Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Spyware Threats and A Few Viruses...Please Help! [Solved]

Started by VortexR18 , Mar 20 2012 02:34 PM

This topic is locked

#1
VortexR18

Posted 20 March 2012 - 02:34 PM

Member

Member
57 posts

First off, I would like to say thank you for all who's taking the time to read this thread. It is greatly appreciated, I know you are all busy people.

I received this laptop from a friend who asked me to download protection programs for him. I said no problem and proceeded to download and install Avast, SUPERAntiSpyware, and Commodo. I then decided it would be wise to scan his computer. Upon doing a complete Spyware scan, over 150 threats were found. I then moved them to chest and removed them.

I also did a boot-time Avast scan and it found around 6 threats and I had moved them to the chest.

Even though I've done these scans and moved them/deleted them, I am still fairly confident threats still reside within the computer. Here is the OTL log

OTL Log:

OTL logfile created on: 3/20/2012 4:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Morsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 314.64 Mb Available Physical Memory | 31.02% Memory free
1.63 Gb Paging File | 0.83 Gb Available in Paging File | 50.58% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.16 Gb Total Space | 70.56 Gb Free Space | 80.04% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 8A287A4ADEF0487 | User Name: Morsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/03/07 17:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/30 20:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/09 18:57:16 | 000,403,512 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe
PRC - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxefserv.exe
PRC - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxefcoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/22 23:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 23:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2005/09/15 19:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/02/09 09:43:58 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/20 15:50:10 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/20 15:50:09 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/17 02:52:30 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/17 02:52:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/06 02:01:21 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030600\algo.dll
MOD - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2011/11/12 18:29:44 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2010/09/10 14:23:33 | 000,049,296 | ---- | M] () -- C:\WINDOWS\system32\LXEFPMON.DLL
MOD - [2010/09/10 14:22:24 | 000,032,863 | ---- | M] () -- C:\Program Files\Lexmark S800 Series\ipcmt.dll
MOD - [2010/07/20 03:55:15 | 000,181,248 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxefdrpp.dll
MOD - [2009/11/05 10:35:08 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEFoem.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/05/20 21:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxefserv.exe -- (lxefCATSCustConnectService)
SRV - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxefcoms.exe -- (lxef_device)
SRV - [2009/05/14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy)
SRV - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc)
SRV - [2007/01/22 23:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr)
SRV - [2007/01/22 23:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr)
SRV - [2007/01/16 14:52:26 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\CCPWDSVC.EXE -- (ccISPwdSvc)
SRV - [2007/01/16 12:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\COMHOST.EXE -- (comHost)
SRV - [2006/12/15 14:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/10/14 14:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 16:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 16:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 16:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 18:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 09:19:26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/15 19:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 19:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 18:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 18:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/02/10 16:44:04 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 09:43:58 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/08/11 04:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 01:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/12 18:28:16 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/10 12:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/18 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110203.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/18 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110203.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/21 03:51:11 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2010/11/17 13:31:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/17 13:31:08 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/13 04:30:16 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20120315.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/10/01 15:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/10/01 15:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/10/01 15:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/10/01 15:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2007/10/01 15:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/10/01 15:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/09/15 19:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/08/12 07:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/07/23 03:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/20 01:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/29 13:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/23 13:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 13:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 13:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/18 13:01:32 | 000,237,568 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2005/02/11 03:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/09/29 16:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/03/21 09:14:58 | 000,021,376 | R--- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2000/12/05 20:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = Google
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 01:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 04:15:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/17 04:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morsan\Application Data\Mozilla\Extensions
[2012/03/17 04:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP QuickPrint) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll File not found
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5444113B-24B2-4C45-9B30-5BE2BCE9EF9E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/16 20:45:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 16:06:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Local Settings\Application Data\Mozilla
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\Mozilla
[2012/03/17 04:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/17 03:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2012/03/17 03:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/03/17 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/03/17 02:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/17 01:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/17 01:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/17 01:47:32 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/17 01:47:32 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/17 01:47:28 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/17 01:47:27 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/17 01:47:26 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/17 01:47:25 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/17 01:47:25 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/17 01:47:24 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/17 01:46:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/17 01:46:09 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/17 01:35:26 | 088,861,872 | ---- | C] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/11 21:13:48 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/02/23 17:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/20 16:14:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
[2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/20 15:48:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 15:47:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/20 15:47:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/20 15:47:08 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 00:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 04:15:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 02:02:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:49:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/17 01:47:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:47:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/17 01:35:30 | 088,861,872 | ---- | M] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/17 01:10:44 | 074,761,776 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/03/14 11:23:11 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:57:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 07:20:18 | 000,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 07:20:18 | 000,060,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/03/09 21:00:00 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ferra.job
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/23 12:17:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/17 04:15:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 01:49:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/17 01:49:41 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:47:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 01:47:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 01:47:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:10:32 | 074,761,776 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/02/24 17:12:58 | 000,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
[2012/02/23 12:54:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/23 11:46:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/23 11:46:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/03/25 11:10:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxefvs.dll
[2011/03/25 11:09:46 | 000,438,272 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefcoin.dll
[2011/03/25 11:08:53 | 000,086,150 | ---- | C] () -- C:\WINDOWS\System32\lxefgcfg.dll
[2011/03/25 11:08:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\lxefcuir.dll
[2011/03/25 11:08:34 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\lxefcui.dll
[2011/03/25 10:22:09 | 000,037,012 | ---- | C] () -- C:\WINDOWS\System32\LXEFFXPU.DLL
[2011/03/25 10:22:08 | 000,049,296 | ---- | C] () -- C:\WINDOWS\System32\LXEFPMON.DLL
[2011/03/25 10:22:04 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEFoem.dll
[2011/03/25 10:06:32 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxefrwrd.ini
[2011/03/25 10:05:01 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\LXEFinst.dll
[2011/03/25 10:04:57 | 000,430,080 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefhcp.dll
[2011/03/25 10:04:55 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefinpa.dll
[2011/03/25 10:04:54 | 000,327,680 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefiesc.dll
[2011/03/25 10:04:52 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefusb1.dll
[2011/03/25 10:04:46 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefserv.dll
[2011/03/25 10:04:44 | 000,634,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefpmui.dll
[2011/03/25 10:04:42 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeflmpm.dll
[2011/03/25 10:04:40 | 000,057,486 | ---- | C] () -- C:\WINDOWS\System32\lxefjswr.dll
[2011/03/25 10:04:37 | 000,262,278 | ---- | C] () -- C:\WINDOWS\System32\lxefinsb.dll
[2011/03/25 10:04:36 | 000,106,638 | ---- | C] () -- C:\WINDOWS\System32\lxefinsr.dll
[2011/03/25 10:04:35 | 000,450,693 | ---- | C] () -- C:\WINDOWS\System32\lxefins.dll
[2011/03/25 10:04:34 | 000,307,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefih.exe
[2011/03/25 10:04:32 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefhbn3.dll
[2011/03/25 10:04:30 | 000,299,149 | ---- | C] () -- C:\WINDOWS\System32\lxefgrd.dll
[2011/03/25 10:04:29 | 000,090,245 | ---- | C] () -- C:\WINDOWS\System32\lxefcub.dll
[2011/03/25 10:04:26 | 000,037,003 | ---- | C] () -- C:\WINDOWS\System32\lxefcur.dll
[2011/03/25 10:04:25 | 000,258,180 | ---- | C] () -- C:\WINDOWS\System32\lxefcu.dll
[2011/03/25 10:04:24 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcoms.exe
[2011/03/25 10:04:22 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomm.dll
[2011/03/25 10:04:15 | 000,815,104 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomc.dll
[2011/03/25 10:04:14 | 000,357,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcfg.exe
[2011/03/25 09:58:11 | 000,025,088 | R--- | C] () -- C:\WINDOWS\System32\lxefsmr.dll
[2011/03/25 09:58:09 | 000,630,784 | R--- | C] () -- C:\WINDOWS\System32\lxefsm.dll
[2011/01/22 04:51:20 | 000,028,580 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/21 04:23:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Morsan\Local Settings\Application Data\fusioncache.dat
[2010/11/21 03:44:44 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010/11/21 03:43:08 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/21 03:42:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/11/21 03:42:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/11/21 03:42:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/11/21 03:42:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/11/21 03:41:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 03:34:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini

========== LOP Check ==========

[2012/03/17 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/25 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S800 Series
[2011/05/12 23:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/02/23 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/05/12 23:09:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/01/22 04:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/18 01:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\FCSB000062035
[2011/05/12 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\TuneUp Software
[2010/11/21 04:22:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/03/20 16:14:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job

========== Purity Check ==========

< End of report >

Edited by VortexR18, 20 March 2012 - 02:43 PM.

#2
CompCav

Posted 25 March 2012 - 10:40 AM

Member 5k

Expert
12,454 posts

Hi, VortexR18! Posted Image

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since it has been awhile I need you to get fresh logs and a new log.

Step 1.

Please delete your current copy of OTL.

Download OTL to your Desktop
or
If you still have OTL on your desktop go immediately to the following steps:

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan All Users
Under File Scans File Age: Select 90 days from the drop down box.
Select Lop Check and Purity Check
Under Extra Registry select Use SafeList
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt and Extras.txt will be minimized in the task bar.
Post post both of the logs

Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log

Also please post any logs of tools that have been run before.

Give me any updates on issues with your computer

#3
VortexR18

Posted 25 March 2012 - 08:30 PM

Member

Topic Starter
Member
57 posts

Thank you for your help. The computer now seems to be redirecting things frequently. When I hit a link on this site, it'll redirect me, but I can manage to post things. Also, the keyboard doesnt respond correctly. If i hit "O" it will come out as "6" and so forth with many other keys, but I use the onscreen keyboard.

OTL logfile created on: 3/25/2012 8:36:58 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Morsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 482.53 Mb Available Physical Memory | 47.57% Memory free
1.63 Gb Paging File | 1.02 Gb Available in Paging File | 62.57% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.16 Gb Total Space | 70.45 Gb Free Space | 79.91% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 8A287A4ADEF0487 | User Name: Morsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/07 17:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/30 20:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/09 18:57:16 | 000,403,512 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe
PRC - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxefserv.exe
PRC - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxefcoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/22 23:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 23:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2005/09/15 19:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/25 20:26:40 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/25 20:26:40 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/17 02:52:30 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/17 02:52:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/06 02:01:21 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030600\algo.dll
MOD - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2011/11/12 18:29:44 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2010/09/10 14:23:33 | 000,049,296 | ---- | M] () -- C:\WINDOWS\system32\LXEFPMON.DLL
MOD - [2010/09/10 14:22:24 | 000,032,863 | ---- | M] () -- C:\Program Files\Lexmark S800 Series\ipcmt.dll
MOD - [2010/07/20 03:55:15 | 000,181,248 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxefdrpp.dll
MOD - [2009/11/05 10:35:08 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEFoem.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/05/20 21:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/12 18:29:44 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxefserv.exe -- (lxefCATSCustConnectService)
SRV - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxefcoms.exe -- (lxef_device)
SRV - [2009/05/14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy)
SRV - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc)
SRV - [2007/01/22 23:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr)
SRV - [2007/01/22 23:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr)
SRV - [2007/01/16 14:52:26 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\CCPWDSVC.EXE -- (ccISPwdSvc)
SRV - [2007/01/16 12:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\COMHOST.EXE -- (comHost)
SRV - [2006/12/15 14:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/10/14 14:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 16:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 16:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 16:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 18:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 09:19:26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/15 19:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 19:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 18:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 18:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/02/10 16:44:04 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 09:43:58 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/08/11 04:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 01:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Morsan\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/12 18:28:16 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/10 12:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/18 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110203.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/18 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110203.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/21 03:51:11 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2010/11/17 13:31:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/17 13:31:08 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/13 04:30:16 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20120315.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/10/01 15:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/10/01 15:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/10/01 15:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/10/01 15:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2007/10/01 15:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/10/01 15:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/09/15 19:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/08/12 07:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/07/23 03:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/20 01:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/29 13:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/23 13:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 13:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 13:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/18 13:01:32 | 000,237,568 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2005/02/11 03:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/09/29 16:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/03/21 09:14:58 | 000,021,376 | R--- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2000/12/05 20:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 01:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 04:15:07 | 000,000,000 | ---D | M]

[2012/03/17 04:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morsan\Application Data\Mozilla\Extensions
[2012/03/17 04:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP QuickPrint) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - No CLSID value found.
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5444113B-24B2-4C45-9B30-5BE2BCE9EF9E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/16 20:45:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2012/03/25 20:35:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Morsan\Desktop\aswMBR.exe
[2012/03/20 16:06:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Local Settings\Application Data\Mozilla
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\Mozilla
[2012/03/17 04:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/17 03:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2012/03/17 03:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/03/17 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/03/17 02:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/17 01:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/17 01:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/17 01:47:32 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/17 01:47:32 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/17 01:47:28 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/17 01:47:27 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/17 01:47:26 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/17 01:47:25 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/17 01:47:25 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/17 01:47:24 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/17 01:46:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/17 01:46:09 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/17 01:42:05 | 016,157,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Morsan\Desktop\Firefox Setup 11.0.exe
[2012/03/17 01:35:26 | 088,861,872 | ---- | C] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/11 21:13:48 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/02/23 17:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/03/25 20:39:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
[2012/03/25 20:35:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Morsan\Desktop\aswMBR.exe
[2012/03/25 20:24:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/25 20:24:42 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 20:24:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/25 20:24:24 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/20 15:47:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/17 04:15:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 02:02:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:49:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/17 01:47:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:47:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/17 01:42:05 | 016,157,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Morsan\Desktop\Firefox Setup 11.0.exe
[2012/03/17 01:35:30 | 088,861,872 | ---- | M] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/17 01:10:44 | 074,761,776 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/03/14 11:23:11 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:57:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 07:20:18 | 000,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 07:20:18 | 000,060,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/03/09 21:00:00 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ferra.job
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/23 12:17:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/01/11 15:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 15:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/09 12:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/17 04:15:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 01:49:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/17 01:49:41 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:47:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 01:47:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 01:47:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:10:32 | 074,761,776 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/02/24 17:12:58 | 000,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
[2012/02/23 12:54:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/23 11:46:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/23 11:46:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/03/25 11:10:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxefvs.dll
[2011/03/25 11:09:46 | 000,438,272 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefcoin.dll
[2011/03/25 11:08:53 | 000,086,150 | ---- | C] () -- C:\WINDOWS\System32\lxefgcfg.dll
[2011/03/25 11:08:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\lxefcuir.dll
[2011/03/25 11:08:34 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\lxefcui.dll
[2011/03/25 10:22:09 | 000,037,012 | ---- | C] () -- C:\WINDOWS\System32\LXEFFXPU.DLL
[2011/03/25 10:22:08 | 000,049,296 | ---- | C] () -- C:\WINDOWS\System32\LXEFPMON.DLL
[2011/03/25 10:22:04 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEFoem.dll
[2011/03/25 10:06:32 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxefrwrd.ini
[2011/03/25 10:05:01 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\LXEFinst.dll
[2011/03/25 10:04:57 | 000,430,080 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefhcp.dll
[2011/03/25 10:04:55 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefinpa.dll
[2011/03/25 10:04:54 | 000,327,680 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefiesc.dll
[2011/03/25 10:04:52 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefusb1.dll
[2011/03/25 10:04:46 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefserv.dll
[2011/03/25 10:04:44 | 000,634,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefpmui.dll
[2011/03/25 10:04:42 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeflmpm.dll
[2011/03/25 10:04:40 | 000,057,486 | ---- | C] () -- C:\WINDOWS\System32\lxefjswr.dll
[2011/03/25 10:04:37 | 000,262,278 | ---- | C] () -- C:\WINDOWS\System32\lxefinsb.dll
[2011/03/25 10:04:36 | 000,106,638 | ---- | C] () -- C:\WINDOWS\System32\lxefinsr.dll
[2011/03/25 10:04:35 | 000,450,693 | ---- | C] () -- C:\WINDOWS\System32\lxefins.dll
[2011/03/25 10:04:34 | 000,307,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefih.exe
[2011/03/25 10:04:32 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefhbn3.dll
[2011/03/25 10:04:30 | 000,299,149 | ---- | C] () -- C:\WINDOWS\System32\lxefgrd.dll
[2011/03/25 10:04:29 | 000,090,245 | ---- | C] () -- C:\WINDOWS\System32\lxefcub.dll
[2011/03/25 10:04:26 | 000,037,003 | ---- | C] () -- C:\WINDOWS\System32\lxefcur.dll
[2011/03/25 10:04:25 | 000,258,180 | ---- | C] () -- C:\WINDOWS\System32\lxefcu.dll
[2011/03/25 10:04:24 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcoms.exe
[2011/03/25 10:04:22 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomm.dll
[2011/03/25 10:04:15 | 000,815,104 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomc.dll
[2011/03/25 10:04:14 | 000,357,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcfg.exe
[2011/03/25 09:58:11 | 000,025,088 | R--- | C] () -- C:\WINDOWS\System32\lxefsmr.dll
[2011/03/25 09:58:09 | 000,630,784 | R--- | C] () -- C:\WINDOWS\System32\lxefsm.dll
[2011/01/22 04:51:20 | 000,028,580 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/21 04:23:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Morsan\Local Settings\Application Data\fusioncache.dat
[2010/11/21 03:44:44 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010/11/21 03:43:08 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/21 03:42:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/11/21 03:42:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/11/21 03:42:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/11/21 03:42:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/11/21 03:41:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 03:34:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini

========== LOP Check ==========

[2012/03/17 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/25 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S800 Series
[2011/05/12 23:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/02/23 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/05/12 23:09:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/01/22 04:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/19 11:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\FCSB000062035
[2012/03/12 07:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\InterVideo
[2011/06/04 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\TuneUp Software
[2011/02/12 18:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\FCSB000062035
[2011/02/12 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\Titanium Gears
[2011/05/12 23:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\TuneUp Software
[2011/02/12 18:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\Uniblue
[2011/02/17 04:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\FCSB000062035
[2012/03/14 11:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\InterVideo
[2012/03/14 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\TuneUp Software
[2011/06/04 12:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/02/18 01:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\FCSB000062035
[2011/05/12 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\TuneUp Software
[2011/11/09 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yanni\Application Data\FCSB000062035
[2012/03/14 07:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yanni\Application Data\TuneUp Software
[2010/11/21 04:22:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/03/25 20:39:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2004/08/13 19:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{00A8DFDE-9890-4091-8535-9A53312B011A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{281FD84C-4996-4436-A8F0-8FE629F84F9D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4F5E240C-F567-46D6-873E-95EB488F3855}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5444113B-24B2-4C45-9B30-5BE2BCE9EF9E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{70F4E742-4FB8-478E-9469-166DB64C977F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{89A53E99-5DFE-4790-AE8E-C89F11625B3E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ADFD206F-054C-4DA4-A670-223AD2C540AF}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D39D10C2-4592-41DD-B256-2287ED39EA06}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EAF36390-2311-4507-A0DF-DD11804B22B3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F956171A-9FCE-474E-A8BD-22BC339F5B52}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 09 01 08 01 06 01 00 01 07 01 05 01 01 01 02 00 03 00 04 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 08:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/13 00:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: 8A287A4ADEF0487
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E LITTLE_CARS UDF DVD-ROM 3904 MB
Volume 1 C NTFS Partition 88 GB Healthy System
Volume 2 D Removeable 0 B

< End of report >

OTL Extras logfile created on: 3/25/2012 8:36:58 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Morsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 482.53 Mb Available Physical Memory | 47.57% Memory free
1.63 Gb Paging File | 1.02 Gb Available in Paging File | 62.57% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.16 Gb Total Space | 70.45 Gb Free Space | 79.91% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 8A287A4ADEF0487 | User Name: Morsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Lexmark S800 Series\lxeffax.exe" = C:\Program Files\Lexmark S800 Series\lxeffax.exe:*:Enabled:Fax software -- ()
"C:\Program Files\ABBYY FineReader 9.0 Sprint\ScanWia.exe" = C:\Program Files\ABBYY FineReader 9.0 Sprint\ScanWia.exe:*:Enabled:ABBYY FineReader -- (ABBYY)
"C:\Program Files\ABBYY FineReader 9.0 Sprint\ScanTwain.exe" = C:\Program Files\ABBYY FineReader 9.0 Sprint\ScanTwain.exe:*:Enabled:ABBYY FineReader -- (ABBYY)
"C:\WINDOWS\system32\lxefcoms.exe" = C:\WINDOWS\system32\lxefcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Sony\VAIO Media 5.0\Vc.exe" = C:\Program Files\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media -- (Sony Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{05813AC2-611B-4ABD-A81D-4420120ABEDD}" = HP Officejet 6500 E710n-z Product Improvement Study
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23199BD2-AFD7-450E-ADC8-3E16132F17A2}" = HP Officejet 6500 E710n-z Basic Device Software
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EBB09-DE2E-4963-B355-50045B99DB27}" = SymNet
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAF5658F-F3DE-4F19-80ED-D5B43FED1F89}" = HP SmartPrint 1.0.1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}" = VAIO Zone Remote Commander
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Search Enhancement" = Search Enhancement by AOL Search
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CONNECT" = CONNECT
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"JEOPARDY!" = JEOPARDY! (remove only)
"Lexmark S800 Series" = Lexmark S800 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Wheel of Fortune" = Wheel of Fortune (remove only)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2012 11:12:35 AM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/3/2012 11:12:35 AM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2719

Error - 3/3/2012 11:12:35 AM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2719

Error - 3/6/2012 11:36:47 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2012 11:36:47 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2828

Error - 3/6/2012 11:36:47 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2828

Error - 3/7/2012 9:07:52 PM | Computer Name = 8A287A4ADEF0487 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2012 9:10:30 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/7/2012 9:10:30 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2906

Error - 3/7/2012 9:10:30 PM | Computer Name = 8A287A4ADEF0487 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2906

[ System Events ]
Error - 3/17/2012 4:21:53 AM | Computer Name = 8A287A4ADEF0487 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/17/2012 4:21:53 AM | Computer Name = 8A287A4ADEF0487 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/20/2012 3:50:08 PM | Computer Name = 8A287A4ADEF0487 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/25/2012 7:39:41 PM | Computer Name = 8A287A4ADEF0487 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.121 on
the Network Card with network address 0013CEA7F194.

Error - 3/25/2012 7:40:02 PM | Computer Name = 8A287A4ADEF0487 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/25/2012 7:41:41 PM | Computer Name = 8A287A4ADEF0487 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 3/25/2012 8:24:41 PM | Computer Name = 8A287A4ADEF0487 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.103 for the Network Card with network
address 0013CEA7F194 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/25/2012 8:25:51 PM | Computer Name = 8A287A4ADEF0487 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service VAIO Entertainment
Aggregation and Control Service with arguments "" in order to run the server: {21ADFCC3-710C-492D-847C-342CE7B7BEC4}

Error - 3/25/2012 8:25:51 PM | Computer Name = 8A287A4ADEF0487 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VAIO Entertainment Aggregation
and Control Service service to connect.

Error - 3/25/2012 8:25:52 PM | Computer Name = 8A287A4ADEF0487 | Source = Service Control Manager | ID = 7000
Description = The VAIO Entertainment Aggregation and Control Service service failed
to start due to the following error: %%1053

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 20:48:20
-----------------------------
20:48:20.343 OS Version: Windows 5.1.2600 Service Pack 3
20:48:20.343 Number of processors: 1 586 0xD08
20:48:20.343 ComputerName: 8A287A4ADEF0487 UserName: Morsan
20:48:20.734 Initialize success
20:48:20.921 AVAST engine defs: 12030600
20:48:23.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:48:23.593 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204A Size: 95396MB BusType: 3
20:48:23.593 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000093
20:48:23.593 Disk 1 Vendor: ( Size: 95396MB BusType: 0
20:48:23.625 Disk 0 MBR read successfully
20:48:23.625 Disk 0 MBR scan
20:48:24.468 Disk 0 Windows XP default MBR code
20:48:24.484 Disk 0 Partition 1 00 12 Compaq diag NTFS 5122 MB offset 63
20:48:25.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 90271 MB offset 10490445
20:48:25.578 Disk 0 scanning sectors +195366465
20:48:26.921 Disk 0 scanning C:\WINDOWS\system32\drivers
20:48:54.500 Service scanning
20:49:33.812 Modules scanning
20:49:47.875 Disk 0 trace - called modules:
20:49:47.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:49:47.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d5cab8]
20:49:47.906 3 CLASSPNP.SYS[f759cfd7] -> nt!IofCallDriver -> \Device\0000008b[0x86d5e9e8]
20:49:47.921 5 ACPI.sys[f7413620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86d5ed98]
20:49:50.453 AVAST engine scan C:\WINDOWS
20:50:12.875 AVAST engine scan C:\WINDOWS\system32
20:52:25.515 AVAST engine scan C:\WINDOWS\system32\drivers
20:52:39.859 AVAST engine scan C:\Documents and Settings\Morsan
20:58:35.359 AVAST engine scan C:\Documents and Settings\All Users
21:00:10.453 Scan finished successfully
21:00:33.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Morsan\Desktop\MBR.dat"
21:00:33.656 The log file has been saved successfully to "C:\Documents and Settings\Morsan\Desktop\aswMBR.txt"

Edited by VortexR18, 25 March 2012 - 08:33 PM.

#4
VortexR18

Posted 25 March 2012 - 08:38 PM

Member

Topic Starter
Member
57 posts

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2012 at 03:15 AM

Application Version : 5.0.1146

Core Rules Database Version : 8347
Trace Rules Database Version: 6159

Scan type : Quick Scan
Total Scan Time : 00:22:22

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 594
Memory threats detected : 1
Registry items scanned : 29038
Registry threats detected : 32
File items scanned : 12915
File threats detected : 128

Adware.Gamevance
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}\InprocServer32
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}\InprocServer32#ThreadingModel
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32#ThreadingModel
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ProgID
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\Programmable
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beaC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\GamevanceText.Linker.1
HKCR\GamevanceText.Linker.1\CLSID
HKCR\GamevanceText.Linker
HKCR\GamevanceText.Linker\CLSID
HKCR\GamevanceText.Linker\CurVer
HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
C:\Program Files\Gamevance\ars.cfg
C:\Program Files\Gamevance\gamevancelib32.dll
C:\Program Files\Gamevance\gvtl.dll
C:\Program Files\Gamevance\gvun.exe
C:\Program Files\Gamevance\icon.ico
C:\Program Files\Gamevance
HKCR\AppId\GamevanceText.DLL
HKCR\AppId\GamevanceText.DLL#AppID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayIcon
C:\PROGRAM FILES\GAMEVANCE\GAMEVANCELIB32.DLL

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BONUS.SCREENSHOTREADER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BONUS.SCREENSHOTREADER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPCUSTPARTIC.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPCUSTPARTIC.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPRINT.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPRINT.EXE#Debugger

Adware.Tracking Cookie
C:\Documents and Settings\Morsan\Cookies\2CAQ5SW4.txt [ /atdmt.com ]
C:\Documents and Settings\Morsan\Cookies\ZBC2P7F8.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Morsan\Cookies\82QA9I8B.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Morsan\Cookies\3DNX1OY3.txt [ /imrworldwide.com ]
C:\Documents and Settings\Morsan\Cookies\ZH1BS30A.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\Morsan\Cookies\PFO67YOW.txt [ /burstnet.com ]
C:\Documents and Settings\Morsan\Cookies\0GDBIUC8.txt [ /interclick.com ]
C:\Documents and Settings\Morsan\Cookies\T3VHBK1Z.txt [ /ar.atwola.com ]
C:\Documents and Settings\Morsan\Cookies\6HFUCEEF.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Morsan\Cookies\COSGPXEO.txt [ /liveperson.net ]
C:\Documents and Settings\Morsan\Cookies\61R2PD7Y.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\Morsan\Cookies\II487JGG.txt [ /serving-sys.com ]
C:\Documents and Settings\Morsan\Cookies\JS3VPXY0.txt [ /doubleclick.net ]
C:\Documents and Settings\Morsan\Cookies\OFRYH7AP.txt [ /viewablemedia.net ]
C:\Documents and Settings\Morsan\Cookies\0YGHSOIJ.txt [ /liveperson.net ]
C:\Documents and Settings\Morsan\Cookies\RGT0HG23.txt [ /collective-media.net ]
C:\Documents and Settings\Morsan\Cookies\UWHZS9RX.txt [ /tribalfusion.com ]
C:\Documents and Settings\Morsan\Cookies\C8MAAXS7.txt [ /promo.gramediamajalah.com ]
C:\Documents and Settings\Morsan\Cookies\RIH52W54.txt [ /www.burstnet.com ]
C:\Documents and Settings\Morsan\Cookies\Z98OECM0.txt [ /pointroll.com ]
C:\Documents and Settings\Morsan\Cookies\9TAMJQD3.txt [ /legolas-media.com ]
C:\Documents and Settings\Morsan\Cookies\2OTDUPOQ.txt [ /nissancreditcorporation.112.2o7.net ]
C:\Documents and Settings\Morsan\Cookies\A1TJW1EU.txt [ /accounts.google.com ]
C:\Documents and Settings\Morsan\Cookies\XZHON4WL.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Morsan\Cookies\LRPEF1ES.txt [ /advertising.com ]
C:\Documents and Settings\Morsan\Cookies\BNVNMQBD.txt [ /hotlog.ru ]
C:\Documents and Settings\Morsan\Cookies\B46TVXME.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Morsan\Cookies\KEBYHOZV.txt [ /at.atwola.com ]
C:\Documents and Settings\Morsan\Cookies\NZ0ST0YP.txt [ /h.atdmt.com ]
C:\Documents and Settings\Morsan\Cookies\HJUGWP10.txt [ /invitemedia.com ]
C:\Documents and Settings\Morsan\Cookies\MYDP55DK.txt [ /revsci.net ]
C:\Documents and Settings\Morsan\Cookies\UBQ05ZY4.txt [ /questionmarket.com ]
C:\Documents and Settings\Morsan\Cookies\JY4YE5D9.txt [ /media6degrees.com ]
C:\Documents and Settings\Morsan\Cookies\F4NKAOF0.txt [ /a1.interclick.com ]
C:\Documents and Settings\Morsan\Cookies\VPH9XEC4.txt [ /zedo.com ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\0P172XW4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\CONJ8Q4M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\3FW9XNSR.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\0YPQNMMB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\OZMGZPHS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\NIF14HMZ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\37V5UH14.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\5JHUEEG2.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\OJU3WHB8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\7RF90B0I.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\84EHPKVC.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\J4CAQR4R.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\V0OF7AT1.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\JDLV1U2D.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\77W4ASGQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\GW86WUMQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\KG1UW91E.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\H0H56AN5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\31Z74XVM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\3V7FDEVF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\TUABR1C5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\WP24AZIJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\GXVX1NJB.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\5LNYSLCB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\JLVKS7B1.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\AOVHLYYY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\EAESTO2P.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\3D6G2HQX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERLIANTY\Cookies\9DM4GFZJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERRA\Cookies\M6USAEQM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\FERRA\Cookies\OA3632NY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@adinterax[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@tribalfusion[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@questionmarket[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@clicksor[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@azjmp[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@casalemedia[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@internettrafficbuilder[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@adserving[2].txt [ Cookie:[email protected]/adserving ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@pointroll[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@atdmt[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@tacoda[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@specificmedia[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@fastclick[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@yieldmanager[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@doubleclick[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@zedo[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@apmebf[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@adbrite[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@specificclick[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@statcounter[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@tradedoubler[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@revsci[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@interclick[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@adecn[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@ronincreativemedia[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@legolas-media[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\JEREMIA\Cookies\jeremia@serving-sys[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@adinterax[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@macromedia[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@advertising[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@atdmt[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@2o7[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@zedo[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@atwola[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\yanni@doubleclick[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\YANNI\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]

2- SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2012 at 07:32 AM

Application Version : 5.0.1146

Core Rules Database Version : 8347
Trace Rules Database Version: 6159

Scan type : Complete Scan
Total Scan Time : 01:03:25

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 34900
Registry threats detected : 0
File items scanned : 38045
File threats detected : 50

Trojan.Agent/Gen-StartPage
C:\DOCUMENTS AND SETTINGS\FERLIANTY\APPLICATION DATA\FCSB000062035\TOOLBAR\UNINST.EXE
C:\DOCUMENTS AND SETTINGS\FERRA\APPLICATION DATA\FCSB000062035\TOOLBAR\UNINST.EXE
C:\PROGRAM FILES\SHOP TO WIN 2\UNINST.EXE
C:\DOCUMENTS AND SETTINGS\FERRA\START MENU\PROGRAMS\SHOP TO WIN 2\UNINSTALL.LNK
C:\DOCUMENTS AND SETTINGS\JEREMIA\APPLICATION DATA\FCSB000062035\TOOLBAR\UNINST.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\APPLICATION DATA\FCSB000062035\TOOLBAR\UNINST.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\BU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\CU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\DU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\EU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\FU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\GU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\HU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\IU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\JU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\KU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\LU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\MU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\NU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\OU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\PU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\QU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\RU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\SU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\TU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\UU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\VU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\WU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\XU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\YU_.EXE
C:\DOCUMENTS AND SETTINGS\MORSAN\LOCAL SETTINGS\TEMP\~NSU.TMP\ZU_.EXE
C:\DOCUMENTS AND SETTINGS\YANNI\APPLICATION DATA\FCSB000062035\TOOLBAR\UNINST.EXE

Adware.Tracking Cookie
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TV8TQNWB ]
mediaservice.mirror-image.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TV8TQNWB ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TV8TQNWB ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TV8TQNWB ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sonyelectronicssupportus.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\FERLIANTY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\MORSAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TX94KFXS ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MORSAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TX94KFXS ]

Trojan.Agent/Gen-SoftonicDownloader
C:\DOCUMENTS AND SETTINGS\MORSAN\MY DOCUMENTS\SOFTONICDOWNLOADER_FOR_ROYALE-NOIR.EXE

3- SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2012 at 05:17 PM

Application Version : 5.0.1146

Core Rules Database Version : 8347
Trace Rules Database Version: 6159

Scan type : Complete Scan
Total Scan Time : 01:01:47

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 34900
Registry threats detected : 0
File items scanned : 38022
File threats detected : 6

Trojan.Agent/Gen-StartPage
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023980.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023981.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023982.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023984.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023985.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP83\A0023986.EXE

I was not able to find the txt file of the avast boot time scan I ran

Edited by VortexR18, 25 March 2012 - 08:39 PM.

#5
CompCav

Posted 25 March 2012 - 11:25 PM

Member 5k

Expert
12,454 posts

I was not able to find the txt file of the avast boot time scan I ran

That is OK for now :thumbsup:

Regards,

CompCav

#6
CompCav

Posted 26 March 2012 - 02:20 PM

Member 5k

Expert
12,454 posts

Thank you for the logs.

I noticed that you have two anti-virus programs running ( Norton & Avast Anti-Virus). I strongly recommend that you have only one antivirus product installed and running on your computer at a time. I would recommend you uninstall Norton and keep Avast.

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.

Please use this Norton removal tool. Go to step two and click the yellow download button and save it to your desktop, then run it. This tool removes all of their products since 2003. This tool may require you to restart the computer several times to complete the removal.

Step 1.

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe. (right click and run as administrator)
Wait until Prescan has finished ...
Click on Scan
Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

Step 2.

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll File not found
O2 - BHO: (no name) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/02/19 11:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\FCSB000062035
[2011/02/12 18:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\FCSB000062035
[2011/02/17 04:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\FCSB000062035
[2011/02/18 01:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\FCSB000062035
[2011/11/09 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yanni\Application Data\FCSB000062035



:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 5.

Download OTL to your Desktop ro if you still have it skip to the next step.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users, and under Extra Registry select Use SafeList
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes
Post the log

Step 6.

Please Post:

all RkReport.txt files
OTL fix log
Combofix log
TDSSKiller log
OTL.txt

How is your computer doing? Are your wallpaper and icons normal?

#7
VortexR18

Posted 28 March 2012 - 01:11 AM

Member

Topic Starter
Member
57 posts

hello again.

I am having difficulty running roguekiller properly. I don't have an option to "Run as Administrator" just a "Run As..." and no "Administrator" as an option.

I am given a choice of "Current User" and "The Following User:".

I do know the account I am using is a Computer Administrator though, but no log file came up after I followed your steps.

Also yes, my wallpaper and icons are normal, no suspicious changes at the moment.

Edited by VortexR18, 28 March 2012 - 01:17 AM.

#8
CompCav

Posted 28 March 2012 - 05:48 AM

Member 5k

Expert
12,454 posts

I am having difficulty running roguekiller properly. I don't have an option to "Run as Administrator" just a "Run As..." and no "Administrator" as an option.

Just click on it normally, the run as administrator is for Windows Vista or 7. You do not need to do that for Windows XP :thumbsup:

#9
VortexR18

Posted 28 March 2012 - 09:14 PM

Member

Topic Starter
Member
57 posts

Hello, sorry if my replies are a bit sporadic it's been a busy week, but I thank you for your patience and time.

I will be posting the logs shortly.

#10
CompCav

Posted 28 March 2012 - 09:38 PM

Member 5k

Expert
12,454 posts

No problem we realize that life can get in the way.

Regards,

CompCav

#11
VortexR18

Posted 28 March 2012 - 10:18 PM

Member

Topic Starter
Member
57 posts

Hello, for step 5, it seems as if the "Use Safelist" wasn't checked under "Extra Registry" before I ran the Quick Scan. I apologize, i didn't want to run the scan again in fear of messing anything up. I hope it didn't mess things up TOO much

lol

But anyways, here are the logs in order in which you requested

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Morsan [Admin rights]
Mode: Scan -- Date: 03/28/2012 21:22:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a68253c1e53e69c1d30e5263c18dac95
[BSP] 529bf137dcd15f75bad217cd210ae234 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5122 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10490445 | Size: 90271 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Morsan [Admin rights]
Mode: Remove -- Date: 03/28/2012 21:25:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> ERROR
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> ERROR
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a68253c1e53e69c1d30e5263c18dac95
[BSP] 529bf137dcd15f75bad217cd210ae234 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5122 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10490445 | Size: 90271 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Documents and Settings\Ferlianty\Application Data\FCSB000062035\Toolbar folder moved successfully.
C:\Documents and Settings\Ferlianty\Application Data\FCSB000062035 folder moved successfully.
C:\Documents and Settings\Ferra\Application Data\FCSB000062035\Toolbar folder moved successfully.
C:\Documents and Settings\Ferra\Application Data\FCSB000062035 folder moved successfully.
C:\Documents and Settings\Jeremia\Application Data\FCSB000062035\Toolbar folder moved successfully.
C:\Documents and Settings\Jeremia\Application Data\FCSB000062035 folder moved successfully.
C:\Documents and Settings\Morsan\Application Data\FCSB000062035\Toolbar folder moved successfully.
C:\Documents and Settings\Morsan\Application Data\FCSB000062035 folder moved successfully.
C:\Documents and Settings\yanni\Application Data\FCSB000062035\Toolbar folder moved successfully.
C:\Documents and Settings\yanni\Application Data\FCSB000062035 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Morsan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Morsan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Ferlianty
->Temp folder emptied: 800 bytes
->Temporary Internet Files folder emptied: 20216445 bytes
->Google Chrome cache emptied: 53058933 bytes
->Flash cache emptied: 20405 bytes

User: Ferra
->Temp folder emptied: 1300998 bytes
->Temporary Internet Files folder emptied: 51195984 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4539 bytes

User: Jeremia
->Temp folder emptied: 4887203 bytes
->Temporary Internet Files folder emptied: 329183735 bytes
->Flash cache emptied: 4186 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Morsan
->Temp folder emptied: 22483234 bytes
->Temporary Internet Files folder emptied: 196327637 bytes
->FireFox cache emptied: 5879585 bytes
->Google Chrome cache emptied: 6295199 bytes
->Flash cache emptied: 2293 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: yanni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 91189122 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 9034 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 588644 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87096307 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 830.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.1 log created on 03282012_212734

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_79c.dat not found!

Registry entries deleted on Reboot...

ComboFix 12-03-28.02 - Morsan 03/28/2012 22:07:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.590 [GMT -4:00]
Running from: c:\documents and settings\Morsan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ferra\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
c:\documents and settings\Ferra\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest
c:\documents and settings\Ferra\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\gvtextlinks.jar
c:\documents and settings\Ferra\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.xpt
c:\documents and settings\Ferra\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf
c:\program files\Freeze.com\NetAssistant\NeTAssistant.dll
c:\windows\kb835221.exe
c:\windows\setup.exe
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb893056-x86-enu.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 01:27 . 2012-03-29 01:27 -------- d-----w- C:\_OTL
2012-03-28 05:35 . 2012-03-28 05:35 -------- d-----w- C:\RK_Quarantine
2012-03-17 08:15 . 2012-03-17 08:15 -------- d-----w- c:\documents and settings\Morsan\Local Settings\Application Data\Mozilla
2012-03-17 07:55 . 2012-03-17 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-03-17 07:55 . 2012-03-17 07:55 -------- d-----w- c:\program files\COMODO
2012-03-17 06:52 . 2012-03-17 06:52 -------- d-----w- c:\documents and settings\Morsan\Application Data\SUPERAntiSpyware.com
2012-03-17 06:51 . 2012-03-17 06:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 06:51 . 2012-03-17 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-17 05:47 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-17 05:47 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-17 05:47 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-17 05:47 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-17 05:47 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-17 05:47 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-17 05:47 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-17 05:47 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-17 05:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-17 05:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-17 05:45 . 2012-03-17 05:45 -------- d-----w- c:\program files\AVAST Software
2012-03-17 05:45 . 2012-03-17 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\documents and settings\Jeremia\Application Data\InterVideo
2012-03-14 15:25 . 2012-03-14 15:25 -------- d-----w- c:\documents and settings\Jeremia\Application Data\TuneUp Software
2012-03-14 11:19 . 2012-03-14 11:19 -------- d-----w- c:\documents and settings\yanni\Application Data\TuneUp Software
2012-03-12 11:25 . 2012-03-12 11:25 -------- d-----w- c:\documents and settings\Ferlianty\Application Data\InterVideo
2012-03-12 01:13 . 2012-03-12 01:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-12 01:13 . 2012-03-12 01:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 01:13 . 2012-03-12 01:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 01:13 . 2012-03-12 01:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 01:13 . 2012-03-12 01:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 01:13 . 2012-03-12 01:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-28 12:35 . 2012-02-28 12:35 -------- d-----w- c:\documents and settings\Ferlianty\Application Data\AdobeUM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2005-11-16 23:26 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-23 15:46 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2005-11-17 00:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:39 . 2012-03-17 08:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21 114688 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-04-29 17:56 45056 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-09-15 14:19 148288 ----a-w- c:\program files\Lexmark S800 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-29 21:33 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-29 21:33 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxefmon.exe]
2010-09-15 14:19 713384 ----a-w- c:\program files\Lexmark S800 Series\lxefmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-09 23:56 6746112 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-29 21:33 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-06-29 16:25 14720000 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-20 06:07 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-27 02:14 36975 ----a-w- c:\program files\Java\jre1.5.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTunerLib]
2005-02-17 02:41 245760 ----a-w- c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
2005-01-31 18:10 192512 ----a-w- c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISBMgr.exe"=c:\program files\Sony\ISB Utility\ISBMgr.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Lexmark S800 Series\\lxeffax.exe"=
"c:\\Program Files\\ABBYY FineReader 9.0 Sprint\\ScanWia.exe"=
"c:\\Program Files\\ABBYY FineReader 9.0 Sprint\\ScanTwain.exe"=
"c:\\WINDOWS\\system32\\lxefcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/17/2012 1:47 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/17/2012 1:47 AM 337880]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 9:13 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 9:13 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/17/2012 1:47 AM 20696]
R2 lxef_device;lxef_device;c:\windows\system32\lxefcoms.exe -service --> c:\windows\system32\lxefcoms.exe -service [?]
R2 lxefCATSCustConnectService;lxefCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxefserv.exe [3/25/2011 11:09 AM 189096]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/30/2011 8:00 PM 1523008]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2/10/2011 12:22 PM 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/17/2012 1:47 AM 136176]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [11/9/2011 12:53 PM 21376]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/17/2012 1:47 AM 136176]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 7:07 PM 759048]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 05:47]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 05:47]
.
2010-11-21 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-17 00:12]
.
2010-11-21 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-17 00:12]
.
2010-11-21 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-17 00:12]
.
2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Morsan\Application Data\Mozilla\Firefox\Profiles\6g2hqeay.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1290326090\ee\AOLHostManager.exe
MSConfigStartUp-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 22:18
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(300)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'lsass.exe'(468)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(236)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-03-28 22:21:35
ComboFix-quarantined-files.txt 2012-03-29 02:21
.
Pre-Run: 81,489,960,960 bytes free
Post-Run: 81,385,074,688 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE
.
- - End Of File - - 61026854604054F907B634A4BE5FCCB8

22:24:08.0171 2144 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:24:08.0484 2144 ============================================================
22:24:08.0484 2144 Current date / time: 2012/03/28 22:24:08.0484
22:24:08.0484 2144 SystemInfo:
22:24:08.0484 2144
22:24:08.0484 2144 OS Version: 5.1.2600 ServicePack: 3.0
22:24:08.0484 2144 Product type: Workstation
22:24:08.0484 2144 ComputerName: 8A287A4ADEF0487
22:24:08.0484 2144 UserName: Morsan
22:24:08.0484 2144 Windows directory: C:\WINDOWS
22:24:08.0484 2144 System windows directory: C:\WINDOWS
22:24:08.0484 2144 Processor architecture: Intel x86
22:24:08.0484 2144 Number of processors: 1
22:24:08.0484 2144 Page size: 0x1000
22:24:08.0484 2144 Boot type: Normal boot
22:24:08.0484 2144 ============================================================
22:24:11.0109 2144 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:24:11.0109 2144 \Device\Harddisk0\DR0:
22:24:11.0109 2144 MBR used
22:24:11.0109 2144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA0124D, BlocksNum 0xB04FBF4
22:24:11.0156 2144 Initialize success
22:24:11.0156 2144 ============================================================
22:24:46.0625 4056 ============================================================
22:24:46.0625 4056 Scan started
22:24:46.0625 4056 Mode: Manual; SigCheck; TDLFS;
22:24:46.0625 4056 ============================================================
22:24:46.0953 4056 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:24:47.0078 4056 !SASCORE - ok
22:24:47.0203 4056 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:24:47.0250 4056 Aavmker4 - ok
22:24:47.0343 4056 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:24:47.0390 4056 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:24:47.0406 4056 Abiosdsk - ok
22:24:47.0421 4056 abp480n5 - ok
22:24:47.0781 4056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:24:48.0125 4056 ACPI - ok
22:24:48.0250 4056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:24:48.0484 4056 ACPIEC - ok
22:24:48.0500 4056 adpu160m - ok
22:24:48.0546 4056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:24:48.0687 4056 aec - ok
22:24:48.0750 4056 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:24:48.0796 4056 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:24:48.0796 4056 AegisP - detected UnsignedFile.Multi.Generic (1)
22:24:49.0140 4056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:24:49.0265 4056 AFD - ok
22:24:49.0343 4056 Aha154x - ok
22:24:49.0375 4056 aic78u2 - ok
22:24:49.0375 4056 aic78xx - ok
22:24:49.0437 4056 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:24:49.0546 4056 Alerter - ok
22:24:49.0578 4056 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:24:49.0718 4056 ALG - ok
22:24:49.0734 4056 AliIde - ok
22:24:49.0750 4056 amsint - ok
22:24:49.0812 4056 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:24:49.0843 4056 ApfiltrService - ok
22:24:49.0968 4056 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:24:49.0984 4056 Apple Mobile Device - ok
22:24:50.0062 4056 AppMgmt - ok
22:24:50.0109 4056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:24:50.0250 4056 Arp1394 - ok
22:24:50.0265 4056 asc - ok
22:24:50.0281 4056 asc3350p - ok
22:24:50.0296 4056 asc3550 - ok
22:24:50.0421 4056 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:24:50.0437 4056 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
22:24:50.0437 4056 aspnet_state - detected UnsignedFile.Multi.Generic (1)
22:24:50.0500 4056 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:24:50.0515 4056 aswFsBlk - ok
22:24:50.0546 4056 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:24:50.0562 4056 aswMon2 - ok
22:24:50.0593 4056 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
22:24:50.0593 4056 AswRdr - ok
22:24:50.0734 4056 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:24:50.0781 4056 aswSnx - ok
22:24:50.0843 4056 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:24:50.0875 4056 aswSP - ok
22:24:50.0921 4056 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:24:50.0921 4056 aswTdi - ok
22:24:50.0968 4056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:24:51.0109 4056 AsyncMac - ok
22:24:51.0140 4056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:24:51.0281 4056 atapi - ok
22:24:51.0343 4056 Atdisk - ok
22:24:51.0390 4056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:24:51.0546 4056 Atmarpc - ok
22:24:51.0593 4056 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:24:51.0718 4056 AudioSrv - ok
22:24:51.0812 4056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:24:51.0937 4056 audstub - ok
22:24:52.0031 4056 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:24:52.0062 4056 avast! Antivirus - ok
22:24:52.0171 4056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:24:52.0343 4056 Beep - ok
22:24:52.0406 4056 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:24:52.0921 4056 BITS - ok
22:24:53.0015 4056 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
22:24:53.0046 4056 Bonjour Service - ok
22:24:53.0171 4056 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:24:53.0312 4056 Browser - ok
22:24:53.0421 4056 catchme - ok
22:24:53.0484 4056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:24:53.0640 4056 cbidf2k - ok
22:24:53.0718 4056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:24:53.0875 4056 CCDECODE - ok
22:24:53.0953 4056 cd20xrnt - ok
22:24:54.0000 4056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:24:54.0140 4056 Cdaudio - ok
22:24:54.0171 4056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:24:54.0312 4056 Cdfs - ok
22:24:54.0343 4056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:24:54.0484 4056 Cdrom - ok
22:24:54.0500 4056 Changer - ok
22:24:54.0546 4056 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:24:54.0671 4056 CiSvc - ok
22:24:54.0703 4056 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:24:54.0843 4056 ClipSrv - ok
22:24:54.0968 4056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:24:55.0093 4056 CmBatt - ok
22:24:55.0750 4056 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:24:55.0843 4056 cmdAgent - ok
22:24:55.0984 4056 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
22:24:56.0015 4056 cmdGuard - ok
22:24:56.0062 4056 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
22:24:56.0078 4056 cmdHlp - ok
22:24:56.0093 4056 CmdIde - ok
22:24:56.0156 4056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:24:56.0296 4056 Compbatt - ok
22:24:56.0328 4056 COMSysApp - ok
22:24:56.0343 4056 Cpqarray - ok
22:24:56.0390 4056 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:24:56.0515 4056 CryptSvc - ok
22:24:56.0531 4056 dac2w2k - ok
22:24:56.0546 4056 dac960nt - ok
22:24:56.0609 4056 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:24:56.0718 4056 DcomLaunch - ok
22:24:56.0812 4056 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:24:56.0968 4056 Dhcp - ok
22:24:57.0281 4056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:24:57.0421 4056 Disk - ok
22:24:57.0500 4056 DM9USB (8842b0c5a5a24164f69b1a5ede4c2519) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
22:24:57.0546 4056 DM9USB - ok
22:24:57.0593 4056 dmadmin - ok
22:24:57.0687 4056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:24:57.0843 4056 dmboot - ok
22:24:57.0906 4056 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:24:58.0093 4056 DMICall - ok
22:24:58.0140 4056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:24:58.0265 4056 dmio - ok
22:24:58.0312 4056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:24:58.0625 4056 dmload - ok
22:24:58.0750 4056 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:24:58.0875 4056 dmserver - ok
22:24:58.0921 4056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:24:59.0125 4056 DMusic - ok
22:24:59.0187 4056 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:24:59.0234 4056 Dnscache - ok
22:24:59.0296 4056 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:24:59.0437 4056 Dot3svc - ok
22:24:59.0531 4056 dpti2o - ok
22:24:59.0578 4056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:24:59.0703 4056 drmkaud - ok
22:24:59.0765 4056 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:24:59.0812 4056 E100B - ok
22:24:59.0843 4056 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:24:59.0984 4056 EapHost - ok
22:25:00.0015 4056 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:25:00.0156 4056 ERSvc - ok
22:25:00.0218 4056 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:25:00.0281 4056 Eventlog - ok
22:25:00.0390 4056 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:25:00.0437 4056 EventSystem - ok
22:25:00.0531 4056 EvtEng (aa1d9c4a2f997fea8a4fb0929212eda2) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:25:00.0531 4056 EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:25:00.0531 4056 EvtEng - detected UnsignedFile.Multi.Generic (1)
22:25:00.0593 4056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:25:00.0750 4056 Fastfat - ok
22:25:01.0156 4056 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:25:01.0187 4056 FastUserSwitchingCompatibility - ok
22:25:01.0234 4056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:25:01.0359 4056 Fdc - ok
22:25:01.0390 4056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:25:01.0500 4056 Fips - ok
22:25:01.0515 4056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:25:01.0656 4056 Flpydisk - ok
22:25:01.0718 4056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:25:01.0843 4056 FltMgr - ok
22:25:01.0890 4056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:25:02.0015 4056 Fs_Rec - ok
22:25:02.0140 4056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:25:02.0281 4056 Ftdisk - ok
22:25:02.0312 4056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:25:02.0328 4056 GEARAspiWDM - ok
22:25:02.0375 4056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:25:02.0484 4056 Gpc - ok
22:25:02.0578 4056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:25:02.0593 4056 gupdate - ok
22:25:02.0609 4056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:25:02.0625 4056 gupdatem - ok
22:25:02.0671 4056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:25:02.0812 4056 HDAudBus - ok
22:25:02.0906 4056 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:25:03.0015 4056 helpsvc - ok
22:25:03.0125 4056 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:25:03.0265 4056 HidServ - ok
22:25:03.0328 4056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:25:03.0453 4056 HidUsb - ok
22:25:03.0500 4056 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:25:03.0640 4056 hkmsvc - ok
22:25:03.0703 4056 hpn - ok
22:25:03.0781 4056 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:25:03.0843 4056 HSFHWAZL - ok
22:25:03.0984 4056 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:25:04.0078 4056 HSF_DPV - ok
22:25:04.0187 4056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:25:04.0281 4056 HTTP - ok
22:25:04.0343 4056 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:25:04.0484 4056 HTTPFilter - ok
22:25:04.0515 4056 i2omgmt - ok
22:25:04.0531 4056 i2omp - ok
22:25:04.0593 4056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:25:04.0703 4056 i8042prt - ok
22:25:04.0890 4056 ialm (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:25:05.0000 4056 ialm - ok
22:25:05.0093 4056 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:25:05.0125 4056 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:25:05.0125 4056 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:25:05.0250 4056 Image Converter video recording monitor for VAIO Entertainment (a16dedf58c40d8236578f0fbb520ea6d) C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
22:25:05.0265 4056 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
22:25:05.0265 4056 Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
22:25:05.0375 4056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:25:05.0500 4056 Imapi - ok
22:25:05.0562 4056 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:25:05.0687 4056 ImapiService - ok
22:25:05.0703 4056 ini910u - ok
22:25:05.0812 4056 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
22:25:05.0828 4056 Inspect - ok
22:25:06.0031 4056 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:25:07.0187 4056 IntcAzAudAddService - ok
22:25:07.0281 4056 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:25:07.0421 4056 IntelIde - ok
22:25:07.0484 4056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:25:07.0593 4056 intelppm - ok
22:25:07.0640 4056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:25:07.0781 4056 Ip6Fw - ok
22:25:07.0828 4056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:25:07.0968 4056 IpFilterDriver - ok
22:25:08.0015 4056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:25:08.0140 4056 IpInIp - ok
22:25:08.0265 4056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:25:08.0390 4056 IpNat - ok
22:25:08.0531 4056 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
22:25:08.0562 4056 iPod Service - ok
22:25:08.0609 4056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:25:08.0718 4056 IPSec - ok
22:25:08.0875 4056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:25:09.0015 4056 IRENUM - ok
22:25:09.0125 4056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:25:09.0250 4056 isapnp - ok
22:25:09.0281 4056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:25:09.0421 4056 Kbdclass - ok
22:25:09.0546 4056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:25:09.0687 4056 kmixer - ok
22:25:09.0734 4056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:25:09.0812 4056 KSecDD - ok
22:25:09.0921 4056 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:25:09.0984 4056 lanmanserver - ok
22:25:10.0031 4056 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:25:10.0093 4056 lanmanworkstation - ok
22:25:10.0156 4056 lbrtfdc - ok
22:25:10.0281 4056 LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
22:25:10.0359 4056 LEX_AS_NIC_SERVICE_YNOS - ok
22:25:10.0437 4056 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:25:10.0546 4056 LmHosts - ok
22:25:10.0609 4056 lxefCATSCustConnectService (e046c3dd13f31907fec1eab83022949e) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxefserv.exe
22:25:10.0625 4056 lxefCATSCustConnectService - ok
22:25:10.0671 4056 lxef_device - ok
22:25:10.0750 4056 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:25:10.0812 4056 mdmxsdk - ok
22:25:10.0859 4056 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:25:10.0984 4056 Messenger - ok
22:25:11.0031 4056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:25:11.0171 4056 mnmdd - ok
22:25:11.0250 4056 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:25:11.0359 4056 mnmsrvc - ok
22:25:11.0421 4056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:25:11.0546 4056 Modem - ok
22:25:11.0625 4056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:25:11.0734 4056 Mouclass - ok
22:25:11.0796 4056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:25:11.0921 4056 mouhid - ok
22:25:11.0953 4056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:25:12.0062 4056 MountMgr - ok
22:25:12.0125 4056 mraid35x - ok
22:25:12.0171 4056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:25:12.0281 4056 MRxDAV - ok
22:25:12.0343 4056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:25:12.0437 4056 MRxSmb - ok
22:25:12.0546 4056 MSCSPTISRV (fb29c32afa6f1fa887764323f06711d0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:25:12.0562 4056 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:25:12.0562 4056 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
22:25:12.0640 4056 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:25:12.0765 4056 MSDTC - ok
22:25:12.0828 4056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:25:12.0937 4056 Msfs - ok
22:25:12.0953 4056 MSIServer - ok
22:25:13.0015 4056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:25:13.0125 4056 MSKSSRV - ok
22:25:13.0140 4056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:25:13.0265 4056 MSPCLOCK - ok
22:25:13.0281 4056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:25:13.0406 4056 MSPQM - ok
22:25:13.0437 4056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:25:13.0562 4056 mssmbios - ok
22:25:13.0656 4056 MSSQL$VAIO_VEDB - ok
22:25:13.0703 4056 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
22:25:13.0734 4056 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
22:25:13.0734 4056 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
22:25:13.0859 4056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:25:13.0968 4056 MSTEE - ok
22:25:14.0031 4056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:25:14.0062 4056 Mup - ok
22:25:14.0093 4056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:25:14.0218 4056 NABTSFEC - ok
22:25:14.0281 4056 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:25:14.0421 4056 napagent - ok
22:25:14.0546 4056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:25:14.0671 4056 NDIS - ok
22:25:14.0703 4056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:25:14.0843 4056 NdisIP - ok
22:25:14.0890 4056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:25:14.0937 4056 NdisTapi - ok
22:25:14.0953 4056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:25:15.0078 4056 Ndisuio - ok
22:25:15.0093 4056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:25:15.0234 4056 NdisWan - ok
22:25:15.0343 4056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:25:15.0390 4056 NDProxy - ok
22:25:15.0453 4056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:25:15.0578 4056 NetBIOS - ok
22:25:15.0625 4056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:25:15.0750 4056 NetBT - ok
22:25:15.0796 4056 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:25:15.0921 4056 NetDDE - ok
22:25:15.0937 4056 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:25:16.0046 4056 NetDDEdsdm - ok
22:25:16.0156 4056 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:25:16.0281 4056 Netlogon - ok
22:25:16.0328 4056 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:25:16.0453 4056 Netman - ok
22:25:16.0515 4056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:25:16.0640 4056 NIC1394 - ok
22:25:16.0703 4056 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:25:16.0765 4056 Nla - ok
22:25:16.0859 4056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:25:16.0984 4056 Npfs - ok
22:25:17.0046 4056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:25:17.0203 4056 Ntfs - ok
22:25:17.0265 4056 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:25:17.0375 4056 NtLmSsp - ok
22:25:17.0437 4056 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:25:17.0593 4056 NtmsSvc - ok
22:25:17.0703 4056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:25:17.0828 4056 Null - ok
22:25:18.0078 4056 nv (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:25:18.0281 4056 nv - ok
22:25:18.0406 4056 NVSvc (a3469a25100d510eef5b8a65a890286f) C:\WINDOWS\system32\nvsvc32.exe
22:25:18.0437 4056 NVSvc - ok
22:25:18.0484 4056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:25:18.0640 4056 NwlnkFlt - ok
22:25:18.0687 4056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:25:18.0828 4056 NwlnkFwd - ok
22:25:18.0890 4056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:25:19.0015 4056 ohci1394 - ok
22:25:19.0109 4056 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:25:19.0109 4056 ose - ok
22:25:19.0187 4056 PACSPTISVR (f61e92a1e27044053e124f9f3be18514) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:25:19.0218 4056 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
22:25:19.0218 4056 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
22:25:19.0328 4056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:25:19.0468 4056 Parport - ok
22:25:19.0531 4056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:25:19.0656 4056 PartMgr - ok
22:25:19.0703 4056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:25:19.0859 4056 ParVdm - ok
22:25:19.0890 4056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:25:20.0015 4056 PCI - ok
22:25:20.0031 4056 PCIDump - ok
22:25:20.0078 4056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:25:20.0203 4056 PCIIde - ok
22:25:20.0296 4056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:25:20.0421 4056 Pcmcia - ok
22:25:20.0437 4056 PDCOMP - ok
22:25:20.0453 4056 PDFRAME - ok
22:25:20.0484 4056 PDRELI - ok
22:25:20.0500 4056 PDRFRAME - ok
22:25:20.0515 4056 perc2 - ok
22:25:20.0531 4056 perc2hib - ok
22:25:20.0609 4056 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:25:20.0656 4056 PlugPlay - ok
22:25:20.0687 4056 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:25:20.0796 4056 PolicyAgent - ok
22:25:20.0828 4056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:25:20.0953 4056 PptpMiniport - ok
22:25:20.0968 4056 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:25:21.0093 4056 ProtectedStorage - ok
22:25:21.0109 4056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:25:21.0250 4056 PSched - ok
22:25:21.0265 4056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:25:21.0406 4056 Ptilink - ok
22:25:21.0531 4056 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:25:21.0546 4056 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:25:21.0546 4056 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:25:21.0562 4056 ql1080 - ok
22:25:21.0578 4056 Ql10wnt - ok
22:25:21.0593 4056 ql12160 - ok
22:25:21.0625 4056 ql1240 - ok
22:25:21.0640 4056 ql1280 - ok
22:25:21.0687 4056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:25:21.0812 4056 RasAcd - ok
22:25:21.0875 4056 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:25:22.0015 4056 RasAuto - ok
22:25:22.0078 4056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:25:22.0187 4056 Rasl2tp - ok
22:25:22.0250 4056 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:25:22.0359 4056 RasMan - ok
22:25:22.0453 4056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:25:22.0562 4056 RasPppoe - ok
22:25:22.0625 4056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:25:22.0765 4056 Raspti - ok
22:25:22.0796 4056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:25:22.0921 4056 Rdbss - ok
22:25:22.0968 4056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:25:23.0093 4056 RDPCDD - ok
22:25:23.0171 4056 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:25:23.0218 4056 RDPWD - ok
22:25:23.0312 4056 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:25:23.0437 4056 RDSessMgr - ok
22:25:23.0500 4056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:25:23.0625 4056 redbook - ok
22:25:23.0718 4056 RegSrvc (e6cd560a4a16feee5503cb59a3e30a84) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:25:23.0734 4056 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:25:23.0734 4056 RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:25:23.0781 4056 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:25:23.0921 4056 RemoteAccess - ok
22:25:24.0125 4056 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:25:24.0234 4056 RpcLocator - ok
22:25:24.0328 4056 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:25:24.0375 4056 RpcSs - ok
22:25:24.0406 4056 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:25:24.0546 4056 RSVP - ok
22:25:24.0656 4056 S24EventMonitor (a57b20bb52b7c504b7a9fb4c82b639ba) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:25:24.0734 4056 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:25:24.0734 4056 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:25:24.0812 4056 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:25:24.0812 4056 s24trans ( UnsignedFile.Multi.Generic ) - warning
22:25:24.0812 4056 s24trans - detected UnsignedFile.Multi.Generic (1)
22:25:24.0890 4056 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:25:25.0000 4056 SamSs - ok
22:25:25.0062 4056 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:25:25.0078 4056 SASDIFSV - ok
22:25:25.0140 4056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:25:25.0156 4056 SASKUTIL - ok
22:25:25.0203 4056 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:25:25.0343 4056 SCardSvr - ok
22:25:25.0437 4056 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:25:25.0578 4056 Schedule - ok
22:25:25.0656 4056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:25:25.0781 4056 Secdrv - ok
22:25:25.0812 4056 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:25:25.0953 4056 seclogon - ok
22:25:25.0984 4056 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:25:26.0109 4056 SENS - ok
22:25:26.0140 4056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:25:26.0281 4056 Serial - ok
22:25:26.0359 4056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:25:26.0484 4056 Sfloppy - ok
22:25:26.0578 4056 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:25:26.0750 4056 SharedAccess - ok
22:25:26.0796 4056 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:25:26.0828 4056 ShellHWDetection - ok
22:25:26.0843 4056 Simbad - ok
22:25:26.0890 4056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:25:27.0031 4056 SLIP - ok
22:25:27.0140 4056 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
22:25:27.0187 4056 SNC - ok
22:25:27.0265 4056 SONYTVC (b20ae555d3db76037dc8d9a8dfbe4149) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
22:25:27.0312 4056 SONYTVC - ok
22:25:27.0328 4056 Sparrow - ok
22:25:27.0359 4056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:25:27.0484 4056 splitter - ok
22:25:27.0546 4056 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:25:27.0562 4056 Spooler - ok
22:25:27.0671 4056 SPTISRV (6f5fe741900108660dedcc704b7191cf) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:25:27.0671 4056 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:25:27.0671 4056 SPTISRV - detected UnsignedFile.Multi.Generic (1)
22:25:27.0703 4056 SQLAgent$VAIO_VEDB - ok
22:25:27.0828 4056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:25:27.0953 4056 sr - ok
22:25:28.0015 4056 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:25:28.0171 4056 srservice - ok
22:25:28.0234 4056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:25:28.0312 4056 Srv - ok
22:25:28.0343 4056 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:25:28.0453 4056 SSDPSRV - ok
22:25:28.0593 4056 SSScsiSV (1a05bc50d258307c9b96e4e05fdba3d4) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:25:28.0593 4056 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
22:25:28.0593 4056 SSScsiSV - detected UnsignedFile.Multi.Generic (1)
22:25:28.0718 4056 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:25:28.0859 4056 StillCam - ok
22:25:28.0937 4056 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:25:29.0093 4056 stisvc - ok
22:25:29.0187 4056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:25:29.0312 4056 streamip - ok
22:25:29.0375 4056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:25:29.0484 4056 swenum - ok
22:25:29.0515 4056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:25:29.0625 4056 swmidi - ok
22:25:29.0640 4056 SwPrv - ok
22:25:29.0671 4056 symc810 - ok
22:25:29.0687 4056 symc8xx - ok
22:25:29.0703 4056 sym_hi - ok
22:25:29.0718 4056 sym_u3 - ok
22:25:29.0750 4056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:25:29.0875 4056 sysaudio - ok
22:25:29.0921 4056 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:25:30.0031 4056 SysmonLog - ok
22:25:30.0078 4056 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:25:30.0218 4056 TapiSrv - ok
22:25:30.0312 4056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:25:30.0375 4056 Tcpip - ok
22:25:30.0453 4056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:25:30.0562 4056 TDPIPE - ok
22:25:30.0593 4056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:25:30.0718 4056 TDTCP - ok
22:25:30.0765 4056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:25:30.0890 4056 TermDD - ok
22:25:30.0937 4056 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:25:31.0062 4056 TermService - ok
22:25:31.0140 4056 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:25:31.0171 4056 Themes - ok
22:25:31.0218 4056 tifmsony (2c946b5dfbe608ec036f88d98658ef75) C:\WINDOWS\system32\drivers\tifmsony.sys
22:25:31.0250 4056 tifmsony - ok
22:25:31.0312 4056 TosIde - ok
22:25:31.0359 4056 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:25:31.0484 4056 TrkWks - ok
22:25:31.0687 4056 TuneUp.UtilitiesSvc (5dc6ddee665e075a5937656cfda53229) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
22:25:31.0781 4056 TuneUp.UtilitiesSvc - ok
22:25:31.0812 4056 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
22:25:31.0828 4056 TuneUpUtilitiesDrv - ok
22:25:31.0953 4056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:25:32.0078 4056 Udfs - ok
22:25:32.0093 4056 ultra - ok
22:25:32.0125 4056 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
22:25:32.0171 4056 UMWdf - ok
22:25:32.0250 4056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:25:32.0406 4056 Update - ok
22:25:32.0468 4056 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:25:32.0609 4056 upnphost - ok
22:25:32.0703 4056 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:25:32.0828 4056 UPS - ok
22:25:32.0890 4056 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:25:33.0015 4056 usbaudio - ok
22:25:33.0078 4056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:25:33.0203 4056 usbccgp - ok
22:25:33.0250 4056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:25:33.0375 4056 usbehci - ok
22:25:33.0406 4056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:25:33.0531 4056 usbhub - ok
22:25:33.0640 4056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:25:33.0765 4056 usbprint - ok
22:25:33.0812 4056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:25:33.0937 4056 usbscan - ok
22:25:34.0015 4056 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:25:34.0140 4056 usbstor - ok
22:25:34.0234 4056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:25:34.0343 4056 usbuhci - ok
22:25:34.0453 4056 UxTuneUp (17b8e52e002a574efd60fff864a525b1) C:\WINDOWS\System32\uxtuneup.dll
22:25:34.0468 4056 UxTuneUp - ok
22:25:34.0578 4056 VAIO Entertainment Aggregation and Control Service (b611ddc722abc67c53147f9dab69f4be) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
22:25:34.0593 4056 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - warning
22:25:34.0593 4056 VAIO Entertainment Aggregation and Control Service - detected UnsignedFile.Multi.Generic (1)
22:25:34.0718 4056 VAIO Entertainment Task Scheduler (58c817aca245e57987b446babeb307c6) C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
22:25:34.0765 4056 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - warning
22:25:34.0765 4056 VAIO Entertainment Task Scheduler - detected UnsignedFile.Multi.Generic (1)
22:25:34.0828 4056 VAIO Entertainment TV Device Arbitration Service (eb2066f9d426f91e853d59d51f39f99f) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
22:25:34.0859 4056 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
22:25:34.0859 4056 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
22:25:34.0921 4056 VAIO Event Service (2b0eac2b6e5f1c5e007dabae101028b0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
22:25:34.0937 4056 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
22:25:34.0937 4056 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
22:25:35.0125 4056 VAIOMediaPlatform-IntegratedServer-AppServer (ec73f4eb2a930d2e161c1a1c9e3a76da) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
22:25:35.0218 4056 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
22:25:35.0218 4056 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
22:25:35.0312 4056 VAIOMediaPlatform-IntegratedServer-HTTP (b74a27540b0b7fe393a882b94b0d2188) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
22:25:35.0343 4056 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
22:25:35.0343 4056 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
22:25:35.0421 4056 VAIOMediaPlatform-IntegratedServer-UPnP (4914b65dccf68cb95c2d1303c7264c8c) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
22:25:35.0500 4056 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
22:25:35.0500 4056 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
22:25:35.0562 4056 Vcsw - ok
22:25:35.0671 4056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:25:35.0796 4056 VgaSave - ok
22:25:35.0812 4056 ViaIde - ok
22:25:35.0843 4056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:25:35.0953 4056 VolSnap - ok
22:25:36.0015 4056 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:25:36.0156 4056 VSS - ok
22:25:36.0281 4056 VzCdbSvc (0bd64ccea7b4bf25ca2fb9bf1444dfd9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
22:25:36.0296 4056 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
22:25:36.0296 4056 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
22:25:36.0328 4056 VzFw (e81e8c7dc7ebc6cede156eaad5ef9c8e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
22:25:36.0343 4056 VzFw ( UnsignedFile.Multi.Generic ) - warning
22:25:36.0343 4056 VzFw - detected UnsignedFile.Multi.Generic (1)
22:25:36.0609 4056 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:25:36.0828 4056 w29n51 - ok
22:25:36.0953 4056 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:25:37.0125 4056 W32Time - ok
22:25:37.0218 4056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:25:37.0343 4056 Wanarp - ok
22:25:37.0359 4056 WDICA - ok
22:25:37.0390 4056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:37.0500 4056 wdmaud - ok
22:25:37.0546 4056 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:25:37.0656 4056 WebClient - ok
22:25:37.0750 4056 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:25:37.0859 4056 winachsf - ok
22:25:38.0000 4056 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:25:38.0109 4056 winmgmt - ok
22:25:38.0265 4056 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:25:38.0343 4056 wlidsvc - ok
22:25:38.0453 4056 WmcCds (20263dafd033d30f151bb87568386769) c:\program files\windows media connect\mswmccds.exe
22:25:38.0515 4056 WmcCds ( UnsignedFile.Multi.Generic ) - warning
22:25:38.0515 4056 WmcCds - detected UnsignedFile.Multi.Generic (1)
22:25:38.0531 4056 WmcCdsLs (1dd015a69235dcfae18b5f98fb50be23) C:\Program Files\Windows Media Connect\mswmcls.exe
22:25:38.0546 4056 WmcCdsLs ( UnsignedFile.Multi.Generic ) - warning
22:25:38.0546 4056 WmcCdsLs - detected UnsignedFile.Multi.Generic (1)
22:25:38.0640 4056 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
22:25:38.0671 4056 WmdmPmSN - ok
22:25:38.0734 4056 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:25:38.0859 4056 WmiApSrv - ok
22:25:38.0937 4056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:25:39.0062 4056 WS2IFSL - ok
22:25:39.0125 4056 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:25:39.0250 4056 wscsvc - ok
22:25:39.0296 4056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:25:39.0421 4056 WSTCODEC - ok
22:25:39.0500 4056 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:25:39.0640 4056 wuauserv - ok
22:25:39.0703 4056 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:25:39.0875 4056 WZCSVC - ok
22:25:39.0921 4056 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:25:40.0046 4056 xmlprov - ok
22:25:40.0109 4056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:25:40.0375 4056 \Device\Harddisk0\DR0 - ok
22:25:40.0375 4056 Boot (0x1200) (da2010a4a97ea9da558f37be5c4879f6) \Device\Harddisk0\DR0\Partition0
22:25:40.0375 4056 \Device\Harddisk0\DR0\Partition0 - ok
22:25:40.0375 4056 ============================================================
22:25:40.0375 4056 Scan finished
22:25:40.0375 4056 ============================================================
22:25:40.0500 2828 Detected object count: 25
22:25:40.0500 2828 Actual detected object count: 25
22:25:47.0812 2828 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0812 2828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0812 2828 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0812 2828 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0812 2828 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0812 2828 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0812 2828 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0812 2828 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0828 2828 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0828 2828 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 WmcCds ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 WmcCds ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:25:47.0843 2828 WmcCdsLs ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:47.0843 2828 WmcCdsLs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:40.0234 1812 ============================================================
22:26:40.0234 1812 Scan started
22:26:40.0234 1812 Mode: Manual; SigCheck; TDLFS;
22:26:40.0234 1812 ============================================================
22:26:43.0640 1812 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:26:43.0718 1812 !SASCORE - ok
22:26:44.0140 1812 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:26:44.0156 1812 Aavmker4 - ok
22:26:44.0609 1812 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:26:44.0718 1812 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:26:45.0000 1812 Abiosdsk - ok
22:26:45.0218 1812 abp480n5 - ok
22:26:45.0578 1812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:45.0750 1812 ACPI - ok
22:26:46.0359 1812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:26:46.0531 1812 ACPIEC - ok
22:26:46.0781 1812 adpu160m - ok
22:26:47.0546 1812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:26:47.0656 1812 aec - ok
22:26:48.0000 1812 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:26:48.0031 1812 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:26:48.0031 1812 AegisP - detected UnsignedFile.Multi.Generic (1)
22:26:48.0875 1812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:26:48.0906 1812 AFD - ok
22:26:49.0609 1812 Aha154x - ok
22:26:49.0968 1812 aic78u2 - ok
22:26:50.0140 1812 aic78xx - ok
22:26:50.0765 1812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:26:50.0921 1812 Alerter - ok
22:26:51.0125 1812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:26:51.0265 1812 ALG - ok
22:26:51.0578 1812 AliIde - ok
22:26:51.0953 1812 amsint - ok
22:26:52.0484 1812 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:26:52.0531 1812 ApfiltrService - ok
22:26:52.0734 1812 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:52.0750 1812 Apple Mobile Device - ok
22:26:53.0140 1812 AppMgmt - ok
22:26:53.0531 1812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:26:53.0687 1812 Arp1394 - ok
22:26:54.0109 1812 asc - ok
22:26:54.0328 1812 asc3350p - ok
22:26:54.0453 1812 asc3550 - ok
22:26:55.0000 1812 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:26:55.0031 1812 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
22:26:55.0031 1812 aspnet_state - detected UnsignedFile.Multi.Generic (1)
22:26:55.0718 1812 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:26:55.0734 1812 aswFsBlk - ok
22:26:56.0359 1812 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:26:56.0375 1812 aswMon2 - ok
22:26:56.0687 1812 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
22:26:56.0703 1812 AswRdr - ok
22:26:57.0031 1812 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:26:57.0140 1812 aswSnx - ok
22:26:57.0734 1812 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:26:57.0765 1812 aswSP - ok
22:26:58.0093 1812 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:26:58.0109 1812 aswTdi - ok
22:26:58.0328 1812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:58.0468 1812 AsyncMac - ok
22:26:58.0906 1812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:59.0015 1812 atapi - ok
22:26:59.0468 1812 Atdisk - ok
22:27:00.0109 1812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:27:00.0234 1812 Atmarpc - ok
22:27:00.0906 1812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:27:01.0078 1812 AudioSrv - ok
22:27:01.0562 1812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:27:01.0734 1812 audstub - ok
22:27:02.0171 1812 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:27:02.0187 1812 avast! Antivirus - ok
22:27:02.0656 1812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:27:02.0828 1812 Beep - ok
22:27:03.0390 1812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:27:03.0562 1812 BITS - ok
22:27:03.0875 1812 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
22:27:03.0921 1812 Bonjour Service - ok
22:27:04.0312 1812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:27:04.0453 1812 Browser - ok
22:27:05.0000 1812 catchme - ok
22:27:05.0343 1812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:27:05.0531 1812 cbidf2k - ok
22:27:05.0859 1812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:27:06.0000 1812 CCDECODE - ok
22:27:06.0250 1812 cd20xrnt - ok
22:27:06.0515 1812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:27:06.0671 1812 Cdaudio - ok
22:27:07.0218 1812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:27:07.0375 1812 Cdfs - ok
22:27:07.0625 1812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:27:07.0765 1812 Cdrom - ok
22:27:08.0437 1812 Changer - ok
22:27:09.0062 1812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:27:09.0203 1812 CiSvc - ok
22:27:09.0718 1812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:27:09.0875 1812 ClipSrv - ok
22:27:10.0437 1812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:27:10.0593 1812 CmBatt - ok
22:27:11.0375 1812 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:27:11.0625 1812 cmdAgent - ok
22:27:11.0921 1812 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
22:27:12.0109 1812 cmdGuard - ok
22:27:12.0156 1812 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
22:27:12.0234 1812 cmdHlp - ok
22:27:12.0250 1812 CmdIde - ok
22:27:12.0328 1812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:27:12.0453 1812 Compbatt - ok
22:27:12.0859 1812 COMSysApp - ok
22:27:12.0890 1812 Cpqarray - ok
22:27:12.0953 1812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:27:13.0171 1812 CryptSvc - ok
22:27:13.0296 1812 dac2w2k - ok
22:27:13.0500 1812 dac960nt - ok
22:27:13.0765 1812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:27:13.0859 1812 DcomLaunch - ok
22:27:13.0953 1812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:27:14.0140 1812 Dhcp - ok
22:27:14.0218 1812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:27:14.0343 1812 Disk - ok
22:27:14.0406 1812 DM9USB (8842b0c5a5a24164f69b1a5ede4c2519) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
22:27:14.0453 1812 DM9USB - ok
22:27:14.0625 1812 dmadmin - ok
22:27:14.0828 1812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:27:15.0000 1812 dmboot - ok
22:27:15.0390 1812 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:27:15.0562 1812 DMICall - ok
22:27:15.0859 1812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:27:16.0000 1812 dmio - ok
22:27:16.0078 1812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:27:16.0234 1812 dmload - ok
22:27:16.0390 1812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:27:16.0500 1812 dmserver - ok
22:27:16.0671 1812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:27:16.0781 1812 DMusic - ok
22:27:16.0921 1812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:27:17.0000 1812 Dnscache - ok
22:27:17.0109 1812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:27:17.0234 1812 Dot3svc - ok
22:27:17.0281 1812 dpti2o - ok
22:27:17.0453 1812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:27:17.0562 1812 drmkaud - ok
22:27:17.0687 1812 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:27:17.0734 1812 E100B - ok
22:27:17.0890 1812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:27:18.0031 1812 EapHost - ok
22:27:18.0140 1812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:27:18.0296 1812 ERSvc - ok
22:27:18.0562 1812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:27:18.0609 1812 Eventlog - ok
22:27:18.0734 1812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:27:18.0765 1812 EventSystem - ok
22:27:18.0921 1812 EvtEng (aa1d9c4a2f997fea8a4fb0929212eda2) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:27:18.0953 1812 EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:27:18.0953 1812 EvtEng - detected UnsignedFile.Multi.Generic (1)
22:27:19.0218 1812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:27:19.0359 1812 Fastfat - ok
22:27:19.0453 1812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:27:19.0468 1812 FastUserSwitchingCompatibility - ok
22:27:19.0703 1812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:27:19.0843 1812 Fdc - ok
22:27:19.0906 1812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:27:20.0015 1812 Fips - ok
22:27:20.0218 1812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:27:20.0375 1812 Flpydisk - ok
22:27:20.0453 1812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:27:20.0578 1812 FltMgr - ok
22:27:20.0750 1812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:27:20.0890 1812 Fs_Rec - ok
22:27:20.0984 1812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:27:21.0125 1812 Ftdisk - ok
22:27:21.0218 1812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:27:21.0234 1812 GEARAspiWDM - ok
22:27:21.0343 1812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:27:21.0453 1812 Gpc - ok
22:27:21.0625 1812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:27:21.0640 1812 gupdate - ok
22:27:21.0656 1812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:27:21.0671 1812 gupdatem - ok
22:27:21.0859 1812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:27:22.0015 1812 HDAudBus - ok
22:27:22.0218 1812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:27:22.0359 1812 helpsvc - ok
22:27:22.0593 1812 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:27:22.0703 1812 HidServ - ok
22:27:22.0796 1812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:27:22.0937 1812 HidUsb - ok
22:27:23.0109 1812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:27:23.0234 1812 hkmsvc - ok
22:27:23.0281 1812 hpn - ok
22:27:23.0390 1812 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:27:23.0406 1812 HSFHWAZL - ok
22:27:23.0640 1812 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:27:23.0718 1812 HSF_DPV - ok
22:27:23.0890 1812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:27:23.0921 1812 HTTP - ok
22:27:24.0000 1812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:27:24.0125 1812 HTTPFilter - ok
22:27:24.0171 1812 i2omgmt - ok
22:27:24.0187 1812 i2omp - ok
22:27:24.0359 1812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:27:24.0484 1812 i8042prt - ok
22:27:24.0703 1812 ialm (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:27:24.0843 1812 ialm - ok
22:27:25.0062 1812 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:27:25.0078 1812 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:27:25.0078 1812 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:27:25.0234 1812 Image Converter video recording monitor for VAIO Entertainment (a16dedf58c40d8236578f0fbb520ea6d) C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
22:27:25.0265 1812 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
22:27:25.0265 1812 Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
22:27:25.0421 1812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:27:25.0562 1812 Imapi - ok
22:27:25.0640 1812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:27:25.0765 1812 ImapiService - ok
22:27:25.0843 1812 ini910u - ok
22:27:26.0000 1812 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
22:27:26.0015 1812 Inspect - ok
22:27:26.0375 1812 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:27:26.0765 1812 IntcAzAudAddService - ok
22:27:27.0000 1812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:27:27.0109 1812 IntelIde - ok
22:27:27.0187 1812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:27:27.0296 1812 intelppm - ok
22:27:27.0468 1812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:27:27.0593 1812 Ip6Fw - ok
22:27:27.0656 1812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:27:27.0812 1812 IpFilterDriver - ok
22:27:27.0890 1812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:27:28.0031 1812 IpInIp - ok
22:27:28.0187 1812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:27:28.0343 1812 IpNat - ok
22:27:28.0515 1812 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
22:27:28.0609 1812 iPod Service - ok
22:27:28.0828 1812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:27:28.0937 1812 IPSec - ok
22:27:29.0015 1812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:27:29.0140 1812 IRENUM - ok
22:27:29.0390 1812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:27:29.0515 1812 isapnp - ok
22:27:29.0671 1812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:27:29.0796 1812 Kbdclass - ok
22:27:30.0000 1812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:27:30.0125 1812 kmixer - ok
22:27:30.0250 1812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:27:30.0281 1812 KSecDD - ok
22:27:30.0406 1812 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:27:30.0437 1812 lanmanserver - ok
22:27:30.0484 1812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:27:30.0546 1812 lanmanworkstation - ok
22:27:30.0640 1812 lbrtfdc - ok
22:27:30.0765 1812 LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
22:27:30.0859 1812 LEX_AS_NIC_SERVICE_YNOS - ok
22:27:30.0984 1812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:27:31.0125 1812 LmHosts - ok
22:27:31.0265 1812 lxefCATSCustConnectService (e046c3dd13f31907fec1eab83022949e) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxefserv.exe
22:27:31.0281 1812 lxefCATSCustConnectService - ok
22:27:31.0375 1812 lxef_device - ok
22:27:31.0437 1812 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:27:31.0484 1812 mdmxsdk - ok
22:27:31.0609 1812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:27:31.0734 1812 Messenger - ok
22:27:31.0843 1812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:27:31.0984 1812 mnmdd - ok
22:27:32.0109 1812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:27:32.0234 1812 mnmsrvc - ok
22:27:32.0390 1812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:27:32.0546 1812 Modem - ok
22:27:32.0656 1812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:27:32.0750 1812 Mouclass - ok
22:27:32.0843 1812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:27:32.0984 1812 mouhid - ok
22:27:33.0093 1812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:27:33.0234 1812 MountMgr - ok
22:27:33.0281 1812 mraid35x - ok
22:27:33.0359 1812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:27:33.0484 1812 MRxDAV - ok
22:27:33.0671 1812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:27:33.0750 1812 MRxSmb - ok
22:27:33.0890 1812 MSCSPTISRV (fb29c32afa6f1fa887764323f06711d0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:27:33.0968 1812 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:27:33.0968 1812 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
22:27:34.0078 1812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:27:34.0203 1812 MSDTC - ok
22:27:34.0265 1812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:27:34.0390 1812 Msfs - ok
22:27:34.0453 1812 MSIServer - ok
22:27:34.0500 1812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:27:34.0640 1812 MSKSSRV - ok
22:27:34.0812 1812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:27:34.0968 1812 MSPCLOCK - ok
22:27:35.0062 1812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:27:35.0187 1812 MSPQM - ok
22:27:35.0296 1812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:27:35.0406 1812 mssmbios - ok
22:27:35.0500 1812 MSSQL$VAIO_VEDB - ok
22:27:35.0625 1812 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
22:27:35.0656 1812 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
22:27:35.0656 1812 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
22:27:35.0843 1812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:27:35.0953 1812 MSTEE - ok
22:27:36.0015 1812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:27:36.0031 1812 Mup - ok
22:27:36.0078 1812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:27:36.0218 1812 NABTSFEC - ok
22:27:36.0421 1812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:27:36.0562 1812 napagent - ok
22:27:36.0656 1812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:27:36.0781 1812 NDIS - ok
22:27:36.0921 1812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:27:37.0046 1812 NdisIP - ok
22:27:37.0093 1812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:27:37.0156 1812 NdisTapi - ok
22:27:37.0218 1812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:27:37.0359 1812 Ndisuio - ok
22:27:37.0500 1812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:27:37.0656 1812 NdisWan - ok
22:27:37.0734 1812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:27:37.0765 1812 NDProxy - ok
22:27:37.0859 1812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:27:38.0015 1812 NetBIOS - ok
22:27:38.0187 1812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:27:38.0312 1812 NetBT - ok
22:27:38.0453 1812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:27:38.0562 1812 NetDDE - ok
22:27:38.0578 1812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:27:38.0687 1812 NetDDEdsdm - ok
22:27:38.0859 1812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:27:38.0968 1812 Netlogon - ok
22:27:39.0078 1812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:27:39.0203 1812 Netman - ok
22:27:39.0312 1812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:27:39.0453 1812 NIC1394 - ok
22:27:39.0640 1812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:27:39.0718 1812 Nla - ok
22:27:39.0875 1812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:27:40.0015 1812 Npfs - ok
22:27:40.0187 1812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:27:40.0359 1812 Ntfs - ok
22:27:40.0500 1812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:27:40.0718 1812 NtLmSsp - ok
22:27:40.0875 1812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:27:41.0046 1812 NtmsSvc - ok
22:27:41.0640 1812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:27:41.0765 1812 Null - ok
22:27:42.0312 1812 nv (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:27:42.0703 1812 nv - ok
22:27:42.0859 1812 NVSvc (a3469a25100d510eef5b8a65a890286f) C:\WINDOWS\system32\nvsvc32.exe
22:27:42.0953 1812 NVSvc - ok
22:27:43.0031 1812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:27:43.0187 1812 NwlnkFlt - ok
22:27:43.0375 1812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:27:43.0531 1812 NwlnkFwd - ok
22:27:43.0671 1812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:27:43.0781 1812 ohci1394 - ok
22:27:43.0937 1812 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:43.0937 1812 ose - ok
22:27:44.0109 1812 PACSPTISVR (f61e92a1e27044053e124f9f3be18514) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:27:44.0140 1812 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
22:27:44.0140 1812 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
22:27:44.0359 1812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:27:44.0484 1812 Parport - ok
22:27:44.0531 1812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:27:44.0656 1812 PartMgr - ok
22:27:44.0859 1812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:27:45.0000 1812 ParVdm - ok
22:27:45.0062 1812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:27:45.0203 1812 PCI - ok
22:27:45.0312 1812 PCIDump - ok
22:27:45.0390 1812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:27:45.0562 1812 PCIIde - ok
22:27:45.0625 1812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:27:45.0750 1812 Pcmcia - ok
22:27:45.0828 1812 PDCOMP - ok
22:27:45.0859 1812 PDFRAME - ok
22:27:45.0875 1812 PDRELI - ok
22:27:45.0890 1812 PDRFRAME - ok
22:27:45.0921 1812 perc2 - ok
22:27:45.0937 1812 perc2hib - ok
22:27:46.0046 1812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:27:46.0093 1812 PlugPlay - ok
22:27:46.0140 1812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:27:46.0250 1812 PolicyAgent - ok
22:27:46.0359 1812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:27:46.0531 1812 PptpMiniport - ok
22:27:46.0562 1812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:27:46.0671 1812 ProtectedStorage - ok
22:27:46.0703 1812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:27:46.0843 1812 PSched - ok
22:27:47.0046 1812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:27:47.0203 1812 Ptilink - ok
22:27:47.0281 1812 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:27:47.0296 1812 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:27:47.0296 1812 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:27:47.0453 1812 ql1080 - ok
22:27:47.0500 1812 Ql10wnt - ok
22:27:47.0546 1812 ql12160 - ok
22:27:47.0578 1812 ql1240 - ok
22:27:47.0593 1812 ql1280 - ok
22:27:47.0656 1812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:27:47.0781 1812 RasAcd - ok
22:27:47.0875 1812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:27:48.0031 1812 RasAuto - ok
22:27:48.0140 1812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:27:48.0281 1812 Rasl2tp - ok
22:27:48.0375 1812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:27:48.0515 1812 RasMan - ok
22:27:48.0609 1812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:27:48.0765 1812 RasPppoe - ok
22:27:48.0859 1812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:27:49.0000 1812 Raspti - ok
22:27:49.0078 1812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:27:49.0203 1812 Rdbss - ok
22:27:49.0343 1812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:27:49.0500 1812 RDPCDD - ok
22:27:49.0609 1812 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:27:49.0640 1812 RDPWD - ok
22:27:49.0812 1812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:27:49.0937 1812 RDSessMgr - ok
22:27:50.0046 1812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:27:50.0187 1812 redbook - ok
22:27:50.0281 1812 RegSrvc (e6cd560a4a16feee5503cb59a3e30a84) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:27:50.0312 1812 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:27:50.0312 1812 RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:27:50.0484 1812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:27:50.0625 1812 RemoteAccess - ok
22:27:50.0703 1812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:27:50.0812 1812 RpcLocator - ok
22:27:50.0890 1812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:27:50.0968 1812 RpcSs - ok
22:27:51.0187 1812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:27:51.0328 1812 RSVP - ok
22:27:51.0546 1812 S24EventMonitor (a57b20bb52b7c504b7a9fb4c82b639ba) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:27:51.0609 1812 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:27:51.0609 1812 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:27:51.0875 1812 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:27:51.0875 1812 s24trans ( UnsignedFile.Multi.Generic ) - warning
22:27:51.0875 1812 s24trans - detected UnsignedFile.Multi.Generic (1)
22:27:51.0953 1812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:27:52.0062 1812 SamSs - ok
22:27:52.0156 1812 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:27:52.0171 1812 SASDIFSV - ok
22:27:52.0187 1812 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:27:52.0203 1812 SASKUTIL - ok
22:27:52.0375 1812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:27:52.0515 1812 SCardSvr - ok
22:27:52.0593 1812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:27:52.0750 1812 Schedule - ok
22:27:52.0906 1812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:27:53.0031 1812 Secdrv - ok
22:27:53.0171 1812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:27:53.0328 1812 seclogon - ok
22:27:53.0437 1812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:27:53.0671 1812 SENS - ok
22:27:53.0843 1812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:27:53.0984 1812 Serial - ok
22:27:54.0078 1812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:27:54.0234 1812 Sfloppy - ok
22:27:54.0343 1812 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:27:54.0687 1812 SharedAccess - ok
22:27:54.0812 1812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:27:54.0843 1812 ShellHWDetection - ok
22:27:54.0890 1812 Simbad - ok
22:27:54.0984 1812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:27:55.0281 1812 SLIP - ok
22:27:55.0343 1812 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
22:27:55.0437 1812 SNC - ok
22:27:55.0609 1812 SONYTVC (b20ae555d3db76037dc8d9a8dfbe4149) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
22:27:55.0671 1812 SONYTVC - ok
22:27:55.0750 1812 Sparrow - ok
22:27:55.0796 1812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:27:55.0937 1812 splitter - ok
22:27:56.0062 1812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:27:56.0437 1812 Spooler - ok
22:27:56.0562 1812 SPTISRV (6f5fe741900108660dedcc704b7191cf) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:27:56.0765 1812 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:27:56.0765 1812 SPTISRV - detected UnsignedFile.Multi.Generic (1)
22:27:56.0828 1812 SQLAgent$VAIO_VEDB - ok
22:27:57.0031 1812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:27:57.0187 1812 sr - ok
22:27:57.0312 1812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:27:57.0656 1812 srservice - ok
22:27:58.0031 1812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:27:58.0093 1812 Srv - ok
22:27:58.0312 1812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:27:58.0453 1812 SSDPSRV - ok
22:27:58.0671 1812 SSScsiSV (1a05bc50d258307c9b96e4e05fdba3d4) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:27:58.0687 1812 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
22:27:58.0687 1812 SSScsiSV - detected UnsignedFile.Multi.Generic (1)
22:27:58.0984 1812 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:27:59.0156 1812 StillCam - ok
22:27:59.0390 1812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:27:59.0656 1812 stisvc - ok
22:27:59.0875 1812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:28:00.0015 1812 streamip - ok
22:28:00.0171 1812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:00.0484 1812 swenum - ok
22:28:00.0578 1812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:28:00.0906 1812 swmidi - ok
22:28:00.0921 1812 SwPrv - ok
22:28:00.0953 1812 symc810 - ok
22:28:01.0000 1812 symc8xx - ok
22:28:01.0046 1812 sym_hi - ok
22:28:01.0093 1812 sym_u3 - ok
22:28:01.0171 1812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:28:01.0625 1812 sysaudio - ok
22:28:01.0671 1812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:28:02.0203 1812 SysmonLog - ok
22:28:02.0281 1812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:28:02.0921 1812 TapiSrv - ok
22:28:03.0062 1812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:03.0328 1812 Tcpip - ok
22:28:03.0375 1812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:03.0515 1812 TDPIPE - ok
22:28:03.0671 1812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:28:03.0843 1812 TDTCP - ok
22:28:04.0109 1812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:04.0250 1812 TermDD - ok
22:28:04.0562 1812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:28:04.0750 1812 TermService - ok
22:28:04.0812 1812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:28:05.0046 1812 Themes - ok
22:28:05.0171 1812 tifmsony (2c946b5dfbe608ec036f88d98658ef75) C:\WINDOWS\system32\drivers\tifmsony.sys
22:28:05.0375 1812 tifmsony - ok
22:28:05.0390 1812 TosIde - ok
22:28:05.0484 1812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:28:06.0140 1812 TrkWks - ok
22:28:06.0328 1812 TuneUp.UtilitiesSvc (5dc6ddee665e075a5937656cfda53229) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
22:28:06.0468 1812 TuneUp.UtilitiesSvc - ok
22:28:06.0531 1812 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
22:28:06.0656 1812 TuneUpUtilitiesDrv - ok
22:28:06.0812 1812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:28:07.0187 1812 Udfs - ok
22:28:07.0203 1812 ultra - ok
22:28:07.0265 1812 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
22:28:07.0703 1812 UMWdf - ok
22:28:07.0781 1812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:28:08.0015 1812 Update - ok
22:28:08.0281 1812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:28:08.0468 1812 upnphost - ok
22:28:08.0640 1812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:28:08.0859 1812 UPS - ok
22:28:08.0968 1812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:28:09.0125 1812 usbaudio - ok
22:28:09.0421 1812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:09.0640 1812 usbccgp - ok
22:28:09.0781 1812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:10.0000 1812 usbehci - ok
22:28:10.0062 1812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:10.0312 1812 usbhub - ok
22:28:10.0390 1812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:10.0734 1812 usbprint - ok
22:28:10.0796 1812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:11.0187 1812 usbscan - ok
22:28:11.0234 1812 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:11.0656 1812 usbstor - ok
22:28:11.0703 1812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:28:12.0140 1812 usbuhci - ok
22:28:12.0234 1812 UxTuneUp (17b8e52e002a574efd60fff864a525b1) C:\WINDOWS\System32\uxtuneup.dll
22:28:12.0484 1812 UxTuneUp - ok
22:28:12.0609 1812 VAIO Entertainment Aggregation and Control Service (b611ddc722abc67c53147f9dab69f4be) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
22:28:12.0781 1812 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - warning
22:28:12.0781 1812 VAIO Entertainment Aggregation and Control Service - detected UnsignedFile.Multi.Generic (1)
22:28:12.0921 1812 VAIO Entertainment Task Scheduler (58c817aca245e57987b446babeb307c6) C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
22:28:13.0171 1812 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - warning
22:28:13.0171 1812 VAIO Entertainment Task Scheduler - detected UnsignedFile.Multi.Generic (1)
22:28:13.0250 1812 VAIO Entertainment TV Device Arbitration Service (eb2066f9d426f91e853d59d51f39f99f) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
22:28:13.0484 1812 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
22:28:13.0484 1812 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
22:28:13.0609 1812 VAIO Event Service (2b0eac2b6e5f1c5e007dabae101028b0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
22:28:13.0796 1812 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
22:28:13.0828 1812 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
22:28:14.0171 1812 VAIOMediaPlatform-IntegratedServer-AppServer (ec73f4eb2a930d2e161c1a1c9e3a76da) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
22:28:14.0515 1812 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
22:28:14.0515 1812 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
22:28:14.0781 1812 VAIOMediaPlatform-IntegratedServer-HTTP (b74a27540b0b7fe393a882b94b0d2188) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
22:28:14.0843 1812 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
22:28:14.0843 1812 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
22:28:14.0921 1812 VAIOMediaPlatform-IntegratedServer-UPnP (4914b65dccf68cb95c2d1303c7264c8c) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
22:28:15.0062 1812 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
22:28:15.0062 1812 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
22:28:15.0203 1812 Vcsw - ok
22:28:15.0421 1812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:28:15.0531 1812 VgaSave - ok
22:28:15.0656 1812 ViaIde - ok
22:28:15.0859 1812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:28:15.0968 1812 VolSnap - ok
22:28:16.0109 1812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:28:16.0265 1812 VSS - ok
22:28:16.0468 1812 VzCdbSvc (0bd64ccea7b4bf25ca2fb9bf1444dfd9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
22:28:16.0531 1812 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
22:28:16.0531 1812 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
22:28:16.0593 1812 VzFw (e81e8c7dc7ebc6cede156eaad5ef9c8e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
22:28:16.0656 1812 VzFw ( UnsignedFile.Multi.Generic ) - warning
22:28:16.0656 1812 VzFw - detected UnsignedFile.Multi.Generic (1)
22:28:17.0281 1812 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:28:17.0781 1812 w29n51 - ok
22:28:18.0609 1812 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:28:18.0750 1812 W32Time - ok
22:28:18.0875 1812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:19.0000 1812 Wanarp - ok
22:28:19.0015 1812 WDICA - ok
22:28:19.0046 1812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:28:19.0171 1812 wdmaud - ok
22:28:19.0531 1812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:28:19.0687 1812 WebClient - ok
22:28:20.0734 1812 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:28:20.0859 1812 winachsf - ok
22:28:21.0500 1812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:21.0625 1812 winmgmt - ok
22:28:22.0218 1812 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:28:22.0484 1812 wlidsvc - ok
22:28:22.0671 1812 WmcCds (20263dafd033d30f151bb87568386769) c:\program files\windows media connect\mswmccds.exe
22:28:22.0812 1812 WmcCds ( UnsignedFile.Multi.Generic ) - warning
22:28:22.0812 1812 WmcCds - detected UnsignedFile.Multi.Generic (1)
22:28:23.0062 1812 WmcCdsLs (1dd015a69235dcfae18b5f98fb50be23) C:\Program Files\Windows Media Connect\mswmcls.exe
22:28:23.0109 1812 WmcCdsLs ( UnsignedFile.Multi.Generic ) - warning
22:28:23.0109 1812 WmcCdsLs - detected UnsignedFile.Multi.Generic (1)
22:28:23.0750 1812 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
22:28:23.0796 1812 WmdmPmSN - ok
22:28:24.0296 1812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:28:24.0437 1812 WmiApSrv - ok
22:28:25.0109 1812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:28:25.0265 1812 WS2IFSL - ok
22:28:25.0578 1812 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:28:25.0687 1812 wscsvc - ok
22:28:26.0140 1812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:28:26.0281 1812 WSTCODEC - ok
22:28:26.0671 1812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:28:26.0812 1812 wuauserv - ok
22:28:27.0265 1812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:28:27.0468 1812 WZCSVC - ok
22:28:27.0750 1812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:28:27.0875 1812 xmlprov - ok
22:28:28.0000 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:28:34.0718 1812 \Device\Harddisk0\DR0 - ok
22:28:34.0875 1812 Boot (0x1200) (da2010a4a97ea9da558f37be5c4879f6) \Device\Harddisk0\DR0\Partition0
22:28:34.0890 1812 \Device\Harddisk0\DR0\Partition0 - ok
22:28:34.0906 1812 ============================================================
22:28:34.0906 1812 Scan finished
22:28:34.0906 1812 ============================================================
22:28:34.0906 2872 Detected object count: 25
22:28:34.0906 2872 Actual detected object count: 25
22:28:51.0062 2872 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0062 2872 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0062 2872 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0062 2872 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0062 2872 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0062 2872 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0062 2872 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0062 2872 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0078 2872 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0078 2872 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 WmcCds ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 WmcCds ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:51.0093 2872 WmcCdsLs ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0093 2872 WmcCdsLs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:58.0640 2396 Deinitialize success

OTL logfile created on: 3/28/2012 10:42:26 PM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Morsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.32% Memory free
1.63 Gb Paging File | 1.26 Gb Available in Paging File | 77.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.16 Gb Total Space | 75.83 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 8A287A4ADEF0487 | User Name: Morsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/30 20:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/09 18:57:16 | 000,403,512 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe
PRC - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxefserv.exe
PRC - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxefcoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/02/09 09:43:58 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/28 16:54:20 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032802\algo.dll
MOD - [2010/09/10 14:23:33 | 000,049,296 | ---- | M] () -- C:\WINDOWS\system32\LXEFPMON.DLL
MOD - [2010/09/10 14:22:24 | 000,032,863 | ---- | M] () -- C:\Program Files\Lexmark S800 Series\ipcmt.dll
MOD - [2010/07/20 03:55:15 | 000,181,248 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxefdrpp.dll
MOD - [2009/11/05 10:35:08 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEFoem.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/05/20 21:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/09 13:10:04 | 000,189,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxefserv.exe -- (lxefCATSCustConnectService)
SRV - [2010/09/09 13:10:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxefcoms.exe -- (lxef_device)
SRV - [2009/05/14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2005/10/14 14:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 16:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 16:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 16:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 18:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 09:19:26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/01 15:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 19:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 18:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 18:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/02/10 16:44:04 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 09:43:58 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/08/11 04:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 01:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Morsan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/10 12:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2005/08/12 07:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/07/23 03:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/20 01:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/29 13:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/23 13:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 13:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 13:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/18 13:01:32 | 000,237,568 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2005/02/11 03:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/09/29 16:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/03/21 09:14:58 | 000,021,376 | R--- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2000/12/05 20:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 01:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 04:15:07 | 000,000,000 | ---D | M]

[2012/03/17 04:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morsan\Application Data\Mozilla\Extensions
[2012/03/17 04:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Morsan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/28 22:18:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP QuickPrint) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1736887399-4225240512-4132258574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5444113B-24B2-4C45-9B30-5BE2BCE9EF9E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/16 20:45:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/03/28 22:24:01 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morsan\Desktop\tdsskiller.exe
[2012/03/28 22:04:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/28 22:03:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/28 22:03:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/28 22:03:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/28 22:03:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/28 22:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/28 22:01:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 21:59:58 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Morsan\Desktop\ComboFix.exe
[2012/03/28 21:27:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/28 01:35:40 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2012/03/28 01:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Desktop\RK_Quarantine
[2012/03/25 20:35:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Morsan\Desktop\aswMBR.exe
[2012/03/20 16:06:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Local Settings\Application Data\Mozilla
[2012/03/17 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\Mozilla
[2012/03/17 04:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/17 03:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2012/03/17 03:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/03/17 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/03/17 02:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morsan\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/17 02:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/17 01:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/17 01:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/17 01:47:32 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/17 01:47:32 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/17 01:47:28 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/17 01:47:27 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/17 01:47:26 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/17 01:47:25 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/17 01:47:25 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/17 01:47:24 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/17 01:46:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/17 01:46:09 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 01:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/17 01:35:26 | 088,861,872 | ---- | C] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/11 21:13:48 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll

========== Files - Modified Within 30 Days ==========

[2012/03/28 22:44:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/28 22:44:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job
[2012/03/28 22:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 22:24:07 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morsan\Desktop\tdsskiller.exe
[2012/03/28 22:18:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/28 22:05:03 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2012/03/28 22:00:09 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Morsan\Desktop\ComboFix.exe
[2012/03/28 21:57:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 21:57:01 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 21:57:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 01:31:47 | 001,261,056 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\RogueKiller.exe
[2012/03/28 01:29:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/28 00:50:25 | 000,920,096 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Norton_Removal_Tool.exe
[2012/03/25 21:00:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\MBR.dat
[2012/03/25 20:35:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Morsan\Desktop\aswMBR.exe
[2012/03/20 16:06:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morsan\Desktop\OTL.exe
[2012/03/20 15:47:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/17 04:15:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 02:02:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:47:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:47:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/17 01:35:30 | 088,861,872 | ---- | M] (COMODO) -- C:\Documents and Settings\Morsan\Desktop\cfw_installer.exe
[2012/03/17 01:15:00 | 015,400,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Morsan\Desktop\SUPERAntiSpyware.exe
[2012/03/17 01:10:44 | 074,761,776 | ---- | M] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/03/14 11:23:11 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:57:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 07:20:18 | 000,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 07:20:18 | 000,060,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 21:13:44 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/11 21:13:20 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2012/03/28 22:05:03 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2012/03/28 22:04:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/28 22:03:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/28 22:03:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/28 22:03:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/28 22:03:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/28 22:03:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/28 01:27:28 | 001,261,056 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\RogueKiller.exe
[2012/03/28 00:50:20 | 000,920,096 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Norton_Removal_Tool.exe
[2012/03/25 21:00:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\MBR.dat
[2012/03/17 04:15:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 04:15:11 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/17 03:55:58 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/03/17 03:27:36 | 000,150,233 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware Removal.PNG
[2012/03/17 03:26:31 | 001,431,686 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\Spyware.PNG
[2012/03/17 02:51:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 01:49:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/17 01:49:41 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Morsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/17 01:47:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 01:47:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 01:47:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/17 01:10:32 | 074,761,776 | ---- | C] () -- C:\Documents and Settings\Morsan\Desktop\avast_free_antivirus_setup.exe
[2012/02/23 11:46:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/25 11:10:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxefvs.dll
[2011/03/25 11:09:46 | 000,438,272 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefcoin.dll
[2011/03/25 11:08:53 | 000,086,150 | ---- | C] () -- C:\WINDOWS\System32\lxefgcfg.dll
[2011/03/25 11:08:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\lxefcuir.dll
[2011/03/25 11:08:34 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\lxefcui.dll
[2011/03/25 10:22:09 | 000,037,012 | ---- | C] () -- C:\WINDOWS\System32\LXEFFXPU.DLL
[2011/03/25 10:22:08 | 000,049,296 | ---- | C] () -- C:\WINDOWS\System32\LXEFPMON.DLL
[2011/03/25 10:22:04 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEFoem.dll
[2011/03/25 10:06:32 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxefrwrd.ini
[2011/03/25 10:05:01 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\LXEFinst.dll
[2011/03/25 10:04:57 | 000,430,080 | R--- | C] ( ) -- C:\WINDOWS\System32\lxefhcp.dll
[2011/03/25 10:04:55 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefinpa.dll
[2011/03/25 10:04:54 | 000,327,680 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefiesc.dll
[2011/03/25 10:04:52 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefusb1.dll
[2011/03/25 10:04:46 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefserv.dll
[2011/03/25 10:04:44 | 000,634,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefpmui.dll
[2011/03/25 10:04:42 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeflmpm.dll
[2011/03/25 10:04:40 | 000,057,486 | ---- | C] () -- C:\WINDOWS\System32\lxefjswr.dll
[2011/03/25 10:04:37 | 000,262,278 | ---- | C] () -- C:\WINDOWS\System32\lxefinsb.dll
[2011/03/25 10:04:36 | 000,106,638 | ---- | C] () -- C:\WINDOWS\System32\lxefinsr.dll
[2011/03/25 10:04:35 | 000,450,693 | ---- | C] () -- C:\WINDOWS\System32\lxefins.dll
[2011/03/25 10:04:34 | 000,307,880 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefih.exe
[2011/03/25 10:04:32 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefhbn3.dll
[2011/03/25 10:04:30 | 000,299,149 | ---- | C] () -- C:\WINDOWS\System32\lxefgrd.dll
[2011/03/25 10:04:29 | 000,090,245 | ---- | C] () -- C:\WINDOWS\System32\lxefcub.dll
[2011/03/25 10:04:26 | 000,037,003 | ---- | C] () -- C:\WINDOWS\System32\lxefcur.dll
[2011/03/25 10:04:25 | 000,258,180 | ---- | C] () -- C:\WINDOWS\System32\lxefcu.dll
[2011/03/25 10:04:24 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcoms.exe
[2011/03/25 10:04:22 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomm.dll
[2011/03/25 10:04:15 | 000,815,104 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcomc.dll
[2011/03/25 10:04:14 | 000,357,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxefcfg.exe
[2011/03/25 09:58:11 | 000,025,088 | R--- | C] () -- C:\WINDOWS\System32\lxefsmr.dll
[2011/03/25 09:58:09 | 000,630,784 | R--- | C] () -- C:\WINDOWS\System32\lxefsm.dll
[2011/01/22 04:51:20 | 000,028,580 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/21 04:23:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Morsan\Local Settings\Application Data\fusioncache.dat
[2010/11/21 03:44:44 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010/11/21 03:43:08 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/21 03:42:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/11/21 03:42:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/11/21 03:42:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/11/21 03:42:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/11/21 03:42:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/11/21 03:41:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 03:34:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini

========== LOP Check ==========

[2012/03/17 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/25 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S800 Series
[2011/05/12 23:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/02/23 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/05/12 23:09:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/01/22 04:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/12 07:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\InterVideo
[2011/06/04 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferlianty\Application Data\TuneUp Software
[2011/02/12 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\Titanium Gears
[2011/05/12 23:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\TuneUp Software
[2011/02/12 18:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ferra\Application Data\Uniblue
[2012/03/14 11:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\InterVideo
[2012/03/14 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremia\Application Data\TuneUp Software
[2011/06/04 12:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/12 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morsan\Application Data\TuneUp Software
[2012/03/14 07:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yanni\Application Data\TuneUp Software
[2010/11/21 04:22:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/11/21 04:22:45 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/03/28 22:44:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE290E4C-C806-433C-83B6-08CF4D40E1E3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< End of report >

Edited by VortexR18, 28 March 2012 - 10:20 PM.

#12
CompCav

Posted 29 March 2012 - 07:57 AM

Member 5k

Expert
12,454 posts

Hi,

I also need to know:

How is your computer doing? Are your wallpaper and icons normal?

Regards,

CompCav

#13
VortexR18

Posted 30 March 2012 - 01:25 AM

Member

Topic Starter
Member
57 posts

Hello again CompCav,

Nothing suspicious to report at all. Icons and wallpaper are still normal

#14
CompCav

Posted 30 March 2012 - 01:52 PM

Member 5k

Expert
12,454 posts

Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on:
When prompted allow Add-On/Active X to install.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 4.

Please post:

mbam log
eset log
security check log

Please give me an update on how your computer is doing!

#15
VortexR18

Posted 31 March 2012 - 04:07 AM

Member

Topic Starter
Member
57 posts

Hello again, am I supposed to check "Delete Quarantine files" after the ESET scan?
Also, you are asking me to copy the found threats on a notepad on ESET corect?