View Full Version : Smitfraud-C issues
cdauman8
2012-03-07, 06:21
I hope I followed the protocol correctly. If not please tell me what I need to supply/fix and I apologize in advance, as well as a thank you in advance. I recently noticed SpyBot found the Smitfraud-C but could not delete. I ran ERUNT as suggested. I then downloaded DDS Log from the website, but had an issue. The links had two different files.. dds.scr and dds.com. I tried both but neither did anything. So that is where I am right now. I know I need to produce the DDS Log for help to begin, but those files didn't produce the .txt log. Whatever I need to do please let me know and I will ASAP. Thanks. Also, my computer seems to run fairly normal, though for a while I've felt it to be slowing and Firefox freezes quite often.
oldman960
2012-03-07, 08:55
Hi cdauman8, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Next
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Please post back with
both OTL logs
aswMBR log
mbr.zip (attached)
cdauman8
2012-03-10, 04:41
OTL:
OTL logfile created on: 3/9/2012 6:02:06 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Craig\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 34.63% Memory free
7.93 Gb Paging File | 3.71 Gb Available in Paging File | 46.77% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.51 Gb Total Space | 57.48 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Computer Name: CRAIG-SONY | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Craig\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Java\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) Intel(R) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\WpsHelper.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\drivers\COH_Mon.sys (Symantec Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120302.017\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilDrv11122) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120302.017\ENG64.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Craig\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/28 21:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/28 21:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/28 21:23:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Craig\AppData\Roaming\Move Networks [2012/02/28 21:24:16 | 000,000,000 | ---D | M]
[2009/11/20 14:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2012/03/09 18:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\uir3vvw1.default\extensions
[2012/02/28 20:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/28 21:23:20 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/28 21:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2012/02/28 21:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/02/28 21:24:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/02/28 21:24:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CRAIG\APPDATA\ROAMING\MOVE NETWORKS
() (No name found) -- C:\USERS\CRAIG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIR3VVW1.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/28 21:25:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Craig\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Click to call with Skype = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: Gmail = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
O1 HOSTS File: ([2009/11/28 23:32:22 | 000,358,536 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12309 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3AEB471-826B-41B8-A11A-A3A26E6C520E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/03/09 17:57:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/03/03 21:27:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Craig\Desktop\dds.com
[2012/03/03 21:23:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/03 21:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/03 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/03/03 21:17:40 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Craig\Desktop\dds.scr
[2012/03/03 21:15:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Craig\Desktop\erunt-setup.exe
[2012/02/27 20:00:33 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/02/18 03:09:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/15 21:41:27 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 21:40:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 21:40:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 21:40:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 21:40:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/15 21:40:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/15 21:40:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 21:40:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 21:40:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/15 21:40:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/15 21:40:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 21:40:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 21:40:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/15 21:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/15 21:40:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/15 21:40:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
========== Files - Modified Within 30 Days ==========
[2012/03/09 17:57:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/03/09 17:52:23 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 17:52:23 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 17:14:11 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 03:26:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 22:04:39 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/07 22:04:39 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/07 22:04:39 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 21:56:04 | 000,055,616 | ---- | M] () -- C:\Users\Craig\Documents\21 Las Fieras.dwg
[2012/03/04 20:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 21:27:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Craig\Desktop\dds.com
[2012/03/03 21:21:54 | 000,000,924 | ---- | M] () -- C:\Users\Craig\Desktop\NTREGOPT.lnk
[2012/03/03 21:21:54 | 000,000,905 | ---- | M] () -- C:\Users\Craig\Desktop\ERUNT.lnk
[2012/03/03 21:17:57 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Craig\Desktop\dds.scr
[2012/03/03 21:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Craig\Desktop\erunt-setup.exe
[2012/03/02 22:39:01 | 000,052,800 | ---- | M] () -- C:\Users\Craig\Documents\21 Las Fieras.bak
[2012/03/01 21:27:54 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 21:57:42 | 000,045,920 | ---- | M] () -- C:\Users\Craig\Documents\Drawing1.dwg
[2012/02/16 03:29:33 | 002,408,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 12:33:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/03/03 21:21:54 | 000,000,924 | ---- | C] () -- C:\Users\Craig\Desktop\NTREGOPT.lnk
[2012/03/03 21:21:54 | 000,000,905 | ---- | C] () -- C:\Users\Craig\Desktop\ERUNT.lnk
[2012/03/02 22:22:54 | 000,052,800 | ---- | C] () -- C:\Users\Craig\Documents\21 Las Fieras.bak
[2012/03/02 22:12:40 | 000,055,616 | ---- | C] () -- C:\Users\Craig\Documents\21 Las Fieras.dwg
[2011/06/17 17:17:55 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/17 17:17:46 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010/03/10 22:09:07 | 000,003,584 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2009/11/20 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Aim
[2010/01/30 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Antares
[2012/02/28 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Autodesk
[2012/02/28 21:24:14 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DAEMON Tools Pro
[2012/02/28 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\FreeFileViewer
[2009/11/20 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Moyea
[2010/02/02 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\PACE Anti-Piracy
[2009/11/20 14:02:20 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
[2012/02/28 21:24:16 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\solid-mp4-video-converter
[2012/02/28 21:24:16 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\uTorrent
[2009/12/04 16:59:12 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Xilisoft Corporation
[2011/09/01 18:57:57 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2009/07/13 21:08:49 | 000,024,934 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/20 15:38:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/01 21:27:54 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/20 15:58:34 | 000,000,187 | -H-- | M] () -- C:\Installer_Setup.log
[2006/12/01 21:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/03/01 21:28:10 | 4260,392,960 | -HS- | M] () -- C:\pagefile.sys
[2009/11/20 15:30:47 | 000,002,760 | -H-- | M] () -- C:\RHDSetup.log
[2011/08/27 04:16:12 | 000,000,000 | -H-- | M] () -- C:\t15k.2
[2011/12/03 00:35:48 | 000,000,000 | -H-- | M] () -- C:\t15o.1
[2011/12/03 00:35:48 | 000,000,000 | -H-- | M] () -- C:\t15o.2
[2011/05/30 08:11:42 | 000,000,000 | -H-- | M] () -- C:\t194.2
[2011/09/12 17:07:31 | 000,000,000 | -H-- | M] () -- C:\t194.3
[2009/05/11 19:18:50 | 000,389,664 | -H-- | M] () -- C:\vcredist_x86.log
< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/11/27 14:36:58 | 000,092,672 | ---- | M] () -- C:\Program Files (x86)\Default.SFX
[2009/11/27 14:36:50 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Default64.SFX
[2006/09/18 18:13:58 | 000,001,063 | ---- | M] () -- C:\Program Files (x86)\Descript.ion
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009/11/22 08:56:50 | 000,000,509 | ---- | M] () -- C:\Program Files (x86)\File_Id.diz
[2009/01/08 09:07:21 | 000,006,806 | ---- | M] () -- C:\Program Files (x86)\License.txt
[2006/10/22 08:21:24 | 000,003,271 | ---- | M] () -- C:\Program Files (x86)\Order.htm
[2009/11/27 14:36:02 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Rar.exe
[2009/11/17 07:49:03 | 000,076,080 | ---- | M] () -- C:\Program Files (x86)\Rar.txt
[2009/11/27 14:37:12 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\RarExt.dll
[2009/11/27 14:37:12 | 000,141,824 | ---- | M] () -- C:\Program Files (x86)\RarExt32.dll
[2006/04/11 09:01:02 | 000,001,088 | ---- | M] () -- C:\Program Files (x86)\RarFiles.lst
[2009/11/29 16:01:28 | 000,000,020 | ---- | M] () -- C:\Program Files (x86)\rarnew.dat
[2009/03/05 22:53:53 | 000,001,495 | ---- | M] () -- C:\Program Files (x86)\ReadMe.txt
[2009/09/02 13:21:28 | 000,009,232 | ---- | M] () -- C:\Program Files (x86)\TechNote.txt
[2009/11/27 14:37:20 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\Uninstall.exe
[2009/11/27 14:37:51 | 000,000,718 | ---- | M] () -- C:\Program Files (x86)\Uninstall.lst
[2009/11/27 14:36:09 | 000,262,144 | ---- | M] () -- C:\Program Files (x86)\UnRAR.exe
[2005/05/12 15:02:30 | 000,000,090 | ---- | M] () -- C:\Program Files (x86)\UnrarSrc.txt
[2009/11/16 07:58:16 | 000,017,652 | ---- | M] () -- C:\Program Files (x86)\WhatsNew.txt
[2009/11/27 14:36:15 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\WinCon.SFX
[2009/11/27 14:36:15 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\WinCon64.SFX
[2009/11/27 14:37:23 | 000,256,368 | ---- | M] () -- C:\Program Files (x86)\WinRAR.chm
[2009/11/27 14:35:54 | 001,088,512 | ---- | M] () -- C:\Program Files (x86)\WinRAR.exe
[2009/11/27 14:36:58 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Zip.SFX
[2009/11/27 14:36:58 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Zip64.SFX
[2009/11/29 16:01:28 | 000,000,022 | ---- | M] () -- C:\Program Files (x86)\zipnew.dat
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2012/03/03 21:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Craig\Desktop\erunt-setup.exe
[2012/03/09 17:57:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s >
< MD5 for: EXPLORER.ADML >
[2009/07/13 18:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 12:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 18:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 18:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 18:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 18:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
cdauman8
2012-03-10, 04:42
OTL cont.:
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2012/03/09 17:57:44 | 000,068,334 | ---- | M] () MD5=4CB2193056E967231861A795EDEE2C94 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: IEXPLORE.EXE >
[2011/11/04 21:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/07 20:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 12:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 17:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/19 20:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/04 21:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/07 21:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/07 21:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/03 21:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/07 20:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 11:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/03 21:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/20 22:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/20 21:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/17 22:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 05:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/17 22:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/04 20:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2010/12/17 21:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/20 21:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 00:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/12/16 00:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/04 20:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/17 21:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/23 21:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/19 21:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/20 22:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/23 22:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2011/12/16 00:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 01:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 04:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/23 21:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/19 21:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 12:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/03 22:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/23 22:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/03 22:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2009/07/13 17:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 11:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/19 20:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 18:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 18:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 18:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 18:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 18:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 18:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
< MD5 for: WINLOGON.ADML >
[2009/07/13 18:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 13:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 05:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 18:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 18:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/13 18:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 18:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< End of report >
cdauman8
2012-03-10, 04:43
Extras:
OTL Extras logfile created on: 3/9/2012 6:02:06 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Craig\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 34.63% Memory free
7.93 Gb Paging File | 3.71 Gb Available in Paging File | 46.77% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.51 Gb Total Space | 57.48 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Computer Name: CRAIG-SONY | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCE67697-A70A-E020-8ABA-310E95D09812}" = ccc-utility64
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{183372B8-A3C2-063B-5C9E-B5C3E09F7158}" = CCC Help Norwegian
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1D2DF848-BA1C-6D29-8DC6-A8EBC85B2128}" = CCC Help Thai
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2176C142-DEE5-8AF0-9257-CA2E65368A52}" = CCC Help Finnish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 27
"{27EA389E-B0D3-E606-A801-C397BC417B00}" = Catalyst Control Center Graphics Previews Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8631C2-72E6-4A95-A86E-CB912D8D1537}" = Sony Home Network Library
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32DD0B80-68A4-2BAD-6D43-D2A6A7732AA2}" = CCC Help Hungarian
"{33F55462-96AF-0D67-AAF3-5ACBDE186FF7}" = CCC Help Dutch
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359391F9-1A4D-A988-D62D-0F33C59AFDF6}" = CCC Help English
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{36FBD8D7-CEFC-2BFD-9E50-CDEA040D5F47}" = CCC Help Swedish
"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C7C4990-D713-E889-63E7-214D35B55B18}" = Catalyst Control Center Graphics Previews Vista
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5FC19D-AE05-3F78-4336-90116C43400E}" = CCC Help French
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E64FCCA-AE91-609C-6646-3BA7B2542C17}" = CCC Help Russian
"{4F29AF49-2F30-4E33-416B-E373ACE30B03}" = Catalyst Control Center Core Implementation
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51CBB909-7A5D-1B81-2F79-219231F0C7A6}" = Catalyst Control Center InstallProxy
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5CCB5E3A-8FA6-E1B8-082E-507493C836CD}" = Catalyst Control Center Localization All
"{5D9F5605-4B95-A700-B10E-FC5DBE052D18}" = CCC Help Italian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{653C3AFC-E8BB-E745-DEE8-A9EA8ED5D432}" = CCC Help Greek
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6CCAF3C8-8B77-3601-6E9C-E85E9444B0E6}" = CCC Help Chinese Traditional
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C8744A5-DED2-028E-C0B7-42AAA764E806}" = CCC Help Korean
"{7CF4115F-8947-2E35-718E-9AE7907FDD34}" = Catalyst Control Center Graphics Full New
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B1CF7D7-9D45-6FB7-8B8A-72E804B74ACD}" = CCC Help Danish
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96AE9B73-23A5-3781-07EE-D873CDF1935A}" = CCC Help Polish
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{97F52122-E41C-C805-3981-E8686E073978}" = CCC Help Chinese Standard
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99804FF5-11AC-4FC9-B66B-72E9A6B386BC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A82C622C-22E2-409E-7113-EB749DEBC9F7}" = CCC Help Portuguese
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
"{AA66EAEF-E6F9-BB8A-1463-72BE38F70856}" = CCC Help Japanese
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AEF0D6B2-1087-3D96-624F-B83A5EBD175D}" = Catalyst Control Center Graphics Full Existing
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2004393-13BB-E18E-B1BF-19D758AFCD8D}" = CCC Help Spanish
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDAF9A24-31F2-998B-79F3-F02580284D50}" = CCC Help Turkish
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9DC3DE6-B510-FF40-F696-CFA52F9916FE}" = CCC Help German
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F29F2FAC-3F7E-4302-689C-C6579A19B3FC}" = CCC Help Czech
"{F50D41C8-AC24-3FCD-D3AB-10C2D7CBDFB8}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"AOL Instant Messenger" = AOL Instant Messenger
"Application Manager for VAIO" = Application Manager for VAIO
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"RealPlayer 12.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft iPod Video Converter" = Xilisoft iPod Video Converter
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/5/2012 12:48:56 AM | Computer Name = Craig-Sony | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39988111
Error - 3/5/2012 12:48:57 AM | Computer Name = Craig-Sony | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/5/2012 12:48:57 AM | Computer Name = Craig-Sony | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39989156
Error - 3/5/2012 12:48:57 AM | Computer Name = Craig-Sony | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39989156
Error - 3/5/2012 1:57:13 AM | Computer Name = Craig-Sony | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 3/6/2012 1:57:21 AM | Computer Name = Craig-Sony | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 3/7/2012 1:57:40 AM | Computer Name = Craig-Sony | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 3/7/2012 7:17:36 AM | Computer Name = Craig-Sony | Source = Windows Search Service | ID = 3007
Description =
Error - 3/8/2012 1:57:21 AM | Computer Name = Craig-Sony | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 3/9/2012 1:57:15 AM | Computer Name = Craig-Sony | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
[ Media Center Events ]
Error - 2/13/2010 12:18:24 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 11:18:24 AM - Error connecting to the internet. 11:18:24 AM - Unable
to contact server..
Error - 2/13/2010 12:18:33 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 11:18:29 AM - Error connecting to the internet. 11:18:29 AM - Unable
to contact server..
Error - 2/14/2010 3:13:51 AM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:13:51 AM - Error connecting to the internet. 2:13:51 AM - Unable
to contact server..
Error - 2/14/2010 3:13:57 AM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:13:56 AM - Error connecting to the internet. 2:13:56 AM - Unable
to contact server..
Error - 2/14/2010 3:51:20 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:51:19 PM - Error connecting to the internet. 2:51:19 PM - Unable
to contact server..
Error - 2/14/2010 3:51:29 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:51:25 PM - Error connecting to the internet. 2:51:25 PM - Unable
to contact server..
Error - 2/15/2010 3:36:35 AM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:36:35 AM - Error connecting to the internet. 2:36:35 AM - Unable
to contact server..
Error - 2/15/2010 3:36:45 AM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:36:40 AM - Error connecting to the internet. 2:36:40 AM - Unable
to contact server..
Error - 2/15/2010 3:30:26 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:30:26 PM - Error connecting to the internet. 2:30:26 PM - Unable
to contact server..
Error - 2/15/2010 3:30:35 PM | Computer Name = Craig-Sony | Source = MCUpdate | ID = 0
Description = 2:30:31 PM - Error connecting to the internet. 2:30:31 PM - Unable
to contact server..
[ System Events ]
Error - 3/9/2012 12:35:45 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 1:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 2:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 3:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 4:35:47 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 5:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 6:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 7:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 8:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 3/9/2012 9:35:46 PM | Computer Name = Craig-Sony | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
< End of report >
cdauman8
2012-03-10, 04:49
MBR:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 18:45:45
-----------------------------
18:45:45.554 OS Version: Windows x64 6.1.7600
18:45:45.554 Number of processors: 2 586 0x170A
18:45:45.554 ComputerName: CRAIG-SONY UserName: Craig
18:45:48.365 Initialize success
18:45:57.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:45:57.355 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:45:57.355 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
18:45:57.365 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
18:45:57.365 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
18:45:57.365 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
18:45:57.375 Device \Driver\iaStor -> MajorFunction fffffa8004eb25c4
18:45:57.385 Disk 0 MBR read successfully
18:45:57.385 Disk 0 MBR scan
18:45:57.395 Disk 0 Windows 7 default MBR code
18:45:57.415 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10823 MB offset 2048
18:45:57.425 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294420 MB offset 22167552
18:45:57.445 Disk 0 scanning C:\Windows\system32\drivers
18:46:06.856 Service scanning
18:46:34.579 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:46:36.659 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
18:46:43.439 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
18:46:43.469 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
18:46:44.829 Modules scanning
18:46:44.839 Disk 0 trace - called modules:
18:46:44.849 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004eb25c4]<<
18:46:44.849 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb9740]
18:46:44.859 3 CLASSPNP.SYS[fffff88001b6f43f] -> nt!IofCallDriver -> [0xfffffa8004b2e500]
18:46:44.859 5 ACPI.sys[fffff880010e4781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b4b050]
18:46:44.869 \Driver\iaStor[0xfffffa8004e39580] -> IRP_MJ_CREATE -> 0xfffffa8004eb25c4
18:46:44.869 Scan finished successfully
18:46:59.901 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
18:46:59.911 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR.txt"
oldman960
2012-03-10, 07:47
Hi cdauman8,
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Right click DeFogger and click "Run as Administrator" to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
cdauman8
2012-03-10, 09:37
defogger worked without error, but I included the _disable as an attachment anyways.
TDS log:
23:27:55.0406 5388 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
23:27:56.0093 5388 ============================================================
23:27:56.0093 5388 Current date / time: 2012/03/09 23:27:56.0093
23:27:56.0093 5388 SystemInfo:
23:27:56.0093 5388
23:27:56.0093 5388 OS Version: 6.1.7600 ServicePack: 0.0
23:27:56.0093 5388 Product type: Workstation
23:27:56.0093 5388 ComputerName: CRAIG-SONY
23:27:56.0093 5388 UserName: Craig
23:27:56.0093 5388 Windows directory: C:\Windows
23:27:56.0093 5388 System windows directory: C:\Windows
23:27:56.0093 5388 Running under WOW64
23:27:56.0093 5388 Processor architecture: Intel x64
23:27:56.0093 5388 Number of processors: 2
23:27:56.0093 5388 Page size: 0x1000
23:27:56.0093 5388 Boot type: Normal boot
23:27:56.0093 5388 ============================================================
23:27:58.0018 5388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:27:58.0050 5388 \Device\Harddisk0\DR0:
23:27:58.0050 5388 MBR used
23:27:58.0050 5388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1524000, BlocksNum 0x23F0A2B0
23:27:58.0096 5388 Initialize success
23:27:58.0096 5388 ============================================================
23:28:07.0595 4444 ============================================================
23:28:07.0595 4444 Scan started
23:28:07.0595 4444 Mode: Manual; SigCheck; TDLFS;
23:28:07.0595 4444 ============================================================
23:28:17.0207 4444 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:28:17.0566 4444 1394ohci - ok
23:28:17.0956 4444 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:28:17.0987 4444 ACPI - ok
23:28:18.0299 4444 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:28:18.0658 4444 AcpiPmi - ok
23:28:19.0033 4444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:28:19.0158 4444 adp94xx - ok
23:28:19.0408 4444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:28:19.0501 4444 adpahci - ok
23:28:19.0844 4444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:28:19.0954 4444 adpu320 - ok
23:28:20.0531 4444 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:28:20.0734 4444 AFD - ok
23:28:21.0077 4444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:28:21.0155 4444 agp440 - ok
23:28:21.0420 4444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:28:21.0498 4444 aliide - ok
23:28:21.0794 4444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:28:21.0982 4444 amdide - ok
23:28:22.0278 4444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:28:22.0496 4444 AmdK8 - ok
23:28:22.0668 4444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:28:22.0871 4444 AmdPPM - ok
23:28:23.0120 4444 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
23:28:23.0198 4444 amdsata - ok
23:28:23.0292 4444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:28:23.0354 4444 amdsbs - ok
23:28:23.0651 4444 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
23:28:23.0682 4444 amdxata - ok
23:28:23.0760 4444 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:28:24.0478 4444 ApfiltrService - ok
23:28:24.0680 4444 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:28:24.0992 4444 AppID - ok
23:28:25.0320 4444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:28:25.0398 4444 arc - ok
23:28:25.0616 4444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:28:25.0694 4444 arcsas - ok
23:28:26.0084 4444 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
23:28:26.0116 4444 ArcSoftKsUFilter - ok
23:28:26.0521 4444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:28:27.0130 4444 AsyncMac - ok
23:28:27.0410 4444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:28:27.0457 4444 atapi - ok
23:28:28.0424 4444 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
23:28:29.0126 4444 atikmdag - ok
23:28:29.0594 4444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:28:29.0875 4444 b06bdrv - ok
23:28:30.0140 4444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:28:30.0312 4444 b57nd60a - ok
23:28:30.0796 4444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:28:30.0936 4444 Beep - ok
23:28:31.0061 4444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:28:31.0108 4444 blbdrive - ok
23:28:31.0248 4444 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:28:31.0357 4444 bowser - ok
23:28:31.0498 4444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:28:31.0591 4444 BrFiltLo - ok
23:28:31.0716 4444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:28:31.0763 4444 BrFiltUp - ok
23:28:31.0841 4444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:28:32.0012 4444 Brserid - ok
23:28:32.0746 4444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:28:32.0964 4444 BrSerWdm - ok
23:28:33.0151 4444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:28:33.0276 4444 BrUsbMdm - ok
23:28:33.0307 4444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:28:33.0385 4444 BrUsbSer - ok
23:28:33.0572 4444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:28:33.0683 4444 BTHMODEM - ok
23:28:33.0714 4444 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
23:28:33.0776 4444 btwaudio - ok
23:28:33.0807 4444 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
23:28:33.0854 4444 btwavdt - ok
23:28:34.0135 4444 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:28:34.0166 4444 btwl2cap - ok
23:28:34.0229 4444 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
23:28:34.0260 4444 btwrchid - ok
23:28:34.0307 4444 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:28:34.0431 4444 CAXHWAZL - ok
23:28:34.0603 4444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:28:34.0712 4444 cdfs - ok
23:28:34.0821 4444 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:28:34.0946 4444 cdrom - ok
23:28:35.0133 4444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:28:35.0227 4444 circlass - ok
23:28:35.0289 4444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:28:35.0336 4444 CLFS - ok
23:28:35.0539 4444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:28:35.0617 4444 CmBatt - ok
23:28:35.0648 4444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:28:35.0695 4444 cmdide - ok
23:28:35.0757 4444 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:28:35.0820 4444 CNG - ok
23:28:36.0054 4444 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
23:28:36.0147 4444 COH_Mon - ok
23:28:36.0413 4444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:28:36.0459 4444 Compbatt - ok
23:28:36.0537 4444 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:28:36.0600 4444 CompositeBus - ok
23:28:36.0803 4444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:28:36.0849 4444 crcdisk - ok
23:28:36.0927 4444 dc3d (51c55da62cd9bcec3494a3a362ea793c) C:\Windows\system32\DRIVERS\dc3d.sys
23:28:36.0974 4444 dc3d - ok
23:28:37.0177 4444 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:28:37.0302 4444 DfsC - ok
23:28:37.0395 4444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:28:37.0489 4444 discache - ok
23:28:37.0661 4444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:28:37.0707 4444 Disk - ok
23:28:37.0817 4444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:28:37.0895 4444 drmkaud - ok
23:28:38.0175 4444 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
23:28:38.0207 4444 DXGKrnl - ok
23:28:38.0690 4444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:28:38.0846 4444 ebdrv - ok
23:28:39.0049 4444 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:28:39.0080 4444 eeCtrl - ok
23:28:39.0267 4444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:28:39.0345 4444 elxstor - ok
23:28:39.0611 4444 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:28:39.0673 4444 EraserUtilRebootDrv - ok
23:28:39.0813 4444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:28:39.0907 4444 ErrDev - ok
23:28:39.0969 4444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:28:40.0094 4444 exfat - ok
23:28:40.0110 4444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:28:40.0250 4444 fastfat - ok
23:28:40.0500 4444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:28:40.0593 4444 fdc - ok
23:28:40.0671 4444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:28:40.0718 4444 FileInfo - ok
23:28:40.0874 4444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:28:41.0046 4444 Filetrace - ok
23:28:41.0124 4444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:28:41.0233 4444 flpydisk - ok
23:28:41.0483 4444 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:28:41.0529 4444 FltMgr - ok
23:28:41.0561 4444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:28:41.0576 4444 FsDepends - ok
23:28:41.0607 4444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:28:41.0623 4444 Fs_Rec - ok
23:28:41.0826 4444 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
23:28:41.0873 4444 fvevol - ok
23:28:41.0982 4444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:28:42.0075 4444 gagp30kx - ok
23:28:42.0231 4444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:28:42.0263 4444 GEARAspiWDM - ok
23:28:42.0356 4444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:28:42.0497 4444 hcw85cir - ok
23:28:42.0731 4444 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:28:42.0824 4444 HDAudBus - ok
23:28:43.0059 4444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:28:43.0168 4444 HidBatt - ok
23:28:43.0387 4444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:28:43.0480 4444 HidBth - ok
23:28:43.0527 4444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:28:43.0621 4444 HidIr - ok
23:28:43.0808 4444 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:28:43.0870 4444 HidUsb - ok
23:28:43.0980 4444 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:28:44.0043 4444 HpSAMD - ok
23:28:44.0402 4444 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:28:48.0136 4444 HSF_DPV - ok
23:28:48.0436 4444 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:28:48.0546 4444 HTTP - ok
23:28:48.0717 4444 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:28:48.0733 4444 hwpolicy - ok
23:28:49.0092 4444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:28:49.0154 4444 i8042prt - ok
23:28:49.0341 4444 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
23:28:49.0419 4444 iaStor - ok
23:28:49.0731 4444 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
23:28:49.0794 4444 iaStorV - ok
23:28:50.0121 4444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:28:50.0230 4444 iirsp - ok
23:28:50.0761 4444 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
23:28:50.0870 4444 IntcAzAudAddService - ok
23:28:51.0010 4444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:28:51.0057 4444 intelide - ok
23:28:51.0104 4444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:28:51.0213 4444 intelppm - ok
23:28:51.0416 4444 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:28:51.0556 4444 IpFilterDriver - ok
23:28:51.0650 4444 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:28:51.0790 4444 IPMIDRV - ok
23:28:52.0165 4444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:28:52.0336 4444 IPNAT - ok
23:28:52.0742 4444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:28:52.0882 4444 IRENUM - ok
23:28:53.0194 4444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:28:53.0241 4444 isapnp - ok
23:28:53.0335 4444 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:28:53.0460 4444 iScsiPrt - ok
23:28:53.0803 4444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:28:53.0834 4444 kbdclass - ok
23:28:54.0068 4444 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:28:54.0162 4444 kbdhid - ok
23:28:54.0786 4444 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:28:54.0817 4444 KSecDD - ok
23:28:55.0020 4444 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:28:55.0051 4444 KSecPkg - ok
23:28:55.0222 4444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:28:55.0456 4444 ksthunk - ok
23:28:55.0784 4444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:28:55.0987 4444 lltdio - ok
23:28:56.0424 4444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:28:56.0486 4444 LSI_FC - ok
23:28:56.0751 4444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:28:56.0798 4444 LSI_SAS - ok
23:28:56.0860 4444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:28:56.0923 4444 LSI_SAS2 - ok
23:28:56.0954 4444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:28:57.0001 4444 LSI_SCSI - ok
23:28:57.0141 4444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:28:57.0219 4444 luafv - ok
23:28:57.0313 4444 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:28:57.0344 4444 mdmxsdk - ok
23:28:57.0375 4444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:28:57.0406 4444 megasas - ok
23:28:57.0595 4444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:28:57.0657 4444 MegaSR - ok
23:28:57.0735 4444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:28:57.0860 4444 Modem - ok
23:28:58.0125 4444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:28:58.0187 4444 monitor - ok
23:28:58.0250 4444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:28:58.0281 4444 mouclass - ok
23:28:58.0421 4444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:28:58.0515 4444 mouhid - ok
23:28:58.0609 4444 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:28:58.0655 4444 mountmgr - ok
23:28:58.0796 4444 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:28:58.0858 4444 mpio - ok
23:28:58.0921 4444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:28:59.0030 4444 mpsdrv - ok
23:28:59.0201 4444 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:28:59.0389 4444 MRxDAV - ok
23:28:59.0482 4444 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:28:59.0591 4444 mrxsmb - ok
23:28:59.0825 4444 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:28:59.0888 4444 mrxsmb10 - ok
23:29:00.0247 4444 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:29:00.0309 4444 mrxsmb20 - ok
23:29:00.0496 4444 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:29:00.0668 4444 msahci - ok
23:29:00.0980 4444 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:29:01.0058 4444 msdsm - ok
23:29:01.0229 4444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:29:01.0339 4444 Msfs - ok
23:29:01.0401 4444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:29:01.0479 4444 mshidkmdf - ok
23:29:01.0651 4444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:29:01.0697 4444 msisadrv - ok
23:29:01.0760 4444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:29:01.0885 4444 MSKSSRV - ok
23:29:02.0165 4444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:29:02.0275 4444 MSPCLOCK - ok
23:29:02.0493 4444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:29:02.0883 4444 MSPQM - ok
23:29:02.0945 4444 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:29:02.0977 4444 MsRPC - ok
23:29:03.0148 4444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:29:03.0195 4444 mssmbios - ok
23:29:03.0257 4444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:29:03.0367 4444 MSTEE - ok
23:29:03.0398 4444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:29:03.0476 4444 MTConfig - ok
23:29:03.0632 4444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:29:03.0679 4444 Mup - ok
23:29:03.0710 4444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:29:03.0788 4444 NativeWifiP - ok
23:29:04.0100 4444 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120302.017\ENG64.SYS
23:29:04.0147 4444 NAVENG - ok
23:29:04.0318 4444 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120302.017\EX64.SYS
23:29:04.0381 4444 NAVEX15 - ok
23:29:04.0568 4444 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:29:04.0630 4444 NDIS - ok
23:29:04.0802 4444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:29:04.0927 4444 NdisCap - ok
23:29:04.0973 4444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:29:05.0083 4444 NdisTapi - ok
23:29:05.0254 4444 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:29:05.0363 4444 Ndisuio - ok
23:29:05.0426 4444 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:29:05.0488 4444 NdisWan - ok
23:29:05.0660 4444 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:29:05.0769 4444 NDProxy - ok
23:29:05.0816 4444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:29:05.0909 4444 NetBIOS - ok
23:29:06.0128 4444 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:29:06.0237 4444 NetBT - ok
23:29:06.0518 4444 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
23:29:06.0970 4444 netw5v64 - ok
23:29:07.0235 4444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:29:07.0298 4444 nfrd960 - ok
23:29:07.0376 4444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:29:07.0454 4444 Npfs - ok
23:29:07.0688 4444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:29:07.0781 4444 nsiproxy - ok
23:29:07.0875 4444 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
23:29:07.0984 4444 Ntfs - ok
23:29:08.0249 4444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:29:08.0437 4444 Null - ok
23:29:08.0998 4444 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
23:29:09.0076 4444 nvraid - ok
23:29:09.0388 4444 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
23:29:09.0466 4444 nvstor - ok
23:29:09.0591 4444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:29:09.0685 4444 nv_agp - ok
23:29:09.0841 4444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:29:10.0028 4444 ohci1394 - ok
23:29:10.0480 4444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:29:10.0574 4444 Parport - ok
23:29:10.0667 4444 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:29:10.0714 4444 partmgr - ok
23:29:10.0823 4444 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:29:10.0870 4444 pci - ok
23:29:10.0964 4444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:29:11.0011 4444 pciide - ok
23:29:11.0073 4444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:29:11.0182 4444 pcmcia - ok
23:29:11.0276 4444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:29:11.0338 4444 pcw - ok
23:29:11.0432 4444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:29:11.0557 4444 PEAUTH - ok
23:29:11.0791 4444 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys
23:29:11.0837 4444 Point64 - ok
23:29:11.0947 4444 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:29:12.0025 4444 PptpMiniport - ok
23:29:12.0056 4444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:29:12.0134 4444 Processor - ok
23:29:12.0321 4444 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:29:12.0446 4444 Psched - ok
23:29:12.0524 4444 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
23:29:12.0586 4444 PxHlpa64 - ok
23:29:12.0851 4444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:29:12.0961 4444 ql2300 - ok
23:29:13.0132 4444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:29:13.0195 4444 ql40xx - ok
23:29:13.0273 4444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:29:13.0335 4444 QWAVEdrv - ok
23:29:13.0382 4444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:29:13.0491 4444 RasAcd - ok
23:29:13.0725 4444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:29:13.0787 4444 RasAgileVpn - ok
23:29:13.0850 4444 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:29:13.0959 4444 Rasl2tp - ok
23:29:14.0006 4444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:29:14.0115 4444 RasPppoe - ok
23:29:14.0318 4444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:29:14.0411 4444 RasSstp - ok
23:29:14.0443 4444 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:29:14.0536 4444 rdbss - ok
23:29:14.0692 4444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:29:14.0786 4444 rdpbus - ok
23:29:14.0833 4444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:29:14.0989 4444 RDPCDD - ok
23:29:15.0145 4444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:29:15.0254 4444 RDPENCDD - ok
23:29:15.0316 4444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:29:15.0363 4444 RDPREFMP - ok
23:29:15.0410 4444 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:29:15.0535 4444 RDPWD - ok
23:29:15.0738 4444 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:29:15.0785 4444 rdyboost - ok
23:29:15.0848 4444 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
23:29:15.0988 4444 rimsptsk - ok
23:29:16.0144 4444 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
23:29:16.0269 4444 risdptsk - ok
23:29:16.0487 4444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:29:16.0596 4444 rspndr - ok
23:29:16.0691 4444 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
23:29:16.0800 4444 RTHDMIAzAudService - ok
23:29:16.0972 4444 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:29:17.0050 4444 sbp2port - ok
23:29:17.0128 4444 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:29:17.0175 4444 scfilter - ok
23:29:17.0253 4444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:29:17.0346 4444 secdrv - ok
23:29:17.0533 4444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:29:17.0643 4444 Serenum - ok
23:29:17.0705 4444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:29:17.0768 4444 Serial - ok
23:29:17.0971 4444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:29:18.0065 4444 sermouse - ok
23:29:18.0127 4444 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
23:29:18.0252 4444 SFEP - ok
23:29:18.0408 4444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:29:18.0533 4444 sffdisk - ok
23:29:18.0611 4444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:29:18.0720 4444 sffp_mmc - ok
23:29:18.0860 4444 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:29:18.0970 4444 sffp_sd - ok
23:29:19.0001 4444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:29:19.0048 4444 sfloppy - ok
23:29:19.0079 4444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:29:19.0141 4444 SiSRaid2 - ok
23:29:19.0360 4444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:29:19.0438 4444 SiSRaid4 - ok
23:29:19.0578 4444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:29:19.0734 4444 Smb - ok
23:29:20.0030 4444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:29:20.0062 4444 spldr - ok
23:29:20.0296 4444 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
23:29:20.0405 4444 sptd - ok
23:29:20.0576 4444 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS
23:29:20.0639 4444 SRTSP - ok
23:29:20.0686 4444 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS
23:29:20.0765 4444 SRTSPL - ok
23:29:20.0780 4444 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS
23:29:20.0827 4444 SRTSPX - ok
23:29:21.0030 4444 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:29:21.0170 4444 srv - ok
23:29:21.0373 4444 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:29:21.0498 4444 srv2 - ok
23:29:21.0701 4444 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:29:21.0780 4444 srvnet - ok
23:29:21.0873 4444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:29:21.0936 4444 stexstor - ok
23:29:22.0154 4444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:29:22.0216 4444 swenum - ok
23:29:22.0404 4444 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:29:22.0466 4444 SymEvent - ok
23:29:22.0716 4444 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:29:22.0841 4444 Tcpip - ok
23:29:23.0091 4444 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:29:23.0169 4444 TCPIP6 - ok
23:29:23.0325 4444 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:29:23.0387 4444 tcpipreg - ok
23:29:23.0419 4444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:29:23.0512 4444 TDPIPE - ok
23:29:23.0559 4444 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:29:23.0653 4444 TDTCP - ok
23:29:23.0825 4444 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:29:23.0950 4444 tdx - ok
23:29:24.0075 4444 Teefer2 (2972339537c65766fadc48a476465acd) C:\Windows\system32\DRIVERS\teefer2.sys
23:29:24.0106 4444 Teefer2 - ok
23:29:24.0402 4444 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:29:24.0449 4444 TermDD - ok
23:29:24.0621 4444 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
23:29:24.0652 4444 Tpkd ( UnsignedFile.Multi.Generic ) - warning
23:29:24.0652 4444 Tpkd - detected UnsignedFile.Multi.Generic (1)
23:29:24.0808 4444 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:29:24.0902 4444 tssecsrv - ok
23:29:24.0980 4444 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:29:25.0073 4444 tunnel - ok
23:29:25.0120 4444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:29:25.0182 4444 uagp35 - ok
23:29:25.0323 4444 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:29:25.0494 4444 udfs - ok
23:29:25.0635 4444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:29:25.0713 4444 uliagpkx - ok
23:29:25.0838 4444 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:29:25.0916 4444 umbus - ok
23:29:26.0040 4444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:29:26.0150 4444 UmPass - ok
23:29:26.0306 4444 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:29:26.0384 4444 USBAAPL64 - ok
23:29:26.0462 4444 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
23:29:26.0571 4444 usbaudio - ok
23:29:26.0742 4444 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
23:29:26.0836 4444 usbccgp - ok
23:29:26.0930 4444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:29:27.0039 4444 usbcir - ok
23:29:27.0242 4444 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
23:29:27.0273 4444 usbehci - ok
23:29:27.0351 4444 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
23:29:27.0413 4444 usbhub - ok
23:29:27.0460 4444 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
23:29:27.0507 4444 usbohci - ok
23:29:27.0710 4444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:29:27.0803 4444 usbprint - ok
23:29:28.0022 4444 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:29:28.0131 4444 USBSTOR - ok
23:29:28.0209 4444 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:29:28.0271 4444 usbuhci - ok
23:29:28.0505 4444 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
23:29:28.0552 4444 usbvideo - ok
23:29:28.0677 4444 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
23:29:28.0755 4444 usb_rndisx - ok
23:29:28.0864 4444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:29:28.0911 4444 vdrvroot - ok
23:29:29.0036 4444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:29:29.0129 4444 vga - ok
23:29:29.0254 4444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:29:29.0348 4444 VgaSave - ok
23:29:29.0488 4444 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:29:29.0550 4444 vhdmp - ok
23:29:29.0628 4444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:29:29.0691 4444 viaide - ok
23:29:29.0816 4444 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:29:29.0862 4444 volmgr - ok
23:29:30.0065 4444 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:29:30.0112 4444 volmgrx - ok
23:29:30.0299 4444 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:29:30.0362 4444 volsnap - ok
23:29:30.0564 4444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:29:30.0658 4444 vsmraid - ok
23:29:30.0783 4444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:29:30.0861 4444 vwifibus - ok
23:29:31.0032 4444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:29:31.0157 4444 WacomPen - ok
23:29:31.0298 4444 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:29:31.0422 4444 WANARP - ok
23:29:31.0438 4444 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:29:31.0500 4444 Wanarpv6 - ok
23:29:31.0781 4444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:29:31.0828 4444 Wd - ok
23:29:31.0906 4444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:29:31.0968 4444 Wdf01000 - ok
23:29:32.0156 4444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:29:32.0234 4444 WfpLwf - ok
23:29:32.0296 4444 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:29:32.0343 4444 WimFltr - ok
23:29:32.0358 4444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:29:32.0421 4444 WIMMount - ok
23:29:32.0499 4444 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:29:32.0561 4444 winachsf - ok
23:29:32.0811 4444 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:29:32.0920 4444 WinUsb - ok
23:29:32.0951 4444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:29:33.0060 4444 WmiAcpi - ok
23:29:33.0294 4444 WPS (6161036e811799a715da8344c4f28f78) C:\Windows\system32\drivers\wpsdrvnt.sys
23:29:33.0326 4444 WPS - ok
23:29:33.0372 4444 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
23:29:33.0404 4444 WpsHelper - ok
23:29:33.0544 4444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:29:33.0622 4444 ws2ifsl - ok
23:29:33.0794 4444 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:29:33.0903 4444 WudfPf - ok
23:29:34.0121 4444 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:29:34.0246 4444 WUDFRd - ok
23:29:34.0496 4444 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
23:29:34.0620 4444 XAudio - ok
23:29:34.0901 4444 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:29:35.0042 4444 yukonw7 - ok
23:29:35.0120 4444 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
23:29:35.0151 4444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:29:35.0151 4444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:29:35.0198 4444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:29:35.0198 4444 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:29:35.0229 4444 Boot (0x1200) (005c09afd27e04cf41f069cb572e1ed4) \Device\Harddisk0\DR0\Partition0
23:29:35.0244 4444 \Device\Harddisk0\DR0\Partition0 - ok
23:29:35.0244 4444 ============================================================
23:29:35.0244 4444 Scan finished
23:29:35.0244 4444 ============================================================
23:29:35.0276 5160 Detected object count: 3
23:29:35.0276 5160 Actual detected object count: 3
23:29:45.0884 5160 Tpkd ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:45.0884 5160 Tpkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:29:46.0196 5160 \Device\Harddisk0\DR0\# - copied to quarantine
23:29:46.0196 5160 \Device\Harddisk0\DR0 - copied to quarantine
23:29:46.0258 5160 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:29:47.0007 5160 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:29:47.0038 5160 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:29:47.0069 5160 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:29:47.0085 5160 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:29:47.0085 5160 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:29:47.0100 5160 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:29:47.0100 5160 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:29:47.0116 5160 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:29:47.0132 5160 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:29:47.0194 5160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:29:47.0194 5160 \Device\Harddisk0\DR0 - ok
23:29:48.0723 5160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:29:48.0723 5160 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:29:48.0723 5160 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:29:55.0337 5348 Deinitialize success
oldman960
2012-03-10, 17:30
Hi cdauman8,
How's the computer?
Please rerun aswMBR and post the log.
cdauman8
2012-03-10, 22:58
I forgot to add: after I ran the defrogger and my computer restarted, Symantec popped up. I added the image for you. I don't know if that was an issue. Will mess around and see how the computer is, but so far seems to run fine. The lag in Firefox opening seems to have remedied. Anyways. Ran aswMRB again:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 12:52:11
-----------------------------
12:52:11.697 OS Version: Windows x64 6.1.7600
12:52:11.697 Number of processors: 2 586 0x170A
12:52:11.697 ComputerName: CRAIG-SONY UserName: Craig
12:52:14.427 Initialize success
12:52:21.977 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:52:21.993 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
12:52:21.993 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000072
12:52:21.993 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
12:52:21.993 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000073
12:52:21.993 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
12:52:22.024 Disk 0 MBR read successfully
12:52:22.024 Disk 0 MBR scan
12:52:22.024 Disk 0 Windows 7 default MBR code
12:52:22.039 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10823 MB offset 2048
12:52:22.055 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294420 MB offset 22167552
12:52:22.055 Disk 0 scanning C:\Windows\system32\drivers
12:52:36.220 Service scanning
12:53:03.426 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
12:53:09.838 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
12:53:09.900 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
12:53:11.226 Modules scanning
12:53:11.226 Disk 0 trace - called modules:
12:53:11.258 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
12:53:11.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800578d060]
12:53:11.273 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa800477c560]
12:53:11.289 5 ACPI.sys[fffff88000f14781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004781050]
12:53:11.304 Scan finished successfully
12:53:46.638 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
12:53:46.638 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR2.txt"
oldman960
2012-03-11, 01:55
Hi cdauman8,
That was just Symantec detecting the files in TDSSKiller's quarantined folder.
Rerun TDSSKiller. When presented with
23:29:35.0198 4444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:29:35.0198 4444 \Device\Harddisk0\DR0 - detected TDSS File System (1)please use the dropdown menu and select delete.
Next
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the TDSSKiller log and the combofix log.
Thanks
cdauman8
2012-03-11, 03:27
TDS:
16:45:11.0206 5528 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:45:11.0237 5528 ============================================================
16:45:11.0237 5528 Current date / time: 2012/03/10 16:45:11.0237
16:45:11.0237 5528 SystemInfo:
16:45:11.0237 5528
16:45:11.0237 5528 OS Version: 6.1.7600 ServicePack: 0.0
16:45:11.0237 5528 Product type: Workstation
16:45:11.0237 5528 ComputerName: CRAIG-SONY
16:45:11.0237 5528 UserName: Craig
16:45:11.0237 5528 Windows directory: C:\Windows
16:45:11.0237 5528 System windows directory: C:\Windows
16:45:11.0237 5528 Running under WOW64
16:45:11.0237 5528 Processor architecture: Intel x64
16:45:11.0237 5528 Number of processors: 2
16:45:11.0237 5528 Page size: 0x1000
16:45:11.0237 5528 Boot type: Normal boot
16:45:11.0237 5528 ============================================================
16:45:12.0376 5528 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:12.0407 5528 \Device\Harddisk0\DR0:
16:45:12.0407 5528 MBR used
16:45:12.0407 5528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1524000, BlocksNum 0x23F0A2B0
16:45:12.0454 5528 Initialize success
16:45:12.0454 5528 ============================================================
16:45:19.0537 4708 ============================================================
16:45:19.0552 4708 Scan started
16:45:19.0552 4708 Mode: Manual; SigCheck; TDLFS;
16:45:19.0552 4708 ============================================================
16:45:20.0894 4708 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:45:21.0050 4708 1394ohci - ok
16:45:21.0159 4708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:45:21.0206 4708 ACPI - ok
16:45:21.0331 4708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:45:21.0455 4708 AcpiPmi - ok
16:45:21.0658 4708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:45:21.0721 4708 adp94xx - ok
16:45:21.0752 4708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:45:21.0799 4708 adpahci - ok
16:45:21.0830 4708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:45:21.0845 4708 adpu320 - ok
16:45:22.0017 4708 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:45:22.0142 4708 AFD - ok
16:45:22.0313 4708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:45:22.0360 4708 agp440 - ok
16:45:22.0407 4708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:45:22.0454 4708 aliide - ok
16:45:22.0469 4708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:45:22.0516 4708 amdide - ok
16:45:22.0547 4708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:45:22.0625 4708 AmdK8 - ok
16:45:22.0781 4708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:45:22.0859 4708 AmdPPM - ok
16:45:22.0906 4708 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:45:22.0937 4708 amdsata - ok
16:45:23.0125 4708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:45:23.0171 4708 amdsbs - ok
16:45:23.0234 4708 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:45:23.0281 4708 amdxata - ok
16:45:23.0374 4708 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:45:23.0437 4708 ApfiltrService - ok
16:45:23.0593 4708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:45:23.0733 4708 AppID - ok
16:45:23.0920 4708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:45:23.0967 4708 arc - ok
16:45:23.0998 4708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:45:24.0029 4708 arcsas - ok
16:45:24.0061 4708 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:45:24.0092 4708 ArcSoftKsUFilter - ok
16:45:24.0263 4708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:45:24.0482 4708 AsyncMac - ok
16:45:24.0638 4708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:45:24.0669 4708 atapi - ok
16:45:24.0872 4708 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
16:45:25.0199 4708 atikmdag - ok
16:45:25.0433 4708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:45:25.0589 4708 b06bdrv - ok
16:45:25.0621 4708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:45:25.0683 4708 b57nd60a - ok
16:45:25.0855 4708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:45:25.0964 4708 Beep - ok
16:45:26.0042 4708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:45:26.0120 4708 blbdrive - ok
16:45:26.0291 4708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:45:26.0401 4708 bowser - ok
16:45:26.0463 4708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:45:26.0525 4708 BrFiltLo - ok
16:45:26.0681 4708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:45:26.0744 4708 BrFiltUp - ok
16:45:26.0791 4708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:45:26.0900 4708 Brserid - ok
16:45:27.0056 4708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:45:27.0118 4708 BrSerWdm - ok
16:45:27.0165 4708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:45:27.0243 4708 BrUsbMdm - ok
16:45:27.0383 4708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:45:27.0446 4708 BrUsbSer - ok
16:45:27.0508 4708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:45:27.0571 4708 BTHMODEM - ok
16:45:27.0758 4708 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
16:45:27.0789 4708 btwaudio - ok
16:45:27.0820 4708 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
16:45:27.0851 4708 btwavdt - ok
16:45:27.0898 4708 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:45:27.0929 4708 btwl2cap - ok
16:45:27.0945 4708 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
16:45:27.0961 4708 btwrchid - ok
16:45:28.0132 4708 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:45:28.0226 4708 CAXHWAZL - ok
16:45:28.0304 4708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:45:28.0397 4708 cdfs - ok
16:45:28.0585 4708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:45:28.0647 4708 cdrom - ok
16:45:28.0709 4708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:45:28.0772 4708 circlass - ok
16:45:28.0943 4708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:45:28.0990 4708 CLFS - ok
16:45:29.0084 4708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:45:29.0162 4708 CmBatt - ok
16:45:29.0177 4708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:45:29.0209 4708 cmdide - ok
16:45:29.0365 4708 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:45:29.0458 4708 CNG - ok
16:45:29.0630 4708 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
16:45:29.0661 4708 COH_Mon - ok
16:45:29.0692 4708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:45:29.0723 4708 Compbatt - ok
16:45:29.0739 4708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:45:29.0801 4708 CompositeBus - ok
16:45:29.0973 4708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:45:30.0004 4708 crcdisk - ok
16:45:30.0067 4708 dc3d (51c55da62cd9bcec3494a3a362ea793c) C:\Windows\system32\DRIVERS\dc3d.sys
16:45:30.0082 4708 dc3d - ok
16:45:30.0285 4708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:45:30.0394 4708 DfsC - ok
16:45:30.0472 4708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:45:30.0628 4708 discache - ok
16:45:30.0831 4708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:45:30.0862 4708 Disk - ok
16:45:30.0925 4708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:45:30.0971 4708 drmkaud - ok
16:45:31.0174 4708 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:45:31.0237 4708 DXGKrnl - ok
16:45:31.0486 4708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:45:31.0642 4708 ebdrv - ok
16:45:31.0845 4708 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:45:31.0907 4708 eeCtrl - ok
16:45:32.0095 4708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:45:32.0126 4708 elxstor - ok
16:45:32.0313 4708 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:45:32.0375 4708 EraserUtilRebootDrv - ok
16:45:32.0516 4708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:45:32.0594 4708 ErrDev - ok
16:45:32.0672 4708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:45:32.0781 4708 exfat - ok
16:45:32.0953 4708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:45:33.0062 4708 fastfat - ok
16:45:33.0140 4708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:45:33.0218 4708 fdc - ok
16:45:33.0374 4708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:45:33.0421 4708 FileInfo - ok
16:45:33.0483 4708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:45:33.0577 4708 Filetrace - ok
16:45:33.0779 4708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:33.0842 4708 flpydisk - ok
16:45:33.0904 4708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:45:33.0935 4708 FltMgr - ok
16:45:33.0982 4708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:45:33.0998 4708 FsDepends - ok
16:45:34.0154 4708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:45:34.0185 4708 Fs_Rec - ok
16:45:34.0216 4708 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:45:34.0263 4708 fvevol - ok
16:45:34.0325 4708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:45:34.0372 4708 gagp30kx - ok
16:45:34.0528 4708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:45:34.0559 4708 GEARAspiWDM - ok
16:45:34.0622 4708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:45:34.0715 4708 hcw85cir - ok
16:45:34.0903 4708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:45:34.0981 4708 HDAudBus - ok
16:45:35.0012 4708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:45:35.0074 4708 HidBatt - ok
16:45:35.0121 4708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:45:35.0183 4708 HidBth - ok
16:45:35.0355 4708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:45:35.0402 4708 HidIr - ok
16:45:35.0464 4708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:45:35.0511 4708 HidUsb - ok
16:45:35.0698 4708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:45:35.0729 4708 HpSAMD - ok
16:45:35.0792 4708 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:45:36.0977 4708 HSF_DPV - ok
16:45:37.0133 4708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:45:37.0227 4708 HTTP - ok
16:45:37.0383 4708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:45:37.0414 4708 hwpolicy - ok
16:45:37.0461 4708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:45:37.0508 4708 i8042prt - ok
16:45:37.0539 4708 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
16:45:37.0586 4708 iaStor - ok
16:45:37.0664 4708 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:45:37.0711 4708 iaStorV - ok
16:45:37.0851 4708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:45:37.0898 4708 iirsp - ok
16:45:38.0023 4708 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
16:45:38.0101 4708 IntcAzAudAddService - ok
16:45:38.0272 4708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:45:38.0303 4708 intelide - ok
16:45:38.0335 4708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:45:38.0397 4708 intelppm - ok
16:45:38.0459 4708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:45:38.0569 4708 IpFilterDriver - ok
16:45:38.0725 4708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:45:38.0787 4708 IPMIDRV - ok
16:45:38.0865 4708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:45:38.0974 4708 IPNAT - ok
16:45:39.0146 4708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:45:39.0193 4708 IRENUM - ok
16:45:39.0239 4708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:45:39.0271 4708 isapnp - ok
16:45:39.0302 4708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:45:39.0333 4708 iScsiPrt - ok
16:45:39.0520 4708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:45:39.0567 4708 kbdclass - ok
16:45:39.0598 4708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:45:39.0661 4708 kbdhid - ok
16:45:39.0739 4708 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:45:39.0770 4708 KSecDD - ok
16:45:39.0926 4708 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:45:39.0988 4708 KSecPkg - ok
16:45:40.0051 4708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:45:40.0160 4708 ksthunk - ok
16:45:40.0363 4708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:45:40.0456 4708 lltdio - ok
16:45:40.0550 4708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:45:40.0597 4708 LSI_FC - ok
16:45:40.0753 4708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:45:40.0784 4708 LSI_SAS - ok
16:45:40.0815 4708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:45:40.0846 4708 LSI_SAS2 - ok
16:45:40.0877 4708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:45:40.0909 4708 LSI_SCSI - ok
16:45:41.0080 4708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:45:41.0236 4708 luafv - ok
16:45:41.0283 4708 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:45:41.0314 4708 mdmxsdk - ok
16:45:41.0470 4708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:45:41.0517 4708 megasas - ok
16:45:41.0533 4708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:45:41.0564 4708 MegaSR - ok
16:45:41.0626 4708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:45:41.0720 4708 Modem - ok
16:45:41.0767 4708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:45:41.0829 4708 monitor - ok
16:45:41.0969 4708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:45:42.0016 4708 mouclass - ok
16:45:42.0079 4708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:45:42.0141 4708 mouhid - ok
16:45:42.0203 4708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:45:42.0250 4708 mountmgr - ok
16:45:42.0406 4708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:45:42.0422 4708 mpio - ok
16:45:42.0484 4708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:45:42.0593 4708 mpsdrv - ok
16:45:42.0640 4708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:45:42.0718 4708 MRxDAV - ok
16:45:42.0874 4708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:45:42.0952 4708 mrxsmb - ok
16:45:43.0030 4708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:45:43.0108 4708 mrxsmb10 - ok
16:45:43.0249 4708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:45:43.0327 4708 mrxsmb20 - ok
16:45:43.0389 4708 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:45:43.0405 4708 msahci - ok
16:45:43.0436 4708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:45:43.0467 4708 msdsm - ok
16:45:43.0623 4708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:45:43.0685 4708 Msfs - ok
16:45:43.0717 4708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:45:43.0795 4708 mshidkmdf - ok
16:45:43.0841 4708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:45:43.0888 4708 msisadrv - ok
16:45:44.0029 4708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:45:44.0122 4708 MSKSSRV - ok
16:45:44.0185 4708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:45:44.0278 4708 MSPCLOCK - ok
16:45:44.0403 4708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:45:44.0497 4708 MSPQM - ok
16:45:44.0543 4708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:45:44.0575 4708 MsRPC - ok
16:45:44.0637 4708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:45:44.0668 4708 mssmbios - ok
16:45:44.0793 4708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:45:44.0871 4708 MSTEE - ok
16:45:44.0965 4708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:45:45.0011 4708 MTConfig - ok
16:45:45.0136 4708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:45:45.0167 4708 Mup - ok
16:45:45.0230 4708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:45:45.0308 4708 NativeWifiP - ok
16:45:45.0511 4708 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120302.017\ENG64.SYS
16:45:45.0557 4708 NAVENG - ok
16:45:45.0620 4708 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120302.017\EX64.SYS
16:45:45.0713 4708 NAVEX15 - ok
16:45:45.0901 4708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:45:45.0963 4708 NDIS - ok
16:45:46.0135 4708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:45:46.0213 4708 NdisCap - ok
16:45:46.0259 4708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:45:46.0353 4708 NdisTapi - ok
16:45:46.0493 4708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:45:46.0603 4708 Ndisuio - ok
16:45:46.0634 4708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:45:46.0681 4708 NdisWan - ok
16:45:46.0712 4708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:45:46.0805 4708 NDProxy - ok
16:45:46.0946 4708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:45:47.0039 4708 NetBIOS - ok
16:45:47.0071 4708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:45:47.0164 4708 NetBT - ok
16:45:47.0492 4708 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
16:45:47.0757 4708 netw5v64 - ok
16:45:47.0929 4708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:45:47.0975 4708 nfrd960 - ok
16:45:48.0053 4708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:45:48.0163 4708 Npfs - ok
16:45:48.0209 4708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:45:48.0303 4708 nsiproxy - ok
16:45:48.0490 4708 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:45:48.0568 4708 Ntfs - ok
16:45:48.0724 4708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:45:48.0802 4708 Null - ok
16:45:48.0880 4708 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:45:48.0927 4708 nvraid - ok
16:45:48.0958 4708 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:45:48.0989 4708 nvstor - ok
16:45:49.0161 4708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:45:49.0208 4708 nv_agp - ok
16:45:49.0239 4708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:45:49.0317 4708 ohci1394 - ok
16:45:49.0364 4708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:45:49.0395 4708 Parport - ok
16:45:49.0442 4708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:45:49.0489 4708 partmgr - ok
16:45:49.0660 4708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:45:49.0707 4708 pci - ok
16:45:49.0723 4708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:45:49.0738 4708 pciide - ok
16:45:49.0770 4708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:45:49.0801 4708 pcmcia - ok
16:45:49.0863 4708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:45:49.0894 4708 pcw - ok
16:45:49.0926 4708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:45:50.0019 4708 PEAUTH - ok
16:45:50.0238 4708 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys
16:45:50.0284 4708 Point64 - ok
16:45:50.0362 4708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:45:50.0425 4708 PptpMiniport - ok
16:45:50.0456 4708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:45:50.0534 4708 Processor - ok
16:45:50.0721 4708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:45:50.0799 4708 Psched - ok
16:45:50.0862 4708 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
16:45:50.0893 4708 PxHlpa64 - ok
16:45:50.0955 4708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:45:51.0018 4708 ql2300 - ok
16:45:51.0174 4708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:45:51.0205 4708 ql40xx - ok
16:45:51.0283 4708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:45:51.0345 4708 QWAVEdrv - ok
16:45:51.0392 4708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:45:51.0470 4708 RasAcd - ok
16:45:51.0657 4708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:45:51.0766 4708 RasAgileVpn - ok
16:45:51.0829 4708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:45:51.0954 4708 Rasl2tp - ok
16:45:52.0000 4708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:45:52.0094 4708 RasPppoe - ok
16:45:52.0281 4708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:45:52.0375 4708 RasSstp - ok
16:45:52.0406 4708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:45:52.0515 4708 rdbss - ok
16:45:52.0671 4708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:45:52.0734 4708 rdpbus - ok
16:45:52.0796 4708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:45:52.0874 4708 RDPCDD - ok
16:45:53.0061 4708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:45:53.0139 4708 RDPENCDD - ok
16:45:53.0186 4708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:45:53.0233 4708 RDPREFMP - ok
16:45:53.0264 4708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:45:53.0342 4708 RDPWD - ok
16:45:53.0545 4708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:45:53.0592 4708 rdyboost - ok
16:45:53.0670 4708 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
16:45:53.0763 4708 rimsptsk - ok
16:45:53.0919 4708 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
16:45:53.0982 4708 risdptsk - ok
16:45:54.0106 4708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:45:54.0200 4708 rspndr - ok
16:45:54.0403 4708 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
16:45:54.0496 4708 RTHDMIAzAudService - ok
16:45:54.0528 4708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:45:54.0574 4708 sbp2port - ok
16:45:54.0637 4708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:45:54.0699 4708 scfilter - ok
16:45:54.0886 4708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:45:54.0980 4708 secdrv - ok
16:45:55.0042 4708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:45:55.0105 4708 Serenum - ok
16:45:55.0292 4708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:45:55.0339 4708 Serial - ok
16:45:55.0370 4708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:45:55.0417 4708 sermouse - ok
16:45:55.0479 4708 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
16:45:55.0573 4708 SFEP - ok
16:45:55.0729 4708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:45:55.0807 4708 sffdisk - ok
16:45:55.0838 4708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:45:55.0900 4708 sffp_mmc - ok
16:45:55.0932 4708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:45:56.0010 4708 sffp_sd - ok
16:45:56.0181 4708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:45:56.0228 4708 sfloppy - ok
16:45:56.0259 4708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:45:56.0290 4708 SiSRaid2 - ok
16:45:56.0306 4708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:45:56.0337 4708 SiSRaid4 - ok
16:45:56.0509 4708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:45:56.0602 4708 Smb - ok
16:45:56.0696 4708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:45:56.0712 4708 spldr - ok
16:45:56.0930 4708 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
16:45:56.0992 4708 sptd - ok
16:45:57.0164 4708 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS
16:45:57.0226 4708 SRTSP - ok
16:45:57.0242 4708 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:45:57.0289 4708 SRTSPL - ok
16:45:57.0320 4708 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:45:57.0351 4708 SRTSPX - ok
16:45:57.0414 4708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:45:57.0523 4708 srv - ok
16:45:57.0694 4708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:45:57.0850 4708 srv2 - ok
16:45:58.0006 4708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:45:58.0069 4708 srvnet - ok
16:45:58.0147 4708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:45:58.0178 4708 stexstor - ok
16:45:58.0209 4708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:45:58.0256 4708 swenum - ok
16:45:58.0459 4708 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:45:58.0490 4708 SymEvent - ok
16:45:58.0615 4708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:45:58.0708 4708 Tcpip - ok
16:45:58.0927 4708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:45:59.0005 4708 TCPIP6 - ok
16:45:59.0145 4708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:45:59.0208 4708 tcpipreg - ok
16:45:59.0239 4708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:45:59.0317 4708 TDPIPE - ok
16:45:59.0348 4708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:45:59.0426 4708 TDTCP - ok
16:45:59.0457 4708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:45:59.0551 4708 tdx - ok
16:45:59.0738 4708 Teefer2 (2972339537c65766fadc48a476465acd) C:\Windows\system32\DRIVERS\teefer2.sys
16:45:59.0785 4708 Teefer2 - ok
16:45:59.0800 4708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:45:59.0832 4708 TermDD - ok
16:45:59.0878 4708 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
16:45:59.0894 4708 Tpkd ( UnsignedFile.Multi.Generic ) - warning
16:45:59.0894 4708 Tpkd - detected UnsignedFile.Multi.Generic (1)
16:46:00.0066 4708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:00.0128 4708 tssecsrv - ok
16:46:00.0159 4708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:46:00.0237 4708 tunnel - ok
16:46:00.0284 4708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:46:00.0315 4708 uagp35 - ok
16:46:00.0487 4708 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:46:00.0580 4708 udfs - ok
16:46:00.0674 4708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:46:00.0721 4708 uliagpkx - ok
16:46:00.0892 4708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:46:00.0955 4708 umbus - ok
16:46:00.0986 4708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:46:01.0048 4708 UmPass - ok
16:46:01.0111 4708 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:46:01.0142 4708 USBAAPL64 - ok
16:46:01.0314 4708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:46:01.0376 4708 usbaudio - ok
16:46:01.0423 4708 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:01.0501 4708 usbccgp - ok
16:46:01.0548 4708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:46:01.0610 4708 usbcir - ok
16:46:01.0766 4708 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:46:01.0797 4708 usbehci - ok
16:46:01.0828 4708 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:46:01.0891 4708 usbhub - ok
16:46:01.0938 4708 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:46:01.0953 4708 usbohci - ok
16:46:01.0984 4708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:46:02.0047 4708 usbprint - ok
16:46:02.0203 4708 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:02.0281 4708 USBSTOR - ok
16:46:02.0312 4708 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:46:02.0374 4708 usbuhci - ok
16:46:02.0437 4708 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:46:02.0499 4708 usbvideo - ok
16:46:02.0671 4708 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:46:02.0733 4708 usb_rndisx - ok
16:46:02.0780 4708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:46:02.0811 4708 vdrvroot - ok
16:46:02.0983 4708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:03.0030 4708 vga - ok
16:46:03.0092 4708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:46:03.0170 4708 VgaSave - ok
16:46:03.0217 4708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:46:03.0248 4708 vhdmp - ok
16:46:03.0279 4708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:46:03.0295 4708 viaide - ok
16:46:03.0451 4708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:46:03.0482 4708 volmgr - ok
16:46:03.0560 4708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:46:03.0607 4708 volmgrx - ok
16:46:03.0638 4708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:46:03.0669 4708 volsnap - ok
16:46:03.0825 4708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:46:03.0872 4708 vsmraid - ok
16:46:03.0950 4708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:46:04.0012 4708 vwifibus - ok
16:46:04.0090 4708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:46:04.0137 4708 WacomPen - ok
16:46:04.0324 4708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:04.0434 4708 WANARP - ok
16:46:04.0449 4708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:04.0496 4708 Wanarpv6 - ok
16:46:04.0590 4708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:46:04.0636 4708 Wd - ok
16:46:04.0808 4708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:46:04.0855 4708 Wdf01000 - ok
16:46:05.0026 4708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:05.0089 4708 WfpLwf - ok
16:46:05.0151 4708 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
16:46:05.0198 4708 WimFltr - ok
16:46:05.0214 4708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:46:05.0229 4708 WIMMount - ok
16:46:05.0307 4708 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:46:05.0338 4708 winachsf - ok
16:46:05.0557 4708 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:46:05.0635 4708 WinUsb - ok
16:46:05.0666 4708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:46:05.0713 4708 WmiAcpi - ok
16:46:05.0916 4708 WPS (6161036e811799a715da8344c4f28f78) C:\Windows\system32\drivers\wpsdrvnt.sys
16:46:05.0947 4708 WPS - ok
16:46:05.0994 4708 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
16:46:06.0056 4708 WpsHelper - ok
16:46:06.0118 4708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:46:06.0181 4708 ws2ifsl - ok
16:46:06.0212 4708 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:46:06.0290 4708 WudfPf - ok
16:46:06.0462 4708 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:06.0524 4708 WUDFRd - ok
16:46:06.0602 4708 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
16:46:06.0649 4708 XAudio - ok
16:46:06.0852 4708 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:46:06.0930 4708 yukonw7 - ok
16:46:06.0976 4708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:46:07.0086 4708 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:46:07.0086 4708 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:46:07.0086 4708 Boot (0x1200) (005c09afd27e04cf41f069cb572e1ed4) \Device\Harddisk0\DR0\Partition0
16:46:07.0086 4708 \Device\Harddisk0\DR0\Partition0 - ok
16:46:07.0086 4708 ============================================================
16:46:07.0086 4708 Scan finished
16:46:07.0086 4708 ============================================================
16:46:07.0101 4332 Detected object count: 2
16:46:07.0101 4332 Actual detected object count: 2
16:46:31.0359 4332 Tpkd ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:31.0359 4332 Tpkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:46:31.0406 4332 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:46:32.0170 4332 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:46:32.0280 4332 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:46:32.0685 4332 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:46:32.0857 4332 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:46:32.0904 4332 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:46:32.0904 4332 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:46:32.0950 4332 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:46:33.0200 4332 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:46:33.0294 4332 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:46:33.0294 4332 \Device\Harddisk0\DR0\TDLFS - deleted
16:46:33.0294 4332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:46:46.0959 6008 Deinitialize success
cdauman8
2012-03-11, 03:27
Combofix:
ComboFix 12-03-10.02 - Craig 03/10/2012 16:51:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.1940 [GMT -8:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\programdata\Roaming
c:\users\Craig\AppData\Local\assembly\tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 01:02 . 2012-03-11 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 07:29 . 2012-03-11 00:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 07:27 . 2012-03-10 07:27 116016 ----a-w- c:\windows\system32\drivers\86277072.sys
2012-03-04 05:21 . 2012-03-04 05:22 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-16 05:41 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 05:41 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 05:41 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 05:41 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 20:33 . 2011-09-03 21:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 04:00 . 2012-01-28 04:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\82F3.tmp
2012-01-28 04:00 . 2012-01-28 04:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\82D3.tmp
2009-11-27 22:37 . 2009-11-30 00:01 141824 ----a-w- c:\program files (x86)\RarExt32.dll
2009-11-27 22:37 . 2009-11-30 00:01 166400 ----a-w- c:\program files (x86)\RarExt.dll
2009-11-27 22:36 . 2009-11-30 00:01 91136 ----a-w- c:\program files (x86)\Zip64.SFX
2009-11-27 22:36 . 2009-11-30 00:01 92672 ----a-w- c:\program files (x86)\Default.SFX
2009-11-27 22:36 . 2009-11-30 00:01 74240 ----a-w- c:\program files (x86)\Zip.SFX
2009-11-27 22:36 . 2009-11-30 00:01 119808 ----a-w- c:\program files (x86)\Default64.SFX
2009-11-27 22:36 . 2009-11-30 00:01 89600 ----a-w- c:\program files (x86)\WinCon64.SFX
2009-11-27 22:36 . 2009-11-30 00:01 69632 ----a-w- c:\program files (x86)\WinCon.SFX
2009-11-27 22:36 . 2009-11-30 00:01 262144 ----a-w- c:\program files (x86)\UnRAR.exe
2009-11-27 22:36 . 2009-11-30 00:01 397312 ----a-w- c:\program files (x86)\Rar.exe
2009-11-27 22:35 . 2009-11-30 00:01 1088512 ----a-w- c:\program files (x86)\WinRAR.exe
2011-04-14 16:26 . 2011-06-17 02:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 17:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1c9d2a726a26481;Google Update Service (gupdate1c9d2a726a26481);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 02:12]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 02:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Adobe Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\uir3vvw1.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\CCP.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
.
**************************************************************************
.
Completion time: 2012-03-10 17:22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 01:22
.
Pre-Run: 61,259,235,328 bytes free
Post-Run: 60,997,685,248 bytes free
.
- - End Of File - - 00C7DC1FE450B5ADB7EC5C7744032C14
oldman960
2012-03-11, 06:42
Hi cdauman8,
µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem but what can be downloaded with it usually from an unknown source.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Your java is out of date. Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
One more to check for stragglers.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
Please post back with
OTL fix log
MBAM log
ESET log if there is one
cdauman8
2012-03-11, 23:11
OTL:
All processes killed
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Craig
->Temp folder emptied: 9107978 bytes
->Temporary Internet Files folder emptied: 3808719 bytes
->Java cache emptied: 119421455 bytes
->FireFox cache emptied: 64196591 bytes
->Google Chrome cache emptied: 14120103 bytes
->Flash cache emptied: 3134780 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11651029 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 215.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.36.2 log created on 03112012_134104
Files\Folders moved on Reboot...
C:\Users\Craig\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
cdauman8
2012-03-11, 23:12
When trying to update I got an error (attached image), but ran anyways. No threats found:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.01.13.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Craig :: CRAIG-SONY [administrator]
3/11/2012 2:00:39 PM
mbam-log-2012-03-11 (14-00-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186911
Time elapsed: 5 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
cdauman8
2012-03-12, 01:54
C:\ProgramData\Microsoft\Windows\DRM\82D3.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\82F3.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Microsoft\Windows\DRM\82D3.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\82F3.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\Craig\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\flstudio_8.0_install.exe probably a variant of Win32/Delf.LQXDKYX trojan
oldman960
2012-03-12, 17:28
Hi cdauman8,
Most of the detections are in spybot's quarantined folder.
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Files
C:\ProgramData\Microsoft\Windows\DRM\82D3.tmp
C:\ProgramData\Microsoft\Windows\DRM\82F3.tmp
C:\Users\Craig\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\flstudio_8.0_install.exe
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
click start
in the search box type run
click the run that appears at the top of the list
a run box should appear
into the run box copy and paste the following line and click ok
cmd.exe /k ping mbam-cdn.malwarebytes.org
A black command window will open
wait for the text and a new command prompt to appear
right click in the windows and click select all
click the tiny c:\ in the upper left hand corner
highlight edit, click copy
open a new reply in this topic and right click in the reply box and click paste
you should see the text from the command window
Please post back with
OTL fix log
output from the command window
How's the computer?
cdauman8
2012-03-13, 04:28
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\ProgramData\Microsoft\Windows\DRM\82D3.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\82F3.tmp moved successfully.
C:\Users\Craig\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\flstudio_8.0_install.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Craig
->Temp folder emptied: 1003 bytes
->Temporary Internet Files folder emptied: 4515098 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9694886 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.36.2 log created on 03122012_183120
Files\Folders moved on Reboot...
C:\Users\Craig\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
cdauman8
2012-03-13, 04:29
Run: "cmd.exe /k ping mbam-cdn.malwarebytes.org"
Ping request could not find host mbam-cdn.malwarebytes.org. Please check the nam
e and try again.
C:\Users\Craig>
oldman960
2012-03-13, 17:52
Hi
Let's see if this will show the problem.
Next
click start
in the search box type cmd
right click the cmd that appears at the top of the list and click "Run as Adminstrator"
A black command window will open
copy and paste the following command into the black window
ipconfig /all
wait it to finish and a new command prompt to appear
right click in the windows and click select all
click the tiny c:\ in the upper left hand corner
highlight edit, click copy
open a new reply in this topic and right click in the reply box and click paste
you should see the text from the command window
cdauman8
2012-03-14, 03:14
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Craig>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Craig-Sony
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FB-A6-6F-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f02b:333b:24c:957f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 12, 2012 7:26:46 PM
Lease Expires . . . . . . . . . . : Saturday, April 20, 2148 12:42:22 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 184558331
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-25-97-18-00-24-BE-38-EB-FC
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ether
net Controller
Physical Address. . . . . . . . . : 00-24-BE-38-EB-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{C1121A84-3E64-4076-93C4-3FECC133764B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.Belkin:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Craig>
cdauman8
2012-03-14, 04:13
I've been running these scans and fixes with my wireless turned off, FYI. If that matters
oldman960
2012-03-14, 05:55
Hi cdauman8,
I've been running these scans and fixes with my wireless turned off, FYI. If that matters
In order for MBAM to update it needs an internet connection. Please turn the wireless on and try to update MBAM.
cdauman8
2012-03-15, 03:12
No threats found.
oldman960
2012-03-16, 00:47
Hi cdauman8,
Everything looks good so we'll remove the tools. Keep Defogger, we will use it shortly.
From your desktop, please delete, if present
any notepads/logs that we created
aswMBR
mbr.dat
mbr.zip
TDSSKiller
You can also delete from the C:\ drive the file called TDSSKiller_* (* denotes version & date)
Next
Click the Start button,in the search box type Run. At the top click run
Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled. You can delete Defogger.
I suggest you keep MBAM. Keep it updated and use it regularly.
Updates
Java
You have an older version of Java installed.
Click on the Start button > Control Panel
Depending on your setings, either
click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
[/list] Uninstall the following program
Java(TM) SE Runtime Environment 6
Do not uninstall any other version of java you may find.
Next, clear the java cache
To clear the Java Plug-in cache: Click Start > Control Panel.
Double-click the Java icon in the control panel.
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK
Adobe Reader
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the Foxit Toolbar offered during the install.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9.1.2 first. Be sure to move any PDF documents to another folder first though.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .
You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
cdauman8
2012-03-16, 03:32
Things seem to be running fine. I couldn't find the defrogger so I didn't do that step. But everything else seems good. Thank you so much. You were beyond impressive.
cdauman8
2012-03-16, 03:35
Do I need ERUNT or NTREGOPT still? Do I just delete those?
oldman960
2012-03-16, 08:04
Hi cdauman8,
You are welcome.
You can keep ERUNT if you would like to. It can be used to keep a registry backup. If you don't want it it should be uninstalled via Programs and Features.
oldman960
2012-03-17, 20:31
Since this issue appears to be resolved ... this Topic has been closed.