
Lancé depuis: c:\users\Afunakwa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-05 au 2012-04-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-05 00:02 . 2012-04-05 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 18:24 . 2012-04-04 18:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 10:33 . 2012-04-04 10:33 691 ----a-w- c:\users\Afunakwa\AppData\Roaming\GetValue.vbs
2012-04-04 10:33 . 2012-04-04 10:33 35 ----a-w- c:\users\Afunakwa\AppData\Roaming\SetValue.bat
2012-04-04 10:12 . 2012-04-04 10:33 3586 ----a-w- c:\windows\system32\tmp.reg
2012-04-04 05:57 . 2012-04-04 05:57 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
2012-04-04 05:56 . 2012-04-04 05:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 05:56 . 2012-04-04 05:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-03 15:59 . 2012-04-03 15:59 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Process Hacker 2
2012-04-03 15:48 . 2012-04-03 15:48 -------- d-----w- c:\program files\Process Hacker 2
2012-04-03 15:04 . 2012-04-03 15:50 -------- d-----w- c:\programdata\SecTaskMan
2012-04-02 20:15 . 2012-04-04 23:43 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\skypePM
2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----w- c:\program files\Common Files\Skype
2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----r- c:\program files\Skype
2012-04-02 19:54 . 2012-04-04 23:43 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Skype
2012-04-02 15:10 . 2012-04-02 15:10 -------- d-----w- c:\program files\Common Files\Java
2012-04-02 14:51 . 2012-04-02 14:55 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Wise Registry Cleaner
2012-04-02 14:50 . 2012-04-02 14:50 -------- d-----w- c:\program files\Wise
2012-04-02 14:35 . 2012-04-02 14:49 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-01 10:38 . 2012-04-01 10:38 -------- d-----w- C:\found.000
2012-04-01 09:22 . 2012-04-01 09:22 -------- d---a-w- C:\.Trash-1000
2012-04-01 09:19 . 2012-04-01 09:19 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Malwarebytes
2012-04-01 09:19 . 2012-04-04 05:29 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 09:19 . 2012-04-03 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 09:09 . 2012-04-01 09:09 -------- d-----w- c:\windows\Sun
2012-03-16 02:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-16 02:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:38 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:38 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:38 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:38 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:38 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:38 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:37 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:37 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:37 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:37 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:37 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:37 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 15:08 . 2011-01-19 05:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 02:11 . 2012-02-16 02:11 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 02:11 . 2012-02-16 02:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 02:11 . 2012-02-16 02:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 02:11 . 2012-02-16 02:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 02:11 . 2012-02-16 02:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 02:11 . 2012-02-16 02:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 02:11 . 2012-02-16 02:11 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 02:11 . 2012-02-16 02:11 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 02:11 . 2012-02-16 02:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 02:11 . 2012-02-16 02:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 02:11 . 2012-02-16 02:11 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 02:11 . 2012-02-16 02:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 02:11 . 2012-02-16 02:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 02:11 . 2012-02-16 02:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 02:11 . 2012-02-16 02:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 02:10 . 2012-02-16 02:10 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 02:10 . 2012-02-16 02:10 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 02:10 . 2012-02-16 02:10 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 02:10 . 2012-02-16 02:10 35840 ----a-w- c:\windows\system32\imgutil.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9398888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-01 1873192]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 evsewoi;evsewoi;c:\windows\System32\drivers\dwtqb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-01 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-01 33320]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 HPEPZWX;HPEPZWX;c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe [x]
R3 IYYXY;IYYXY;c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 QKGZZFJK;QKGZZFJK;c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-09-27 222464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-10-25 84256]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 746864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1343400]
R3 XZYUIJ;XZYUIJ;c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 63616]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 32384]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-03 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-03 6574080]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-03 229888]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-03 102416]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-11-01 68208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-01 186912]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 9344]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-01 30464]
.
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.10
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3216)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Heure de fin: 2012-04-05 02:07:31
ComboFix-quarantined-files.txt 2012-04-05 00:07
.
Avant-CF: 21.506.813.952 bytes free
Après-CF: 21.748.154.368 bytes free
.
- - End Of File - - 79C1E5538A6B3B8B9083EB99559709DD

 

[Broni]

Uninstall Wise Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=====================================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\System32\drivers\dwtqb.sys
c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe
c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe
c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe
c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe


Folder::

Driver::
evsewoi
HPEPZWX
IYYXY
QKGZZFJK
XZYUIJ


Registry::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Ardat]

All done. Wise Registry Cleaner was uninstalled, and here's the log you've required:

ComboFix 12-04-04.02 - Afunakwa 06/04/2012 2:30.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.1643.516 [GMT 2:00]
Lancé depuis: c:\users\Afunakwa\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Afunakwa\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Afunakwa\AppData\Local\Temp\HPEPZWX.exe"
"c:\users\Afunakwa\AppData\Local\Temp\IYYXY.exe"
"c:\users\Afunakwa\AppData\Local\Temp\QKGZZFJK.exe"
"c:\users\Afunakwa\AppData\Local\Temp\XZYUIJ.exe"
"c:\windows\System32\drivers\dwtqb.sys"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_evsewoi
-------\Service_HPEPZWX
-------\Service_IYYXY
-------\Service_QKGZZFJK
-------\Service_XZYUIJ
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-06 au 2012-04-06 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-06 00:46 . 2012-04-06 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 05:33 . 2012-04-05 05:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96136DD6-C4D9-44D2-A90E-001239F5FA9D}\offreg.dll
2012-04-05 05:28 . 2012-04-05 05:28 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\AVG2012
2012-04-05 05:25 . 2012-04-05 05:29 -------- d-----w- c:\programdata\AVG2012
2012-04-05 05:24 . 2012-04-05 05:24 -------- d-----w- c:\program files\AVG
2012-04-05 05:23 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96136DD6-C4D9-44D2-A90E-001239F5FA9D}\mpengine.dll
2012-04-04 18:24 . 2012-04-04 18:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 10:33 . 2012-04-04 10:33 691 ----a-w- c:\users\Afunakwa\AppData\Roaming\GetValue.vbs
2012-04-04 10:33 . 2012-04-04 10:33 35 ----a-w- c:\users\Afunakwa\AppData\Roaming\SetValue.bat
2012-04-04 10:12 . 2012-04-04 10:33 3586 ----a-w- c:\windows\system32\tmp.reg
2012-04-04 05:57 . 2012-04-04 05:57 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
2012-04-04 05:56 . 2012-04-04 05:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 05:56 . 2012-04-04 05:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-03 15:59 . 2012-04-03 15:59 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Process Hacker 2
2012-04-03 15:48 . 2012-04-03 15:48 -------- d-----w- c:\program files\Process Hacker 2
2012-04-03 15:04 . 2012-04-03 15:50 -------- d-----w- c:\programdata\SecTaskMan
2012-04-02 20:15 . 2012-04-05 06:07 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\skypePM
2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----w- c:\program files\Common Files\Skype
2012-04-02 20:10 . 2012-04-02 20:10 -------- d-----r- c:\program files\Skype
2012-04-02 19:54 . 2012-04-06 04:00 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Skype
2012-04-02 15:10 . 2012-04-02 15:10 -------- d-----w- c:\program files\Common Files\Java
2012-04-02 14:35 . 2012-04-02 14:49 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-01 10:38 . 2012-04-01 10:38 -------- d-----w- C:\found.000
2012-04-01 09:22 . 2012-04-01 09:22 -------- d---a-w- C:\.Trash-1000
2012-04-01 09:19 . 2012-04-01 09:19 -------- d-----w- c:\users\Afunakwa\AppData\Roaming\Malwarebytes
2012-04-01 09:19 . 2012-04-04 05:29 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 09:19 . 2012-04-03 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 09:09 . 2012-04-01 09:09 -------- d-----w- c:\windows\Sun
2012-03-16 02:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-16 02:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:38 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:38 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:38 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:38 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:38 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:38 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:37 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:37 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:37 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:37 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:37 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:37 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 15:08 . 2011-01-19 05:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 07:18 . 2011-06-07 17:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 03:25 . 2012-02-22 03:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 03:25 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 02:11 . 2012-02-16 02:11 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 02:11 . 2012-02-16 02:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 02:11 . 2012-02-16 02:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 02:11 . 2012-02-16 02:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 02:11 . 2012-02-16 02:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 02:11 . 2012-02-16 02:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 02:11 . 2012-02-16 02:11 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 02:11 . 2012-02-16 02:11 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 02:11 . 2012-02-16 02:11 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 02:11 . 2012-02-16 02:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 02:11 . 2012-02-16 02:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 02:11 . 2012-02-16 02:11 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 02:11 . 2012-02-16 02:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 02:11 . 2012-02-16 02:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 02:11 . 2012-02-16 02:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 02:11 . 2012-02-16 02:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 02:10 . 2012-02-16 02:10 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 02:10 . 2012-02-16 02:10 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 02:10 . 2012-02-16 02:10 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 02:10 . 2012-02-16 02:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-31 02:46 . 2012-01-31 02:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 03:04 898912 ----a-w- c:\program files\AVG\AVG2012\avgdtiex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9398888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-01 1873192]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-01 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-01 33320]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-09-27 222464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-10-25 84256]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 746864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 63616]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 32384]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-03 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-03 6574080]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-03 229888]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-03 102416]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-11-01 68208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-01 186912]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 9344]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-01 30464]
.
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.10
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5572)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Sony\VAIO Smart Network\VSNClient.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\windows\system32\conhost.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\taskhost.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\windows\System32\vdsldr.exe
.
**************************************************************************
.
Heure de fin: 2012-04-06 06:05:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-04-06 04:05
ComboFix2.txt 2012-04-05 00:07
.
Avant-CF: 25.125.421.056 bytes free
Après-CF: 25.370.206.208 bytes free
.
- - End Of File - - 856DD4B75F1CAEE40EA0A7988D84A24C

 

[Broni]

Looks good.

How is computer doing?

You can reinstall AVG now.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Ardat]

The computer is doing seemingly perfectly (as far as someone as unskilled as I am can make it run anyway). It's been a while since I've been redirected, I'd say since the TDSSKiller or the aswMBR scan.

Here are the logs you've asked for:

OTL.txt:

OTL logfile created on: 06/04/2012 06:37:12 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Afunakwa\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

1.60 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 25.01% Memory free
3.21 Gb Paging File | 1.56 Gb Available in Paging File | 48.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167.27 Gb Total Space | 24.05 Gb Free Space | 14.38% Space Free | Partition Type: NTFS

Computer Name: AFUNAKWA_LAPTOP | User Name: Afunakwa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
PRC - [2012/03/31 18:37:38 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/11/23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/03 10:53:22 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/12/03 10:53:22 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/11/27 02:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/18 18:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/10/20 15:53:48 | 001,144,720 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2010/09/27 22:41:54 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/08/12 17:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2010/07/29 20:45:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/29 20:45:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/06/08 19:00:04 | 001,897,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
PRC - [2010/06/08 19:00:02 | 000,704,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
PRC - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 21:18:28 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 20:25:46 | 001,463,664 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010/05/31 19:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/18 15:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/31 18:37:59 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/03/31 18:37:59 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/03/31 18:37:59 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/03/31 18:37:58 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/03/31 18:37:58 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/03/31 18:37:57 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/03/31 18:37:57 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/03/31 18:37:57 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/03/31 18:37:56 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/03/31 18:37:56 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/03/31 18:37:56 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/03/31 18:37:55 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2012/03/31 18:37:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/02/16 04:50:49 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
MOD - [2012/02/16 04:46:38 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll
MOD - [2012/02/16 04:44:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 04:44:08 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/16 04:43:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:43:20 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/16 04:42:46 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 04:42:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/16 04:42:24 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/16 04:42:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/16 04:41:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 04:41:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 04:41:31 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/12/15 02:49:36 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2011/11/23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2011/11/23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2011/11/23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2011/11/23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2011/11/23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2011/11/23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2011/11/23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2011/11/23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2011/11/23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2011/11/23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2011/11/23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2011/11/23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011/10/13 03:30:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/27 15:24:28 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/18 18:13:28 | 000,096,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/18 18:02:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/10/14 07:32:56 | 000,226,304 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
MOD - [2010/10/14 07:32:56 | 000,163,328 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
MOD - [2010/10/14 07:32:56 | 000,139,776 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
MOD - [2010/10/14 07:32:56 | 000,117,760 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
MOD - [2010/10/14 07:32:56 | 000,108,032 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
MOD - [2010/10/14 07:32:56 | 000,051,200 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
MOD - [2010/10/14 07:32:56 | 000,050,176 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
MOD - [2010/10/14 07:32:56 | 000,047,104 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
MOD - [2010/10/14 07:32:56 | 000,034,304 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
MOD - [2010/10/14 07:32:56 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
MOD - [2010/10/14 07:32:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
MOD - [2010/08/24 16:39:36 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/11/17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/08 14:12:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/03 10:53:22 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/18 18:13:22 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/10/25 19:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010/10/25 19:26:32 | 000,084,256 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2010/10/25 19:12:24 | 000,549,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010/10/12 17:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 17:13:22 | 000,222,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV - [2010/09/27 17:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 10:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 10:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/08/12 17:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/17 07:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/06/08 19:00:02 | 000,704,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/31 20:25:44 | 000,746,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Afunakwa\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidsehx.sys -- (AVGIDSEH)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/07 17:54:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/03 10:53:30 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/12/03 10:53:23 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/12/03 10:53:23 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/05 16:28:52 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/11/05 16:28:50 | 000,063,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/11/01 05:20:30 | 001,800,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/01 05:17:29 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/11/01 05:13:51 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/01 04:23:02 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/04/26 22:20:29 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/05/26 16:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{52D2C5E6-1274-4610-89A0-6AAB82D92476}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-20/4?mpre=http://shop.ebay.co.uk/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{6A9E8D44-7E06-4812-A52A-8931BA909625}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{713C9AB0-202A-4E81-A188-5149A37FD9E5}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\..\SearchScopes\{856B4664-6F00-4D96-B60F-70259D8C28B4}: "URL" = http://uk.shopping.com/?linkin_id=8056359
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/04/05 07:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/05 07:26:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/06 05:59:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Afunakwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C11E17-A412-4792-8E30-D4B59A58F892}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8BC692-EB45-43D7-97BF-96B1DAF0E06D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 06:34:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
[2012/04/06 06:05:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/06 06:03:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/06 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{3CABBF9D-05D5-4F02-A083-05A803A799BD}
[2012/04/05 07:28:16 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\AVG2012
[2012/04/05 07:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/05 07:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/05 07:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/04/05 01:44:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 01:44:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 01:44:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 01:44:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/05 01:31:00 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
[2012/04/05 01:23:05 | 004,456,875 | R--- | C] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
[2012/04/04 20:24:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/04 20:22:32 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
[2012/04/04 19:53:05 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Afunakwa\Desktop\boot_cleaner.exe
[2012/04/04 19:09:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
[2012/04/04 13:05:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Afunakwa\Desktop\dds.com
[2012/04/04 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\SmitfraudFix
[2012/04/04 07:57:29 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/04 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/04 07:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/04 07:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/03 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Process Hacker 2
[2012/04/03 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012/04/03 17:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012/04/03 17:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/04/03 15:44:51 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\ProcessExplorer
[2012/04/02 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\skypePM
[2012/04/02 22:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/02 22:10:09 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/04/02 22:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/02 21:54:45 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Skype
[2012/04/02 17:22:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/02 16:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryNuke 2012
[2012/04/01 12:38:11 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/01 11:22:41 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2012/04/01 11:19:41 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Roaming\Malwarebytes
[2012/04/01 11:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/01 11:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/01 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/01 11:09:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/01 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2DD712B5-7AA5-461E-8E08-A8D4EF4AEE35}
[2012/03/31 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{D9A82576-0E67-45AF-97D8-1A4F4CB7B398}
[2012/03/28 22:30:34 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{FF64F043-0868-4A27-8EBA-F4ECDA300D36}
[2012/03/28 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{4AAA978F-2E35-4898-8C34-8E76EB0E13F1}
[2012/03/27 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\Desktop\Professional stuff
[2012/03/21 22:17:37 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2BA32D5A-95AF-4693-A7AE-145098D92640}
[2012/03/21 22:17:31 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{B96D3F17-9916-4F90-9BB6-433F653254C0}
[2012/03/19 01:33:09 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{40E4B9E5-CF60-4876-AC00-6052E2BA97BF}
[2012/03/19 01:32:55 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{38229EAD-4219-4D64-9159-F03F1F9805CF}
[2012/03/18 16:50:28 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{17CE50C8-C8E1-4185-83F9-5CE6BB3F0727}
[2012/03/18 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{2CE06B02-5477-42A1-8DC6-5201C2139D0C}
[2012/03/18 01:05:51 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{BDA8695B-B295-4852-9640-95315D174567}
[2012/03/17 04:16:02 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{3E369F04-5A75-4CC7-93E4-D06E7C4E74F4}
[2012/03/17 04:16:00 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{525BF40E-3383-4E9E-AD52-FABE299E77A8}
[2012/03/15 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{D454BA2D-1F57-4966-93EB-1E69AEBB01B9}
[2012/03/15 10:00:42 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{4F96D523-F531-4F2E-BE71-6B412C8A4664}
[2012/03/14 01:00:37 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{A70AC7AC-7712-4DE5-A03C-B63527FC1F19}
[2012/03/14 01:00:30 | 000,000,000 | ---D | C] -- C:\Users\Afunakwa\AppData\Local\{6DC55C1B-B4AA-4F90-A056-7FCD0366E468}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
[2012/04/06 06:16:36 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 06:16:36 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 06:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/06 06:07:07 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 05:59:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/05 19:42:26 | 093,771,669 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/05 12:09:33 | 000,040,919 | ---- | M] () -- C:\Users\Afunakwa\Desktop\Your001.PDF
[2012/04/05 01:31:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
[2012/04/05 01:23:05 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
[2012/04/04 21:47:52 | 000,000,512 | ---- | M] () -- C:\Users\Afunakwa\Desktop\MBR.dat
[2012/04/04 19:09:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
[2012/04/04 16:40:20 | 000,022,624 | ---- | M] () -- C:\Users\Public\Documents\Thoughts.odt
[2012/04/04 16:34:54 | 000,035,763 | ---- | M] () -- C:\Users\Afunakwa\Desktop\p1_2012.pdf
[2012/04/04 13:05:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\dds.com
[2012/04/04 12:33:52 | 000,000,691 | ---- | M] () -- C:\Users\Afunakwa\AppData\Roaming\GetValue.vbs
[2012/04/04 12:33:52 | 000,000,035 | ---- | M] () -- C:\Users\Afunakwa\AppData\Roaming\SetValue.bat
[2012/04/04 12:33:47 | 000,003,586 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2012/04/04 12:03:51 | 001,872,472 | ---- | M] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
[2012/04/04 07:56:48 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
[2012/04/02 19:22:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/02 19:22:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/02 15:11:14 | 000,302,592 | ---- | M] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe
[2012/04/01 11:19:33 | 000,001,091 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber
[2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
[2012/03/31 18:47:16 | 000,000,671 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/30 01:30:29 | 000,050,913 | ---- | M] () -- C:\Users\Afunakwa\Desktop\qpan.pdf
[2012/03/27 18:00:47 | 001,209,141 | ---- | M] () -- C:\Users\Afunakwa\Desktop\MSc Thesis.pdf
[2012/03/23 08:15:24 | 000,270,035 | ---- | M] () -- C:\Users\Afunakwa\Desktop\1.pdf
[2012/03/20 18:22:34 | 000,267,044 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/15 20:34:53 | 000,017,578 | ---- | M] () -- C:\Users\Afunakwa\Documents\JO8OP.jpg
[2012/03/15 08:33:56 | 000,317,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[Ardat]

========== Files Created - No Company Name ==========

[2012/04/05 12:09:33 | 000,040,919 | ---- | C] () -- C:\Users\Afunakwa\Desktop\Your001.PDF
[2012/04/05 01:44:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 01:44:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 01:44:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 01:44:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 01:44:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/04 21:47:52 | 000,000,512 | ---- | C] () -- C:\Users\Afunakwa\Desktop\MBR.dat
[2012/04/04 16:34:54 | 000,035,763 | ---- | C] () -- C:\Users\Afunakwa\Desktop\p1_2012.pdf
[2012/04/04 12:33:52 | 000,000,691 | ---- | C] () -- C:\Users\Afunakwa\AppData\Roaming\GetValue.vbs
[2012/04/04 12:33:52 | 000,000,035 | ---- | C] () -- C:\Users\Afunakwa\AppData\Roaming\SetValue.bat
[2012/04/04 12:12:19 | 000,003,586 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2012/04/04 12:03:51 | 001,872,472 | ---- | C] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
[2012/04/04 07:56:48 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/02 17:52:09 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/04/02 15:11:14 | 000,302,592 | ---- | C] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe
[2012/04/01 12:52:53 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/01 12:52:53 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/01 12:52:53 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/01 12:52:53 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/04/01 12:52:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/01 12:52:53 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/01 12:52:53 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/01 12:52:53 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/04/01 12:52:53 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/01 12:52:53 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/04/01 12:52:52 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012/04/01 12:52:52 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012/04/01 12:52:52 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012/04/01 12:52:52 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
[2012/04/01 12:52:52 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/04/01 12:52:52 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/01 12:52:52 | 000,001,233 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
[2012/04/01 12:52:52 | 000,001,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2012/04/01 12:52:52 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk
[2012/04/01 12:52:52 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/04/01 12:52:51 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/04/01 12:52:51 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012/04/01 12:52:50 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/04/01 12:52:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/01 12:52:50 | 000,001,261 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
[2012/04/01 12:52:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/01 11:19:33 | 000,001,091 | ---- | C] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/31 18:47:17 | 000,000,208 | ---- | C] () -- C:\ProgramData\-mmZW7gJurRAHber
[2012/03/31 18:47:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\-mmZW7gJurRAHbe
[2012/03/31 18:47:16 | 000,000,671 | ---- | C] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/30 01:30:29 | 000,050,913 | ---- | C] () -- C:\Users\Afunakwa\Desktop\qpan.pdf
[2012/03/27 18:00:45 | 001,209,141 | ---- | C] () -- C:\Users\Afunakwa\Desktop\MSc Thesis.pdf
[2012/03/23 08:15:23 | 000,270,035 | ---- | C] () -- C:\Users\Afunakwa\Desktop\1.pdf
[2012/03/15 20:34:52 | 000,017,578 | ---- | C] () -- C:\Users\Afunakwa\Documents\JO8OP.jpg
[2011/09/23 21:01:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/19 07:50:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/06 06:23:48 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/12/06 06:23:48 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== LOP Check ==========

[2011/11/06 05:55:29 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\.minecraft
[2012/04/05 07:28:16 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\AVG2012
[2011/06/07 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\DAEMON Tools Lite
[2011/08/07 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Minemapper
[2012/04/02 21:49:34 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Old_Skype
[2011/06/27 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\OpenOffice.org
[2011/10/24 09:36:44 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Opera
[2012/04/03 17:59:38 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\Process Hacker 2
[2012/04/06 02:45:00 | 000,000,000 | ---D | M] -- C:\Users\Afunakwa\AppData\Roaming\uTorrent
[2012/03/18 01:05:01 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/07/18 14:43:44 | 000,255,312 | ---- | M] () -- C:\ANG0
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/04/06 06:05:20 | 000,019,702 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/04/06 06:07:07 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 06:07:06 | 1722,707,968 | -HS- | M] () -- C:\pagefile.sys
[2012/04/04 12:38:34 | 000,002,688 | ---- | M] () -- C:\rapport.txt
[2011/01/19 07:42:16 | 000,002,054 | ---- | M] () -- C:\RHDSetup.log
[2012/04/01 11:17:03 | 000,000,469 | ---- | M] () -- C:\rkill.log
[2012/04/04 20:24:30 | 000,133,136 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_20.22.56_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/16 04:59:42 | 000,000,221 | -HS- | M] () -- C:\Users\Afunakwa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/05 01:31:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Afunakwa\Desktop\AppRemover.exe
[2012/04/04 19:09:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Afunakwa\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Afunakwa\Desktop\boot_cleaner.exe
[2012/04/05 01:23:05 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Afunakwa\Desktop\ComboFix.exe
[2012/04/06 06:34:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Afunakwa\Desktop\OTL.exe
[2012/04/04 12:03:51 | 001,872,472 | ---- | M] () -- C:\Users\Afunakwa\Desktop\SmitfraudFix.exe
[2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Afunakwa\Desktop\TDSSKiller.exe
[2012/04/02 15:11:14 | 000,302,592 | ---- | M] () -- C:\Users\Afunakwa\Desktop\u95zed1x.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/06 06:07:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/18 01:05:01 | 000,032,542 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/07 13:47:03 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/06/07 13:47:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/06/07 13:47:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/06/07 13:47:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/06/07 13:47:02 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/06/07 13:47:03 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 04:59:39 | 000,000,402 | -HS- | M] () -- C:\Users\Afunakwa\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
[2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

 

[Ardat]

Extras.txt:

OTL Extras logfile created on: 06/04/2012 06:37:12 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Afunakwa\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

1.60 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 25.01% Memory free
3.21 Gb Paging File | 1.56 Gb Available in Paging File | 48.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167.27 Gb Total Space | 24.05 Gb Free Space | 14.38% Space Free | Partition Type: NTFS

Computer Name: AFUNAKWA_LAPTOP | User Name: Afunakwa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CB62F-2B1E-B41C-807B-9849C083DE42}" = CCC Help English
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D1FFDF2-E93C-9320-2989-2C94022D5ACD}" = CCC Help Polish
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1027BE37-7C5D-BBA1-B333-A5F57036F8AF}" = CCC Help Italian
"{12979187-C46B-46C4-A51C-9A4A67E3DC4A}" = Beyond Good & Evil
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F59639F-8631-17FD-5745-2173DF23F13E}" = CCC Help Finnish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{250ACB6C-8AFB-8FDB-D771-91136DD553D6}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{285D5872-D7DD-43CB-9A59-EE7D18EF7DBA}" = VAIO Media plus
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{38106F09-45DF-4919-8798-667C77A0F8F6}" = Remote Keyboard
"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BBDC032-4DE3-9B75-8413-9B6D4E31285B}" = CCC Help Korean
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{453CA17F-9DBE-EB97-C404-9379367623E6}" = Catalyst Control Center Profiles Mobile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{466F988F-9C3F-CDEE-CCCC-000CF2573164}" = Catalyst Control Center Localization All
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B59576E-E748-415A-BAD4-7B5E2CFDE2D1}" = Document Express DjVu Plug-in
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4F4F286C-DF69-EF9D-86FC-22685389D665}" = WMV9/VC-1 Video Playback
"{4F86B339-5FA0-4261-A08F-CF2A85FDD8C2}" = Catalyst Control Center - Branding
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C18CEAF-7FAD-A2E2-495B-9299B01CC722}" = Catalyst Control Center Graphics Previews Common
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F663FE6-3ED0-4ABF-816C-44744F7ACABA}" = Media Gallery
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767A8531-12F2-8AE3-892E-3AE1D0ADAD52}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{772F3FAB-0BB0-77A8-EB7D-E7E9B69F9DC3}" = ATI Catalyst Install Manager
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79ACFD18-AD87-480B-88E0-CF74DD9BBA63}" = PMB VAIO Edition Plug-in
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7C864AA5-A706-A847-1A98-4DEA354E8738}" = CCC Help Norwegian
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8453F789-2683-90DC-5449-CBC75E2693BD}" = CCC Help Russian
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92CABC24-F56E-2044-7DD2-002EE0D7FEEB}" = CCC Help Swedish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{950174DD-FA73-448C-BDD3-A86B0F588EE8}" = Sexy Beach 3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2CCC3D-8C56-7D90-9252-432C59682F19}" = CCC Help French
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A063E1A7-4292-4FFF-9B66-9D2ECF612FE4}" = VAIO Care
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{ACB674B8-A3F1-D0C3-2DBD-43E8DB7EEF81}" = AMD Fuel
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1F6C84B-B527-1C2F-E5AD-0C27979ECAF9}" = Catalyst Control Center InstallProxy
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BC5D57AE-2708-FAAB-2EC6-823701E51056}" = CCC Help Danish
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C498A8E2-50A3-9199-AB0F-2BF18BF14BB0}" = CCC Help Dutch
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8459C05-CBB5-4011-C7D5-ACFDF41D1837}" = CCC Help Thai
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D3A3AAAB-40E3-0B87-B3EA-1DD659FF1563}" = CCC Help Portuguese
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F8BFC7-AF21-B5E0-EAEE-3663A1626C1A}" = CCC Help Spanish
"{D8A8F5E0-0AC2-410E-9BC5-FCBC07977FAC}" = ccc-utility
"{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack
"{DAD19566-39E2-6739-C7BE-A35C1558BDB3}" = CCC Help Chinese Traditional
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E200E500-17F2-D30D-CA9A-D06F4CBFBE76}" = ccc-core-static
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6FE050F-CB41-B88B-D63C-EEA4DB46BE67}" = CCC Help Greek
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E88BE13E-9EB8-31F8-9A4D-CDE0F8FEE72C}" = CCC Help Chinese Standard
"{E9487AEC-16E8-7637-256D-07FDD7ED8849}" = CCC Help Hungarian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB62E6D5-E217-45DD-9C42-A3BBEBA89955}" = AVG 2012
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D92DE3-F248-5A61-FAAB-FA1F255AE3E8}" = CCC Help Czech
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"DjVuLibre+DjView" = DjVuLibre+DjView
"EasyBCD" = EasyBCD 2.1
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Opera 11.62.1347" = Opera 11.62
"Portal" = Portal
"Postal 2_is1" = Portal 2
"Process_Hacker2_is1" = Process Hacker 2.27 (r4957)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/03/2012 18:51:22 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4ce596f0 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
stamp: 0x4ec49caf Exception code: 0xc0000005 Fault offset: 0x0002f963 Faulting process
id: 0xa5c Faulting application start time: 0x01ccfacba5b28367 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0d92053d-6d5f-11e1-88c9-d192064eb347

Error - 15/03/2012 01:31:54 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 15/03/2012 21:44:30 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 16/03/2012 02:19:50 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 9.4.0.195, time
stamp: 0x4c9b3e3c Faulting module name: AcroRd32.dll, version: 9.4.0.195, time stamp:
0x4c9b259e Exception code: 0xc0000005 Fault offset: 0x00278f72 Faulting process id:
0x1c70 Faulting application start time: 0x01cd032c06a1841d Faulting application path:
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe Faulting module path: C:\Program
Files\Adobe\Reader 9.0\Reader\AcroRd32.dll Report Id: 08e2c4b7-6f30-11e1-9403-eddbfd55855a

Error - 17/03/2012 21:07:16 | Computer Name = Afunakwa_laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 20/03/2012 09:16:47 | Computer Name = Afunakwa_laptop | Source = System Restore | ID = 8193
Description =

Error - 20/03/2012 09:16:47 | Computer Name = Afunakwa_laptop | Source = System Restore | ID = 8211
Description =

Error - 25/03/2012 23:04:54 | Computer Name = Afunakwa_laptop | Source = Application Error | ID = 1000
Description = Faulting application name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Faulting module name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Exception code: 0xc0000005 Fault offset: 0x005119e6 Faulting process
id: 0x1a1c Faulting application start time: 0x01cd0af60ddd14bf Faulting application
path: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe Faulting module path:
C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe Report Id: 75bdcee1-76f0-11e1-8f42-c3d7903e0761

Error - 26/03/2012 09:07:34 | Computer Name = Afunakwa_laptop | Source = SampleCollector | ID = 131331
Description = CreateFile:SState: failed with error 0x20: The process cannot access
the file because it is being used by another process.

Error - 27/03/2012 03:57:56 | Computer Name = Afunakwa_laptop | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFilerev_SState: failed with error 0x20:
The process cannot access the file because it is being used by another process.

[ System Events ]
Error - 04/04/2012 19:46:59 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 04/04/2012 19:56:17 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 04/04/2012 20:04:00 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/04/2012 01:17:28 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
evsewoi

Error - 05/04/2012 20:30:14 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/04/2012 20:39:57 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/04/2012 20:47:08 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/04/2012 20:47:24 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/04/2012 20:49:16 | Computer Name = Afunakwa_laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 02:46:53 on ?6/?04/?2012 was unexpected.

Error - 06/04/2012 00:11:26 | Computer Name = Afunakwa_laptop | Source = Service Control Manager | ID = 7022
Description = The VAIO Care Performance Service service hung on starting.


< End of report >

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  [2012/04/01 09:28:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHber
  [2012/04/01 09:28:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-mmZW7gJurRAHbe
  [2012/03/31 18:47:16 | 000,000,671 | ---- | M] () -- C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Ardat]

Everything is done. ESET didn't find anything and hence, didn't produce any log. For the rest, here they are:

OTL:

All processes killed
========== OTL ==========
HKU\S-1-5-21-3330016337-3907472232-734889955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\ProgramData\-mmZW7gJurRAHber moved successfully.
C:\ProgramData\-mmZW7gJurRAHbe moved successfully.
C:\Users\Afunakwa\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Afunakwa
->Temp folder emptied: 376413 bytes
->Temporary Internet Files folder emptied: 3084757 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 6967109 bytes
->Flash cache emptied: 3961499 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 593920 bytes

Total Files Cleaned = 14.00 mb


[EMPTYJAVA]

User: Afunakwa
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Afunakwa
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04072012_025503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````


FSS:

Farbar Service Scanner Version: 01-03-2012
Ran by Afunakwa (administrator) on 07-04-2012 at 03:05:43
Running from "C:\Users\Afunakwa\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 08:37] - [2011-09-29 17:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-06-08 10:32] - [2011-03-03 07:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-14 01:53] - [2009-07-14 03:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 01:54] - [2009-07-14 03:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 01:23] - [2009-07-14 03:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 01:24] - [2009-07-14 03:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-06-08 10:23] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 02:15] - [2009-07-14 03:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 01:30] - [2009-07-14 03:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Ardat]

I followed, and I'll continue to follow, your advices. The Malwarebytes scan came clean.


Thank you, you've been a tremendous help.

 

[Broni]

Way to go!!

Good luck and stay safe