[arkman]

I've run maleware bytes in safe mode multiple times and I always find about 18-19 items. After the removals of said items I still seem to be getting redirected to various sites. Winpatrol also seems to be working overtime warning me about various things.


OTL logfile created on: 5/20/2012 2:16:39 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 272.59 Mb Available Physical Memory | 26.67% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 73.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 1.19 Gb Free Space | 1.74% Space Free | Partition Type: NTFS

Computer Name: Work | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 02:15:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 13:22:20 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/02/28 17:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/22 21:10:16 | 001,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 16:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2010/04/16 11:36:56 | 000,406,016 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\USP10.dll
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:12:36 | 000,050,688 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\smss.exe
MOD - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
MOD - [2008/04/13 20:12:04 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dll
MOD - [2008/04/13 20:12:02 | 000,118,784 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLL
MOD - [2008/04/13 20:11:56 | 000,022,016 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\LPK.DLL
MOD - [2008/04/13 13:39:24 | 002,897,920 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll
MOD - [2006/02/28 17:39:02 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/28 17:39:02 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/28 17:39:02 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/13 17:15:04 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/28 19:45:50 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\filterservice.dll -- (wkscfgsrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NetwareWorkstation.dll -- (W2acehid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (vproeventmonitor)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wg6n.dll -- (vmkbd2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\camdrl.dll -- (Via4in1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\winachcf.dll -- (uisp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sit_flt.dll -- (U2SP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w550mdfl.dll -- (twdns)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CnxTrUsb.dll -- (T6963C)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bocdrive.dll -- (susbser)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ATMsg.dll -- (stunnel)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RioS30.dll -- (ssoftservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MRESP50a64.dll -- (SQLAgent$LG_LP2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (sisagp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\regmanserv.dll -- (SimpTcp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\JiaoCap.dll -- (Si3132)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\USBDeviceService.dll -- (SED133x)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\spooler.dll -- (se58bus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aniwzcsdservice.dll -- (se44nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ntpr_nic_service2.dll -- (SE27mdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wdmaud.dll -- (SDdriver)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcvmm.dll -- (SbieDrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SABSVC.dll -- (s7otranx)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (s117mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\es1371.dll -- (rismxdp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\icm10blk.dll -- (revudfservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\elnkservice.dll -- (rasirda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcbus.dll -- (ramaint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dimension4.dll -- (qbposdbservices)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpdj.dll -- (pxfhmdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (PSDNServ)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s125obex.dll -- (profos)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (pptchpad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdrpman.dll -- (pdlnshay)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ipcsvc.dll -- (pcx1nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\houdiniserver.dll -- (oracleorahome92tnslistener)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\klif.dll -- (omsad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (ntuneservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\S3GIGP.dll -- (ntcharge)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ASLDRService.dll -- (nmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdrbsdrv.dll -- (nisum)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (NICSer_WPC54G)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ceepwrsvc.dll -- (netmdsb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\HIDSwvd.dll -- (MXOFX)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (msmframework)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\F700iob.dll -- (msi_wlan_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EIO.dll -- (mi-raysat_3dsMax2008_32)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdr4_xp.dll -- (meraksmtp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\motmodem.dll -- (MaVctrl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (ma_cmidi_installerservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nsysaudm.dll -- (lsdiorw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpgate.dll -- (LKbdFlt2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (k750mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fireport.dll -- (ispwdsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fsma.dll -- (irda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pca.dll -- (ihcservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\emAudio.dll -- (GoogleDesktopManager-010708-104812)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\haspnt.dll -- (filterservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (EUSBMSD)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (emupia)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcandis5.dll -- (ELmon)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w800obex.dll -- (EIO_XP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdiddcci.dll -- (dvpapi)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hclinetd.dll -- (DcFpoint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ggsemc.dll -- (db2jds)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MobilePreInstallerService.dll -- (cxlpt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\isapisearch.dll -- (ctprxy2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (cpqdfw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RalinkRegistryWriter.dll -- (Cardex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cercsr6.dll -- (cachemanxp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwcwdm.dll -- (btwaudio)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\asuskeyboardservice.dll -- (bthmodem)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\o2flash.dll -- (bt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (avipbb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cicsclient.dll -- (avidsdmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SilverLink.dll -- (avc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\entertainment.dll -- (ASNDIS5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (aslm75)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nla.dll -- (ASDR)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\servidor.dll -- (asapiw2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\gameenum.dll -- (arrayssl_vpn_service3,0,1,9)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdlnebas.dll -- (ar5211)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}.dll -- (aic116x)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s116obex.dll -- (advantage)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\svchost.dll -- (admjoy)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\JGOGO.dll -- (61883)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\mclogmanagerservice.dll -- (zumbus)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\wg5n.dll -- (vmnetbridge)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\transcode360.dll -- (unrealircd)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\bdrsdrv.dll -- (tfsncofs)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\cqcpu.dll -- (rtport)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll -- (rdpdr)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\LEX_AS_NIC_SERVICE_YNOS.dll -- (pae_1394)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\BCM42RLY.dll -- (oracledbconsoleorcl)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\a8djavs.dll -- (NICSer_WPC300N)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ialm.dll -- (MRESP50)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\DLARTL_M.dll -- (marvinbus)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\personalsecuredriveservice.dll -- (lhidusb)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\rdnaoflsvc.dll -- (hcwPP2)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\USBCCID.dll -- (FirePM)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\swwd.dll -- (elockservice)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\tsscoreservice.dll -- (DS1410D)
SRV - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\NMSAccessU.dll -- (cwafadmincontroller)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys -- (MpKsld903df8a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys -- (MpKslcfc00972)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys -- (MpKslc7db95b3)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys -- (MpKslc5497097)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys -- (MpKsla4e06307)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys -- (MpKsl8e1bda59)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys -- (MpKsl89c4b4a0)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys -- (MpKsl87b1fb46)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys -- (MpKsl3e6442b9)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys -- (MpKsl3aa3c35d)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys -- (MpKsl36782a5c)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys -- (MpKsl281305a0)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys -- (MpKsl20977336)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys -- (MpKsl09776da1)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a0kpixmk)
DRV - [2012/05/20 02:06:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:55:50 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/11/27 15:25:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/16 20:53:00 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/11 15:05:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/07/17 23:22:20 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/24 15:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/04/13 23:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 13:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 13:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/10 14:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 20:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/21 18:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shpf.sys -- (shpf)
DRV - [2005/10/21 15:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/18 20:12:50 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{840EC0F1-817C-4457-9474-DF761719D960}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Computer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Computer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2010/05/16 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Computer\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (PSLogon.dll) - C:\WINDOWS\System32\PSLogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 21:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 02:15:28 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computer\Desktop\OTL.exe
[2012/05/20 02:06:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/20 01:51:07 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Computer\My Documents\My Safe
[2012/05/11 23:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Desktop\RK_Quarantine
[2012/05/11 23:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/05/20 02:36:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/20 02:36:13 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
[2012/05/20 02:15:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer\Desktop\OTL.exe
[2012/05/20 02:06:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/20 01:51:07 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/20 01:50:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/20 01:50:59 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/20 01:50:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 01:50:54 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 23:36:04 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
[2012/05/12 23:01:26 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 23:49:14 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/11 23:49:14 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/06 00:09:28 | 001,412,608 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\RogueKiller.exe
[2012/04/26 01:08:05 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/05/13 10:41:14 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/06 00:09:21 | 001,412,608 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\RogueKiller.exe
[2012/04/11 00:24:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/09 23:41:45 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-7UA4F.exe
[2012/02/17 00:10:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 01:06:46 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FQ1CT.exe
[2011/08/19 12:35:39 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/08/19 12:35:39 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011/04/11 10:37:53 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-S0J3O.exe
[2010/11/27 17:22:34 | 000,002,114 | ---- | C] () -- C:\Documents and Settings\Computer\Application Data\SAS7_000.DAT
[2010/08/22 12:05:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/08/22 12:05:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/08/22 12:05:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

========== LOP Check ==========

[2010/03/21 16:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/06 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/27 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/10/15 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/02/04 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/10/15 02:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/27 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/07 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 04:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/08/24 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/11/02 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2012/04/19 23:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/13 07:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/05/13 07:45:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/11/09 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/09 11:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/15 03:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Aim
[2012/04/25 23:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Azureus
[2010/11/27 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\DAEMON Tools Lite
[2009/02/16 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\ICAClient
[2006/11/04 00:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\InterVideo
[2006/10/15 02:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Leadertech
[2009/06/22 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\LimeWire
[2010/08/27 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\NCH Swift Sound
[2010/11/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Nuance
[2009/12/24 20:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\PPLiveVA
[2006/10/14 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Protector Suite
[2009/03/23 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\SMART Technologies
[2009/03/18 09:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\SMART Technologies Inc
[2007/12/21 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Snapfish
[2007/03/18 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Template
[2010/06/01 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\ThomsonWest
[2007/02/16 23:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Viewpoint
[2010/08/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\WinPatrol

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB61707$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 5/20/2012 2:16:39 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 272.59 Mb Available Physical Memory | 26.67% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 73.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 1.19 Gb Free Space | 1.74% Space Free | Partition Type: NTFS

Computer Name: Work | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe" = C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr -- (Sony Corporation)
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" = C:\Program Files\Sony\VAIO Power Management\SPMgr.exe:*:Enabled:SPMgr -- (Sony Corporation)
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"C:\Program Files\ExamSoft\SofTest\softest.exe" = C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest

"C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.scr" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.scr:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\SpywareBlaster\spywareblaster.exe" = C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{565F04D0-11FA-487E-8A92-F9D11CC011B3}" = VAIO Power Management
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E28BF59-68CE-43D2-A66D-DA94E111FF29}" = WinTin++
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C30A87A3-AD40-4EEC-AE35-1D06906F833C}" = SofTest Bar Edition
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}" = Fingerprint Tutorial
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6D24DE1-6894-452D-A714-FDA0929714EC}" = TPM Tutorial
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"htmltads.exe" = HTML TADS Player Kit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"Sony Ericsson Wireless Modem" = Sony Ericsson Wireless Modem
"SoundTaxi_is1" = SoundTaxi 3.6.5
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Switch" = Switch Sound File Converter
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 5/20/2012 2:11:06 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:15:55 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:17:03 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:21:27 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:24:49 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:26:46 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:31:06 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:34:29 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:36:05 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/20/2012 2:39:02 AM | Computer Name = Work | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

[Advertisements]

Hello, arkman!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for arkman only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[Nedklaw]

Hello, arkman!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for arkman only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[Nedklaw]

Hi.
Lets get started:


Step 1

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer 3 options.
  
• Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

• ComboFix.txt
• TDSSKiller.[Version]_[Date]_[Time]_log.txt

[arkman]

I was in the middle of running Combofix when I got an error message regarding the laptop suddenly not recognizing my battery, that I had to put the laptop into hibernate mode and that I should remove my battery. The mousepad also stopped working. I pushed the spacebar to see if the computer froze and I this put the laptop into hibernate.

I powered the laptop back on after removing the battery and the mousepad still didn't work. So, I stuck a corded mouse into the laptop. That worked. I then attempted to open internet explorer and got a message saying that I was connected to the internet with limited or no connectivity. Currently on another computer. Suggestions?

[Nedklaw]

Hi.


Step 1

You can look at the page here to try out solutions to the battery not being recognized problem.


Step 2

We will uninstall and reinstall your touchpad software and see if that gets the touchpad working again:

• Click the Start button.
• Click Control Panel.
• Click System Control Panel.
• Click the Hardware tab.
• Click the button labelled Device Manager.
• Click the + next to mice and other pointing devices. Select the software that appears in the list.
• From the toolbar, click the uninstall button (looks like a computer with a red X over it).
• Reboot your computer.

Step 3

Please download Farbar Service Scanner and transfer it to the computer with the internet issue. Double click the file to run it.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Things I want to see in your next reply

• FSS.txt

[arkman]

Farbar Service Scanner Version: 17-05-2012
Ran by Computer (administrator) on 22-05-2012 at 23:09:53
Running from "C:\Documents and Settings\Computer\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2006-07-21 21:30] - [2011-08-17 09:49] - 0138496 ____A () DE01AE30D1D4D3B9607E266FAA9D4228

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

[Nedklaw]

Hi.


Step 1

• Please go to Start > Run.
• Type services.msc and click OK.
• Click on the Internet Connection Sharing (ICS) and Windows Update service.
• Right-click the services and then click Start.
  
• Click on the Background Intelligent Transfer Service.
• Under startup type select Automatic.
• Click Apply then OK.
• Reboot your computer.

Step 2

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

afd.sys

Click the Search Files button and post the log (FSS.txt) it makes in your reply.


Step 3

Have you had any more battery not recognized messages?
Is your touchpad now working?


Step 4

Has ComboFix produced a log at C:\ComboFix.txt. If it has then please post it in your next reply.


Things I want to see in your next reply

• FSS.txt
• Answers to my questions
• ComboFix.txt

[arkman]

Hm, I dont see Internet Connection Service or Windows Update...

[Nedklaw]

Hi.

Internet Connection Sharing (ICS) should appear as Windows Firewall.
Windows Update should appear as Automatic Updates.

[arkman]

Could not start the Automatic Updates service on Local Computer.
Error 0x80072742: A socket operation encountered a dead network.


Could not start the Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer.
Error 10050: A socket operation encountered a dead network.

[Nedklaw]

Hi.
Please proceed with the remaining instructions.

[arkman]

Battery and mousepad are working fine now, thanks!





Farbar Service Scanner Version: 17-05-2012
Ran by Computer (administrator) on 26-05-2012 at 22:17:40
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "afd.sys" =========

C:\WINDOWS\system32\drivers\afd.sys
[2006-07-21 21:30] - [2011-08-17 09:49] - 0138496 ____A () DE01AE30D1D4D3B9607E266FAA9D4228

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 07:40] - [2011-08-17 09:49] - 0138496 ____C (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys
[2008-10-16 10:43] - [2008-10-16 10:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys
[2012-04-12 00:16] - [2011-08-17 09:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2012-04-12 00:16] - [2011-08-17 09:49] - 0138496 ____A (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-04-13 15:19] - [2008-04-13 15:19] - 0138112 ____N (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2009-01-17 03:25] - [2008-06-20 07:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2009-01-17 03:23] - [2008-04-13 15:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-10-18 09:04] - [2011-02-16 09:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-08-27 04:36] - [2008-08-14 06:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2011-08-27 04:44] - [2008-10-16 10:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2009-01-17 02:41] - [2006-02-28 08:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2009-01-17 02:39] - [2008-08-14 06:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 07:48] - [2008-06-20 07:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-18 01:49] - [2011-08-17 09:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 11:07] - [2008-10-16 11:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-08-26 17:12] - [2011-02-16 09:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======




ComboFix 12-05-21.06 - Computer 05/21/2012 23:38:50.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.735 [GMT -4:00]
Running from: c:\documents and settings\Computer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB61707$\1025842443
c:\windows\$NtUninstallKB61707$\1174779662\@
c:\windows\$NtUninstallKB61707$\1174779662\cfg.ini
c:\windows\$NtUninstallKB61707$\1174779662\Desktop.ini
c:\windows\$NtUninstallKB61707$\1174779662\L\ixmgcazl
c:\windows\$NtUninstallKB61707$\1174779662\oemid
c:\windows\$NtUninstallKB61707$\1174779662\U\00000001.@
c:\windows\$NtUninstallKB61707$\1174779662\U\00000002.@
c:\windows\$NtUninstallKB61707$\1174779662\U\00000004.@
c:\windows\$NtUninstallKB61707$\1174779662\U\80000000.@
c:\windows\$NtUninstallKB61707$\1174779662\U\80000004.@
c:\windows\$NtUninstallKB61707$\1174779662\U\80000032.@
c:\windows\$NtUninstallKB61707$\1174779662\version
c:\windows\EventSystem.log
c:\windows\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll
c:\windows\system32\a8djavs.dll
c:\windows\system32\BCM42RLY.dll
c:\windows\system32\bdrsdrv.dll
c:\windows\system32\cqcpu.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DLARTL_M.dll
c:\windows\system32\ialm.dll
c:\windows\system32\KLOGNT.dll
c:\windows\system32\LEX_AS_NIC_SERVICE_YNOS.dll
c:\windows\system32\mclogmanagerservice.dll
c:\windows\system32\mferkdk.dll
c:\windows\system32\NMSAccessU.dll
c:\windows\system32\pdlncfwk.dll
c:\windows\system32\personalsecuredriveservice.dll
c:\windows\system32\PSLogon.dll
c:\windows\system32\rdnaoflsvc.dll
c:\windows\system32\swwd.dll
c:\windows\system32\transcode360.dll
c:\windows\system32\tsscoreservice.dll
c:\windows\system32\USBCCID.dll
c:\windows\system32\vcsw.dll
c:\windows\system32\wg5n.dll
c:\windows\system32\wps.dll
c:\windows\$NtUninstallKB61707$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\imm32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_alertmanager
-------\Legacy_cwafadmincontroller
-------\Legacy_defwatch
-------\Legacy_DS1410D
-------\Legacy_elockservice
-------\Legacy_epsonbidirectionalservice
-------\Legacy_FirePM
-------\Legacy_hcwPP2
-------\Legacy_MA_CMIDI
-------\Legacy_marvinbus
-------\Legacy_MRESP50
-------\Legacy_ndasscsi
-------\Legacy_NICSer_WPC300N
-------\Legacy_oracledbconsoleorcl
-------\Legacy_pae_1394
-------\Legacy_rtport
-------\Legacy_tfsncofs
-------\Legacy_unrealircd
-------\Legacy_zumbus
-------\Service_alertmanager
-------\Service_cwafadmincontroller
-------\Service_defwatch
-------\Service_DS1410D
-------\Service_elockservice
-------\Service_epsonbidirectionalservice
-------\Service_FirePM
-------\Service_hcwPP2
-------\Service_MA_CMIDI
-------\Service_marvinbus
-------\Service_MRESP50
-------\Service_ndasscsi
-------\Service_NICSer_WPC300N
-------\Service_oracledbconsoleorcl
-------\Service_pae_1394
-------\Service_rtport
-------\Service_tfsncofs
-------\Service_unrealircd
-------\Service_zumbus
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-20 06:06 . 2012-05-20 06:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-07-22 01:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 03:41 . 2012-04-10 03:41 711240 ----a-w- c:\windows\is-7UA4F.exe
2012-04-04 19:56 . 2011-11-01 03:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-07-22 01:31 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-07-22 01:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-07-22 01:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-07-22 01:31 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-07-22 01:31 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-07-22 01:31 385024 ----a-w- c:\windows\system32\html.iec
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Computer\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2011 11:52 PM 654408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2011 11:51 PM 22344]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/20/2012 2:06 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys --> c:\windows\system32\DRIVERS\SonyPI.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
audiosrv
browser
cryptsvc
dmserver
dhcp
ersvc
eventsystem
fastuserswitchingcompatibility
ias
iprip
irmon
lanmanserver
lanmanworkstation
messenger
netman
nla
ntmssvc
nwcworkstation
nwsapagent
rasauto
rasman
rismxdp
SQLAgent$LG_LP2
ma_cmidi_installerservice
61883
profos
aic116x
rasirda
ar5211
msmframework
cpqdfw
s117mgmt
SimpTcp
EUSBMSD
Cardex
LKbdFlt2
vproeventmonitor
btwaudio
stunnel
pdlnshay
SbieDrv
W2acehid
EIO_XP
revudfservice
ELmon
se58bus
irda
avidsdmservice
ntcharge
advantage
avipbb
Si3132
SE27mdfl
se44nd5
pxfhmdfl
admjoy
cxlpt
DcFpoint
arrayssl_vpn_service3,0,1,9
asapiw2k
ASDR
netmdsb
lsdiorw
db2jds
NICSer_WPC300N
rdpdr
FirePM
zumbus
tfsncofs
hcwPP2
unrealircd
elockservice
rtport
ndasscsi
defwatch
MA_CMIDI
epsonbidirectionalservice
alertmanager
marvinbus
cwafadmincontroller
oracledbconsoleorcl
vmnetbridge
pae_1394
DS1410D
MRESP50
lhidusb
susbser
NICSer_WPC54G
ctprxy2k
s7otranx
SED133x
oracleorahome92tnslistener
msi_wlan_service
U2SP
twdns
qbposdbservices
ispwdsvc
ramaint
PSDNServ
T6963C
meraksmtp
SDdriver
sisagp
k750mgmt
cachemanxp
aslm75
bthmodem
dvpapi
MaVctrl
emupia
ntuneservice
MXOFX
mi-raysat_3dsMax2008_32
GoogleDesktopManager-010708-104812
wkscfgsrv
pcx1nd5
ihcservice
nmservice
uisp
filterservice
omsad
nisum
pptchpad
bt
vmkbd2
Via4in1
ssoftservice
avc
ASNDIS5
remoteaccess
schedule
seclogon
sens
sharedaccess
srservice
tapisrv
themes
trkwks
w32time
wzcsvc
wmi
wmdmpmsp
winmgmt
wscsvc
xmlprov
bits
wuauserv
shellhwdetection
helpsvc
wmdmpmsn
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-21 23:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\02\0421n"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2012-05-22 00:06:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 04:06
.
Pre-Run: 754,229,248 bytes free
Post-Run: 3,218,628,608 bytes free
.
- - End Of File - - AD18FEDF9F9F16A1ADFD0B4AEDB994E1

[Nedklaw]

Hi.


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder:: 
c:\windows\$NtUninstallKB61707$
 
Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"="dword:00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"="dword:00000000"
 
FCopy::
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys

Save this as CFScript.txt, in the same location as ComboFix.exe.




Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer 3 options.
  
• Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 3

Please run Farbar Service Scanner.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Things I want to see in your next reply

• ComboFix.txt
• TDSSKiller.[Version]_[Date]_[Time]_log.txt
• FSS.txt

[arkman]

ComboFix 12-05-28.05 - Computer 05/29/2012 0:14.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.745 [GMT -4:00]
Running from: c:\documents and settings\Computer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Computer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-20 06:06 . 2012-05-20 06:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-07-22 01:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 03:41 . 2012-04-10 03:41 711240 ----a-w- c:\windows\is-7UA4F.exe
2012-04-04 19:56 . 2011-11-01 03:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-07-22 01:31 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-07-22 01:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-07-22 01:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-07-22 01:31 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-07-22 01:31 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-07-22 01:31 385024 ----a-w- c:\windows\system32\html.iec
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Computer\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"="dword:00000000"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"="dword:00000000"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2011 11:52 PM 654408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2011 11:51 PM 22344]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/20/2012 2:06 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys --> c:\windows\system32\DRIVERS\SonyPI.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
audiosrv
browser
cryptsvc
dmserver
dhcp
ersvc
eventsystem
fastuserswitchingcompatibility
ias
iprip
irmon
lanmanserver
lanmanworkstation
messenger
netman
nla
ntmssvc
nwcworkstation
nwsapagent
rasauto
rasman
rismxdp
SQLAgent$LG_LP2
ma_cmidi_installerservice
61883
profos
aic116x
rasirda
ar5211
msmframework
cpqdfw
s117mgmt
SimpTcp
EUSBMSD
Cardex
LKbdFlt2
vproeventmonitor
btwaudio
stunnel
pdlnshay
SbieDrv
W2acehid
EIO_XP
revudfservice
ELmon
se58bus
irda
avidsdmservice
ntcharge
advantage
avipbb
Si3132
SE27mdfl
se44nd5
pxfhmdfl
admjoy
cxlpt
DcFpoint
arrayssl_vpn_service3,0,1,9
asapiw2k
ASDR
netmdsb
lsdiorw
db2jds
NICSer_WPC300N
rdpdr
FirePM
zumbus
tfsncofs
hcwPP2
unrealircd
elockservice
rtport
ndasscsi
defwatch
MA_CMIDI
epsonbidirectionalservice
alertmanager
marvinbus
cwafadmincontroller
oracledbconsoleorcl
vmnetbridge
pae_1394
DS1410D
MRESP50
lhidusb
susbser
NICSer_WPC54G
ctprxy2k
s7otranx
SED133x
oracleorahome92tnslistener
msi_wlan_service
U2SP
twdns
qbposdbservices
ispwdsvc
ramaint
PSDNServ
T6963C
meraksmtp
SDdriver
sisagp
k750mgmt
cachemanxp
aslm75
bthmodem
dvpapi
MaVctrl
emupia
ntuneservice
MXOFX
mi-raysat_3dsMax2008_32
GoogleDesktopManager-010708-104812
wkscfgsrv
pcx1nd5
ihcservice
nmservice
uisp
filterservice
omsad
nisum
pptchpad
bt
vmkbd2
Via4in1
ssoftservice
avc
ASNDIS5
remoteaccess
schedule
seclogon
sens
sharedaccess
srservice
tapisrv
themes
trkwks
w32time
wzcsvc
wmi
wmdmpmsp
winmgmt
wscsvc
xmlprov
bits
wuauserv
shellhwdetection
helpsvc
wmdmpmsn
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\02\0421n"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\config.dll
.
Completion time: 2012-05-29 00:25:05
ComboFix-quarantined-files.txt 2012-05-29 04:25
ComboFix2.txt 2012-05-22 04:06
.
Pre-Run: 2,594,975,744 bytes free
Post-Run: 2,588,250,112 bytes free
.
- - End Of File - - AE0F2C8CB5A292DD8FE2663036D340AD












00:41:37.0753 3684 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
00:41:37.0987 3684 ============================================================
00:41:37.0987 3684 Current date / time: 2012/05/29 00:41:37.0987
00:41:37.0987 3684 SystemInfo:
00:41:37.0987 3684
00:41:37.0987 3684 OS Version: 5.1.2600 ServicePack: 3.0
00:41:37.0987 3684 Product type: Workstation
00:41:37.0987 3684 ComputerName: Work
00:41:37.0987 3684 UserName: Computer
00:41:37.0987 3684 Windows directory: C:\WINDOWS
00:41:37.0987 3684 System windows directory: C:\WINDOWS
00:41:37.0987 3684 Processor architecture: Intel x86
00:41:37.0987 3684 Number of processors: 2
00:41:37.0987 3684 Page size: 0x1000
00:41:37.0987 3684 Boot type: Normal boot
00:41:37.0987 3684 ============================================================
00:41:39.0096 3684 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:41:39.0096 3684 ============================================================
00:41:39.0096 3684 \Device\Harddisk0\DR0:
00:41:39.0096 3684 MBR partitions:
00:41:39.0096 3684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x890B5B1
00:41:39.0096 3684 ============================================================
00:41:39.0096 3684 C: <-> \Device\Harddisk0\DR0\Partition0
00:41:39.0096 3684 ============================================================
00:41:39.0096 3684 Initialize success
00:41:39.0096 3684 ============================================================
00:41:46.0612 3124 ============================================================
00:41:46.0612 3124 Scan started
00:41:46.0612 3124 Mode: Manual; SigCheck; TDLFS;
00:41:46.0612 3124 ============================================================
00:41:46.0862 3124 61883 - ok
00:41:46.0878 3124 Abiosdsk - ok
00:41:46.0878 3124 abp480n5 - ok
00:41:46.0924 3124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:41:47.0378 3124 ACPI - ok
00:41:47.0409 3124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:41:47.0596 3124 ACPIEC - ok
00:41:47.0612 3124 admjoy - ok
00:41:47.0674 3124 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
00:41:47.0690 3124 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
00:41:47.0690 3124 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
00:41:47.0690 3124 adpu160m - ok
00:41:47.0706 3124 advantage - ok
00:41:47.0753 3124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:41:47.0940 3124 aec - ok
00:41:48.0049 3124 AegisP - ok
00:41:48.0143 3124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:41:48.0190 3124 AFD - ok
00:41:48.0206 3124 Aha154x - ok
00:41:48.0206 3124 aic116x - ok
00:41:48.0221 3124 aic78u2 - ok
00:41:48.0221 3124 aic78xx - ok
00:41:48.0253 3124 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:41:48.0424 3124 Alerter - ok
00:41:48.0440 3124 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:41:48.0643 3124 ALG - ok
00:41:48.0643 3124 AliIde - ok
00:41:48.0659 3124 amsint - ok
00:41:48.0706 3124 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
00:41:48.0737 3124 ApfiltrService - ok
00:41:48.0753 3124 ar5211 - ok
00:41:48.0784 3124 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:41:48.0971 3124 Arp1394 - ok
00:41:48.0971 3124 arrayssl_vpn_service3,0,1,9 - ok
00:41:48.0987 3124 asapiw2k - ok
00:41:48.0987 3124 asc - ok
00:41:49.0003 3124 asc3350p - ok
00:41:49.0003 3124 asc3550 - ok
00:41:49.0018 3124 ASDR - ok
00:41:49.0018 3124 aslm75 - ok
00:41:49.0034 3124 ASNDIS5 - ok
00:41:49.0128 3124 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:41:49.0159 3124 aspnet_state - ok
00:41:49.0174 3124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:41:49.0362 3124 AsyncMac - ok
00:41:49.0393 3124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:41:49.0581 3124 atapi - ok
00:41:49.0596 3124 Atdisk - ok
00:41:49.0596 3124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:41:49.0784 3124 Atmarpc - ok
00:41:49.0815 3124 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:41:50.0003 3124 AudioSrv - ok
00:41:50.0034 3124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:41:50.0221 3124 audstub - ok
00:41:50.0237 3124 avc - ok
00:41:50.0237 3124 avidsdmservice - ok
00:41:50.0253 3124 avipbb - ok
00:41:50.0284 3124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:41:50.0471 3124 Beep - ok
00:41:50.0518 3124 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:41:50.0737 3124 BITS - ok
00:41:50.0784 3124 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:41:50.0956 3124 Browser - ok
00:41:50.0956 3124 bt - ok
00:41:50.0971 3124 bthmodem - ok
00:41:50.0971 3124 btwaudio - ok
00:41:50.0987 3124 cachemanxp - ok
00:41:50.0987 3124 Cardex - ok
00:41:51.0096 3124 catchme - ok
00:41:51.0128 3124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:41:51.0315 3124 cbidf2k - ok
00:41:51.0346 3124 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:41:51.0534 3124 CCDECODE - ok
00:41:51.0534 3124 cd20xrnt - ok
00:41:51.0565 3124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:41:51.0768 3124 Cdaudio - ok
00:41:51.0784 3124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:41:51.0971 3124 Cdfs - ok
00:41:52.0003 3124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:41:52.0206 3124 Cdrom - ok
00:41:52.0206 3124 Changer - ok
00:41:52.0253 3124 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:41:52.0424 3124 CiSvc - ok
00:41:52.0440 3124 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:41:52.0643 3124 ClipSrv - ok
00:41:52.0690 3124 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:41:52.0706 3124 clr_optimization_v2.0.50727_32 - ok
00:41:52.0737 3124 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:41:52.0940 3124 CmBatt - ok
00:41:52.0956 3124 CmdIde - ok
00:41:52.0971 3124 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:41:53.0143 3124 Compbatt - ok
00:41:53.0143 3124 COMSysApp - ok
00:41:53.0159 3124 Cpqarray - ok
00:41:53.0174 3124 cpqdfw - ok
00:41:53.0253 3124 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:41:53.0456 3124 CryptSvc - ok
00:41:53.0471 3124 ctprxy2k - ok
00:41:53.0471 3124 cxlpt - ok
00:41:53.0487 3124 dac2w2k - ok
00:41:53.0503 3124 dac960nt - ok
00:41:53.0503 3124 db2jds - ok
00:41:53.0518 3124 DcFpoint - ok
00:41:53.0581 3124 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:41:53.0643 3124 DcomLaunch - ok
00:41:53.0690 3124 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:41:53.0893 3124 Dhcp - ok
00:41:53.0909 3124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:41:54.0096 3124 Disk - ok
00:41:54.0112 3124 dmadmin - ok
00:41:54.0159 3124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:41:54.0378 3124 dmboot - ok
00:41:54.0393 3124 DMICall - ok
00:41:54.0424 3124 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:41:54.0612 3124 dmio - ok
00:41:54.0643 3124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:41:54.0846 3124 dmload - ok
00:41:54.0878 3124 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:41:55.0065 3124 dmserver - ok
00:41:55.0096 3124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:41:55.0284 3124 DMusic - ok
00:41:55.0315 3124 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:41:55.0362 3124 Dnscache - ok
00:41:55.0409 3124 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:41:55.0596 3124 Dot3svc - ok
00:41:55.0596 3124 dpti2o - ok
00:41:55.0643 3124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:41:55.0815 3124 drmkaud - ok
00:41:55.0815 3124 dvpapi - ok
00:41:55.0846 3124 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:41:56.0049 3124 EapHost - ok
00:41:56.0049 3124 EIO_XP - ok
00:41:56.0065 3124 ELmon - ok
00:41:56.0065 3124 emupia - ok
00:41:56.0096 3124 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:41:56.0299 3124 ERSvc - ok
00:41:56.0315 3124 EUSBMSD - ok
00:41:56.0346 3124 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:41:56.0378 3124 Eventlog - ok
00:41:56.0424 3124 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:41:56.0456 3124 EventSystem - ok
00:41:56.0549 3124 EvtEng (a346e25e3acb4aef81bfd49bf82112c9) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:41:56.0581 3124 EvtEng ( UnsignedFile.Multi.Generic ) - warning
00:41:56.0581 3124 EvtEng - detected UnsignedFile.Multi.Generic (1)
00:41:56.0612 3124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:41:56.0815 3124 Fastfat - ok
00:41:56.0846 3124 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:41:56.0893 3124 FastUserSwitchingCompatibility - ok
00:41:56.0909 3124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:41:57.0128 3124 Fdc - ok
00:41:57.0190 3124 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
00:41:57.0206 3124 FdRedir ( UnsignedFile.Multi.Generic ) - warning
00:41:57.0206 3124 FdRedir - detected UnsignedFile.Multi.Generic (1)
00:41:57.0221 3124 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
00:41:57.0237 3124 FileDisk2 ( UnsignedFile.Multi.Generic ) - warning
00:41:57.0237 3124 FileDisk2 - detected UnsignedFile.Multi.Generic (1)
00:41:57.0237 3124 filterservice - ok
00:41:57.0253 3124 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:41:57.0456 3124 Fips - ok
00:41:57.0487 3124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:41:57.0674 3124 Flpydisk - ok
00:41:57.0737 3124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:41:57.0909 3124 FltMgr - ok
00:41:58.0018 3124 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:41:58.0034 3124 FontCache3.0.0.0 - ok
00:41:58.0065 3124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:41:58.0268 3124 Fs_Rec - ok
00:41:58.0284 3124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:41:58.0471 3124 Ftdisk - ok
00:41:58.0518 3124 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
00:41:58.0534 3124 GEARAspiWDM - ok
00:41:58.0534 3124 GoogleDesktopManager-010708-104812 - ok
00:41:58.0565 3124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:41:58.0768 3124 Gpc - ok
00:41:58.0831 3124 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:41:58.0846 3124 gupdate - ok
00:41:58.0893 3124 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:41:59.0065 3124 HDAudBus - ok
00:41:59.0143 3124 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:41:59.0331 3124 helpsvc - ok
00:41:59.0378 3124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:41:59.0549 3124 HidUsb - ok
00:41:59.0581 3124 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:41:59.0753 3124 hkmsvc - ok
00:41:59.0768 3124 hpn - ok
00:41:59.0784 3124 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:41:59.0831 3124 HPZid412 - ok
00:41:59.0831 3124 HPZipr12 - ok
00:41:59.0846 3124 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:41:59.0893 3124 HPZius12 - ok
00:41:59.0940 3124 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:41:59.0971 3124 HSFHWAZL - ok
00:42:00.0034 3124 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:42:00.0081 3124 HSF_DPV - ok
00:42:00.0174 3124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:42:00.0206 3124 HTTP - ok
00:42:00.0237 3124 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:42:00.0409 3124 HTTPFilter - ok
00:42:00.0424 3124 i2omgmt - ok
00:42:00.0424 3124 i2omp - ok
00:42:00.0456 3124 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:42:00.0643 3124 i8042prt - ok
00:42:00.0643 3124 ialm - ok
00:42:00.0753 3124 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:42:00.0768 3124 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:42:00.0768 3124 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:42:00.0924 3124 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:42:00.0987 3124 idsvc - ok
00:42:01.0034 3124 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
00:42:01.0065 3124 IFXTPM - ok
00:42:01.0081 3124 ihcservice - ok
00:42:01.0174 3124 Image Converter video recording monitor for VAIO Entertainment (a16dedf58c40d8236578f0fbb520ea6d) C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
00:42:01.0174 3124 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
00:42:01.0174 3124 Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
00:42:01.0206 3124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:42:01.0393 3124 Imapi - ok
00:42:01.0440 3124 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:42:01.0643 3124 ImapiService - ok
00:42:01.0659 3124 ini910u - ok
00:42:01.0674 3124 IntelIde - ok
00:42:01.0721 3124 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:42:01.0893 3124 intelppm - ok
00:42:01.0909 3124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:42:02.0081 3124 Ip6Fw - ok
00:42:02.0096 3124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:42:02.0268 3124 IpFilterDriver - ok
00:42:02.0299 3124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:42:02.0487 3124 IpInIp - ok
00:42:02.0518 3124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:42:02.0706 3124 IpNat - ok
00:42:02.0721 3124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:42:02.0893 3124 IPSec - ok
00:42:02.0909 3124 irda - ok
00:42:02.0909 3124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:42:03.0096 3124 IRENUM - ok
00:42:03.0128 3124 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:42:03.0315 3124 isapnp - ok
00:42:03.0315 3124 ispwdsvc - ok
00:42:03.0331 3124 k750mgmt - ok
00:42:03.0346 3124 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:42:03.0534 3124 Kbdclass - ok
00:42:03.0565 3124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:42:03.0753 3124 kmixer - ok
00:42:03.0784 3124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:42:03.0831 3124 KSecDD - ok
00:42:03.0878 3124 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:42:03.0893 3124 lanmanserver - ok
00:42:03.0924 3124 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:42:03.0956 3124 lanmanworkstation - ok
00:42:03.0956 3124 lbrtfdc - ok
00:42:03.0971 3124 lhidusb - ok
00:42:03.0971 3124 LKbdFlt2 - ok
00:42:04.0003 3124 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:42:04.0206 3124 LmHosts - ok
00:42:04.0221 3124 lsdiorw - ok
00:42:04.0221 3124 MaVctrl - ok
00:42:04.0237 3124 ma_cmidi_installerservice - ok
00:42:04.0284 3124 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
00:42:04.0362 3124 MBAMProtector - ok
00:42:04.0487 3124 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:42:04.0534 3124 MBAMService - ok
00:42:04.0549 3124 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:42:04.0581 3124 MBAMSwissArmy - ok
00:42:04.0628 3124 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
00:42:04.0659 3124 McComponentHostService - ok
00:42:04.0690 3124 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:42:04.0721 3124 mdmxsdk - ok
00:42:04.0721 3124 meraksmtp - ok
00:42:04.0753 3124 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:42:04.0940 3124 Messenger - ok
00:42:04.0940 3124 mi-raysat_3dsMax2008_32 - ok
00:42:04.0971 3124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:42:05.0159 3124 mnmdd - ok
00:42:05.0190 3124 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:42:05.0378 3124 mnmsrvc - ok
00:42:05.0409 3124 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:42:05.0581 3124 Modem - ok
00:42:05.0612 3124 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
00:42:05.0659 3124 motccgp - ok
00:42:05.0690 3124 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
00:42:05.0721 3124 motccgpfl - ok
00:42:05.0768 3124 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
00:42:05.0815 3124 motmodem - ok
00:42:05.0831 3124 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:42:06.0018 3124 Mouclass - ok
00:42:06.0065 3124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:42:06.0237 3124 mouhid - ok
00:42:06.0268 3124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:42:06.0456 3124 MountMgr - ok
00:42:06.0565 3124 MpKsl09776da1 - ok
00:42:06.0581 3124 MpKsl20977336 - ok
00:42:06.0596 3124 MpKsl281305a0 - ok
00:42:06.0596 3124 MpKsl36782a5c - ok
00:42:06.0612 3124 MpKsl3aa3c35d - ok
00:42:06.0612 3124 MpKsl3e6442b9 - ok
00:42:06.0628 3124 MpKsl87b1fb46 - ok
00:42:06.0628 3124 MpKsl89c4b4a0 - ok
00:42:06.0643 3124 MpKsl8e1bda59 - ok
00:42:06.0643 3124 MpKsla4e06307 - ok
00:42:06.0659 3124 MpKslc5497097 - ok
00:42:06.0659 3124 MpKslc7db95b3 - ok
00:42:06.0674 3124 MpKslcfc00972 - ok
00:42:06.0674 3124 MpKsld903df8a - ok
00:42:06.0690 3124 mraid35x - ok
00:42:06.0721 3124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:42:06.0909 3124 MRxDAV - ok
00:42:06.0971 3124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:42:07.0034 3124 MRxSmb - ok
00:42:07.0174 3124 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
00:42:07.0190 3124 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
00:42:07.0190 3124 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
00:42:07.0206 3124 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:42:07.0393 3124 MSDTC - ok
00:42:07.0424 3124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:42:07.0596 3124 Msfs - ok
00:42:07.0612 3124 MSIServer - ok
00:42:07.0612 3124 msi_wlan_service - ok
00:42:07.0643 3124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:42:07.0815 3124 MSKSSRV - ok
00:42:07.0815 3124 msmframework - ok
00:42:07.0831 3124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:42:08.0018 3124 MSPCLOCK - ok
00:42:08.0034 3124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:42:08.0221 3124 MSPQM - ok
00:42:08.0237 3124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:42:08.0409 3124 mssmbios - ok
00:42:08.0424 3124 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:42:08.0596 3124 MSTEE - ok
00:42:08.0628 3124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:42:08.0659 3124 Mup - ok
00:42:08.0706 3124 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys
00:42:08.0737 3124 Mvc25U870_VID_1262&PID_25FD - ok
00:42:08.0737 3124 MXOFX - ok
00:42:08.0753 3124 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:42:08.0924 3124 NABTSFEC - ok
00:42:08.0987 3124 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:42:09.0159 3124 napagent - ok
00:42:09.0221 3124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:42:09.0393 3124 NDIS - ok
00:42:09.0424 3124 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:42:09.0596 3124 NdisIP - ok
00:42:09.0628 3124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:42:09.0659 3124 NdisTapi - ok
00:42:09.0690 3124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:42:09.0862 3124 Ndisuio - ok
00:42:09.0893 3124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:42:10.0049 3124 NdisWan - ok
00:42:10.0096 3124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:42:10.0128 3124 NDProxy - ok
00:42:10.0159 3124 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\WINDOWS\system32\HPZinw12.dll
00:42:10.0174 3124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:42:10.0174 3124 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:42:10.0190 3124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:42:10.0362 3124 NetBIOS - ok
00:42:10.0378 3124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:42:10.0581 3124 NetBT - ok
00:42:10.0612 3124 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:42:10.0784 3124 NetDDE - ok
00:42:10.0784 3124 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:42:10.0971 3124 NetDDEdsdm - ok
00:42:11.0003 3124 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:42:11.0190 3124 Netlogon - ok
00:42:11.0221 3124 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:42:11.0409 3124 Netman - ok
00:42:11.0409 3124 netmdsb - ok
00:42:11.0518 3124 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:42:11.0549 3124 NetTcpPortSharing - ok
00:42:11.0581 3124 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:42:11.0753 3124 NIC1394 - ok
00:42:11.0768 3124 NICSer_WPC54G - ok
00:42:11.0768 3124 nisum - ok
00:42:11.0815 3124 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:42:11.0846 3124 Nla - ok
00:42:11.0846 3124 nmservice - ok
00:42:11.0878 3124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:42:12.0081 3124 Npfs - ok
00:42:12.0081 3124 ntcharge - ok
00:42:12.0128 3124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:42:12.0315 3124 Ntfs - ok
00:42:12.0331 3124 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:42:12.0503 3124 NtLmSsp - ok
00:42:12.0565 3124 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:42:12.0737 3124 NtmsSvc - ok
00:42:12.0753 3124 ntuneservice - ok
00:42:12.0784 3124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:42:12.0956 3124 Null - ok
00:42:13.0174 3124 nv (6866504ee1570ef783309abfb56f87e5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:42:13.0362 3124 nv - ok
00:42:13.0503 3124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:42:13.0674 3124 NwlnkFlt - ok
00:42:13.0690 3124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:42:13.0878 3124 NwlnkFwd - ok
00:42:13.0924 3124 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:42:14.0096 3124 ohci1394 - ok
00:42:14.0112 3124 omsad - ok
00:42:14.0112 3124 oracleorahome92tnslistener - ok
00:42:14.0174 3124 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:42:14.0190 3124 ose - ok
00:42:14.0284 3124 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
00:42:14.0315 3124 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
00:42:14.0315 3124 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
00:42:14.0331 3124 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:42:14.0518 3124 Parport - ok
00:42:14.0534 3124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:42:14.0721 3124 PartMgr - ok
00:42:14.0753 3124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:42:14.0924 3124 ParVdm - ok
00:42:14.0971 3124 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:42:15.0143 3124 PCI - ok
00:42:15.0159 3124 PCIDump - ok
00:42:15.0190 3124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:42:15.0378 3124 PCIIde - ok
00:42:15.0393 3124 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:42:15.0565 3124 Pcmcia - ok
00:42:15.0581 3124 pcx1nd5 - ok
00:42:15.0581 3124 PDCOMP - ok
00:42:15.0596 3124 PDFRAME - ok
00:42:15.0596 3124 pdlnshay - ok
00:42:15.0612 3124 PDRELI - ok
00:42:15.0612 3124 PDRFRAME - ok
00:42:15.0628 3124 perc2 - ok
00:42:15.0628 3124 perc2hib - ok
00:42:15.0690 3124 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:42:15.0706 3124 PlugPlay - ok
00:42:15.0737 3124 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\WINDOWS\system32\HPZipm12.dll
00:42:15.0737 3124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:42:15.0737 3124 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:42:15.0768 3124 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:42:15.0940 3124 PolicyAgent - ok
00:42:15.0956 3124 pptchpad - ok
00:42:15.0987 3124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:42:16.0174 3124 PptpMiniport - ok
00:42:16.0174 3124 profos - ok
00:42:16.0190 3124 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:42:16.0346 3124 ProtectedStorage - ok
00:42:16.0362 3124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:42:16.0534 3124 PSched - ok
00:42:16.0534 3124 PSDNServ - ok
00:42:16.0565 3124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:42:16.0753 3124 Ptilink - ok
00:42:16.0753 3124 pxfhmdfl - ok
00:42:16.0799 3124 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:42:16.0815 3124 PxHelp20 - ok
00:42:16.0815 3124 qbposdbservices - ok
00:42:16.0831 3124 ql1080 - ok
00:42:16.0831 3124 Ql10wnt - ok
00:42:16.0846 3124 ql12160 - ok
00:42:16.0846 3124 ql1240 - ok
00:42:16.0862 3124 ql1280 - ok
00:42:16.0878 3124 ramaint - ok
00:42:16.0909 3124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:42:17.0081 3124 RasAcd - ok
00:42:17.0128 3124 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:42:17.0315 3124 RasAuto - ok
00:42:17.0331 3124 rasirda - ok
00:42:17.0362 3124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:42:17.0518 3124 Rasl2tp - ok
00:42:17.0565 3124 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:42:17.0737 3124 RasMan - ok
00:42:17.0753 3124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:42:17.0924 3124 RasPppoe - ok
00:42:17.0971 3124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:42:18.0143 3124 Raspti - ok
00:42:18.0174 3124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:42:18.0346 3124 Rdbss - ok
00:42:18.0362 3124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:42:18.0534 3124 RDPCDD - ok
00:42:18.0549 3124 rdpdr - ok
00:42:18.0581 3124 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:42:18.0628 3124 RDPWD - ok
00:42:18.0674 3124 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:42:18.0862 3124 RDSessMgr - ok
00:42:18.0893 3124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:42:19.0081 3124 redbook - ok
00:42:19.0190 3124 RegSrvc (d9b85d3e8f7347166a64915aebcf6ac5) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:42:19.0190 3124 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
00:42:19.0190 3124 RegSrvc - detected UnsignedFile.Multi.Generic (1)
00:42:19.0221 3124 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:42:19.0393 3124 RemoteAccess - ok
00:42:19.0409 3124 revudfservice - ok
00:42:19.0440 3124 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:42:19.0471 3124 RimVSerPort - ok
00:42:19.0471 3124 rismxdp - ok
00:42:19.0518 3124 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:42:19.0706 3124 ROOTMODEM - ok
00:42:19.0737 3124 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:42:19.0909 3124 RpcLocator - ok
00:42:19.0956 3124 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:42:19.0987 3124 RpcSs - ok
00:42:20.0034 3124 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:42:20.0206 3124 RSVP - ok
00:42:20.0268 3124 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\RMClock\RTCore32.sys
00:42:20.0299 3124 RTCore32 ( UnsignedFile.Multi.Generic ) - warning
00:42:20.0299 3124 RTCore32 - detected UnsignedFile.Multi.Generic (1)
00:42:20.0299 3124 s117mgmt - ok
00:42:20.0346 3124 S24EventMonitor (a30c30d53671468ba727326b4fabcc46) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
00:42:20.0362 3124 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
00:42:20.0362 3124 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
00:42:20.0424 3124 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:42:20.0440 3124 s24trans ( UnsignedFile.Multi.Generic ) - warning
00:42:20.0440 3124 s24trans - detected UnsignedFile.Multi.Generic (1)
00:42:20.0456 3124 s7otranx - ok
00:42:20.0487 3124 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:42:20.0659 3124 SamSs - ok
00:42:20.0706 3124 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:42:20.0721 3124 SASDIFSV - ok
00:42:20.0753 3124 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
00:42:20.0768 3124 SASENUM - ok
00:42:20.0815 3124 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
00:42:20.0831 3124 SASKUTIL - ok
00:42:20.0831 3124 SbieDrv - ok
00:42:20.0862 3124 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:42:21.0049 3124 SCardSvr - ok
00:42:21.0096 3124 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:42:21.0268 3124 Schedule - ok
00:42:21.0284 3124 SDdriver - ok
00:42:21.0284 3124 SE27mdfl - ok
00:42:21.0299 3124 se44nd5 - ok
00:42:21.0315 3124 se58bus - ok
00:42:21.0346 3124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:42:21.0534 3124 Secdrv - ok
00:42:21.0565 3124 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:42:21.0737 3124 seclogon - ok
00:42:21.0737 3124 SED133x - ok
00:42:21.0768 3124 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:42:21.0940 3124 SENS - ok
00:42:21.0971 3124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:42:22.0159 3124 Serial - ok
00:42:22.0190 3124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:42:22.0378 3124 Sfloppy - ok
00:42:22.0424 3124 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:42:22.0596 3124 SharedAccess - ok
00:42:22.0628 3124 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:42:22.0643 3124 ShellHWDetection - ok
00:42:22.0674 3124 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
00:42:22.0674 3124 shpf ( UnsignedFile.Multi.Generic ) - warning
00:42:22.0674 3124 shpf - detected UnsignedFile.Multi.Generic (1)
00:42:22.0690 3124 Si3132 - ok
00:42:22.0690 3124 Simbad - ok
00:42:22.0706 3124 SimpTcp - ok
00:42:22.0706 3124 sisagp - ok
00:42:22.0737 3124 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:42:22.0924 3124 SLIP - ok
00:42:22.0924 3124 SNC - ok
00:42:22.0971 3124 SndTAudio (3e44ac015742401a685a4cf5d98ebd3e) C:\WINDOWS\system32\drivers\SndTAudio.sys
00:42:22.0971 3124 SndTAudio ( UnsignedFile.Multi.Generic ) - warning
00:42:22.0971 3124 SndTAudio - detected UnsignedFile.Multi.Generic (1)
00:42:23.0003 3124 SndTVideo (f719ed6223b50e2d115821572339f0b8) C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
00:42:23.0034 3124 SndTVideo ( UnsignedFile.Multi.Generic ) - warning
00:42:23.0034 3124 SndTVideo - detected UnsignedFile.Multi.Generic (1)
00:42:23.0065 3124 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
00:42:23.0096 3124 SonyImgF ( UnsignedFile.Multi.Generic ) - warning
00:42:23.0096 3124 SonyImgF - detected UnsignedFile.Multi.Generic (1)
00:42:23.0143 3124 SoundMovieServer (bbe1769feccf844c4acfd86929b61f6e) C:\WINDOWS\system32\snmvtsvc.exe
00:42:23.0143 3124 SoundMovieServer ( UnsignedFile.Multi.Generic ) - warning
00:42:23.0143 3124 SoundMovieServer - detected UnsignedFile.Multi.Generic (1)
00:42:23.0159 3124 Sparrow - ok
00:42:23.0159 3124 SPI - ok
00:42:23.0206 3124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:42:23.0393 3124 splitter - ok
00:42:23.0440 3124 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:42:23.0471 3124 Spooler - ok
00:42:23.0534 3124 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
00:42:23.0534 3124 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
00:42:23.0534 3124 sptd ( LockedFile.Multi.Generic ) - warning
00:42:23.0534 3124 sptd - detected LockedFile.Multi.Generic (1)
00:42:23.0674 3124 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
00:42:23.0706 3124 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
00:42:23.0706 3124 SPTISRV - detected UnsignedFile.Multi.Generic (1)
00:42:23.0706 3124 SQLAgent$LG_LP2 - ok
00:42:23.0721 3124 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:42:23.0893 3124 sr - ok
00:42:23.0940 3124 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:42:24.0112 3124 srservice - ok
00:42:24.0159 3124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:42:24.0206 3124 Srv - ok
00:42:24.0221 3124 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:42:24.0409 3124 SSDPSRV - ok
00:42:24.0409 3124 ssoftservice - ok
00:42:24.0424 3124 STHDA - ok
00:42:24.0471 3124 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:42:24.0674 3124 stisvc - ok
00:42:24.0706 3124 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:42:24.0893 3124 streamip - ok
00:42:24.0893 3124 stunnel - ok
00:42:24.0909 3124 susbser - ok
00:42:24.0924 3124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:42:25.0112 3124 swenum - ok
00:42:25.0128 3124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:42:25.0315 3124 swmidi - ok
00:42:25.0315 3124 SwPrv - ok
00:42:25.0331 3124 symc810 - ok
00:42:25.0346 3124 symc8xx - ok
00:42:25.0362 3124 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
00:42:25.0393 3124 symlcbrd - ok
00:42:25.0393 3124 sym_hi - ok
00:42:25.0393 3124 sym_u3 - ok
00:42:25.0424 3124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:42:25.0596 3124 sysaudio - ok
00:42:25.0628 3124 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:42:25.0815 3124 SysmonLog - ok
00:42:25.0815 3124 T6963C - ok
00:42:25.0846 3124 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:42:26.0034 3124 TapiSrv - ok
00:42:26.0065 3124 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
00:42:26.0081 3124 tbhsd - ok
00:42:26.0128 3124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:42:26.0174 3124 Tcpip - ok
00:42:26.0221 3124 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
00:42:26.0253 3124 TcUsb - ok
00:42:26.0284 3124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:42:26.0456 3124 TDPIPE - ok
00:42:26.0487 3124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:42:26.0674 3124 TDTCP - ok
00:42:26.0690 3124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:42:26.0878 3124 TermDD - ok
00:42:26.0940 3124 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:42:27.0128 3124 TermService - ok
00:42:27.0159 3124 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:42:27.0190 3124 Themes - ok
00:42:27.0253 3124 ti21sony (3106074a87bd5a16e2a3af6902bb6d91) C:\WINDOWS\system32\drivers\ti21sony.sys
00:42:27.0331 3124 ti21sony - ok
00:42:27.0378 3124 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
00:42:27.0378 3124 toshidpt ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0378 3124 toshidpt - detected UnsignedFile.Multi.Generic (1)
00:42:27.0393 3124 TosIde - ok
00:42:27.0440 3124 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
00:42:27.0456 3124 tosporte ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0471 3124 tosporte - detected UnsignedFile.Multi.Generic (1)
00:42:27.0503 3124 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
00:42:27.0518 3124 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0518 3124 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
00:42:27.0534 3124 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
00:42:27.0549 3124 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0549 3124 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
00:42:27.0565 3124 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
00:42:27.0565 3124 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0565 3124 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
00:42:27.0581 3124 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
00:42:27.0596 3124 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0596 3124 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
00:42:27.0612 3124 tosrfnds - ok
00:42:27.0643 3124 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
00:42:27.0659 3124 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0659 3124 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
00:42:27.0690 3124 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
00:42:27.0706 3124 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
00:42:27.0706 3124 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
00:42:27.0753 3124 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:42:27.0924 3124 TrkWks - ok
00:42:27.0940 3124 twdns - ok
00:42:27.0956 3124 U2SP - ok
00:42:27.0987 3124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:42:28.0143 3124 Udfs - ok
00:42:28.0159 3124 uisp - ok
00:42:28.0159 3124 ultra - ok
00:42:28.0221 3124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:42:28.0440 3124 Update - ok
00:42:28.0471 3124 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:42:28.0659 3124 upnphost - ok
00:42:28.0690 3124 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:42:28.0862 3124 UPS - ok
00:42:28.0862 3124 USBAAPL - ok
00:42:28.0909 3124 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:42:29.0081 3124 usbaudio - ok
00:42:29.0112 3124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:42:29.0284 3124 usbccgp - ok
00:42:29.0315 3124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:42:29.0487 3124 usbehci - ok
00:42:29.0518 3124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:42:29.0706 3124 usbhub - ok
00:42:29.0721 3124 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:42:29.0909 3124 usbprint - ok
00:42:29.0940 3124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:42:30.0112 3124 usbscan - ok
00:42:30.0128 3124 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:42:30.0315 3124 usbstor - ok
00:42:30.0331 3124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:42:30.0518 3124 usbuhci - ok
00:42:30.0628 3124 VAIO Event Service (1d5425783d92f34c63075fa0c4e2c3d5) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
00:42:30.0643 3124 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
00:42:30.0643 3124 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
00:42:30.0784 3124 VAIOMediaPlatform-IntegratedServer-AppServer (3f8c67061b6c0795068bb2bb252fa374) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
00:42:30.0940 3124 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
00:42:30.0940 3124 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
00:42:31.0018 3124 VAIOMediaPlatform-IntegratedServer-HTTP (ded309af31cb6ebe06d72cc1a10d5566) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:42:31.0034 3124 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
00:42:31.0034 3124 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
00:42:31.0096 3124 VAIOMediaPlatform-IntegratedServer-UPnP (a530cd1825c86e4ef32518b5e192bf09) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:42:31.0112 3124 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
00:42:31.0112 3124 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
00:42:31.0253 3124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:42:31.0440 3124 VgaSave - ok
00:42:31.0440 3124 Via4in1 - ok
00:42:31.0456 3124 ViaIde - ok
00:42:31.0456 3124 vmkbd2 - ok
00:42:31.0471 3124 vmnetbridge - ok
00:42:31.0503 3124 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:42:31.0690 3124 VolSnap - ok
00:42:31.0690 3124 vproeventmonitor - ok
00:42:31.0753 3124 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:42:31.0924 3124 VSS - ok
00:42:31.0940 3124 W2acehid - ok
00:42:31.0971 3124 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:42:32.0159 3124 W32Time - ok
00:42:32.0268 3124 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
00:42:32.0331 3124 w39n51 - ok
00:42:32.0487 3124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:42:32.0659 3124 Wanarp - ok
00:42:32.0721 3124 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:42:32.0753 3124 Wdf01000 - ok
00:42:32.0753 3124 WDICA - ok
00:42:32.0784 3124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:42:32.0971 3124 wdmaud - ok
00:42:33.0003 3124 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:42:33.0190 3124 WebClient - ok
00:42:33.0268 3124 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:42:33.0331 3124 winachsf - ok
00:42:33.0393 3124 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:42:33.0565 3124 winmgmt - ok
00:42:33.0581 3124 wkscfgsrv - ok
00:42:33.0612 3124 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:42:33.0659 3124 WmdmPmSN - ok
00:42:33.0690 3124 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:42:33.0878 3124 WmiApSrv - ok
00:42:34.0018 3124 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:42:34.0112 3124 WMPNetworkSvc - ok
00:42:34.0159 3124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:42:34.0346 3124 WS2IFSL - ok
00:42:34.0393 3124 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:42:34.0565 3124 wscsvc - ok
00:42:34.0596 3124 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:42:34.0768 3124 WSTCODEC - ok
00:42:34.0799 3124 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:42:34.0971 3124 wuauserv - ok
00:42:35.0018 3124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:42:35.0049 3124 WudfPf - ok
00:42:35.0096 3124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:42:35.0112 3124 WudfRd - ok
00:42:35.0128 3124 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:42:35.0159 3124 WudfSvc - ok
00:42:35.0206 3124 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:42:35.0424 3124 WZCSVC - ok
00:42:35.0487 3124 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:42:35.0643 3124 xmlprov - ok
00:42:35.0706 3124 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
00:42:35.0721 3124 yukonwxp - ok
00:42:35.0768 3124 MBR (0x1B8) (d1c93f13a2f67a018e30276e471b64a4) \Device\Harddisk0\DR0
00:42:36.0331 3124 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:42:36.0331 3124 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:42:36.0346 3124 Boot (0x1200) (64dd6ee02f6ec22eb7ebe819e8be0612) \Device\Harddisk0\DR0\Partition0
00:42:36.0346 3124 \Device\Harddisk0\DR0\Partition0 - ok
00:42:36.0346 3124 ============================================================
00:42:36.0346 3124 Scan finished
00:42:36.0346 3124 ============================================================
00:42:36.0456 1620 Detected object count: 34
00:42:36.0456 1620 Actual detected object count: 34
00:43:08.0206 1620 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 FdRedir ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 FdRedir ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 FileDisk2 ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 FileDisk2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0206 1620 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0206 1620 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0221 1620 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0221 1620 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0237 1620 shpf ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0237 1620 shpf ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0237 1620 SndTAudio ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0237 1620 SndTAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0237 1620 SndTVideo ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0237 1620 SndTVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0237 1620 SonyImgF ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0237 1620 SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0237 1620 SoundMovieServer ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0237 1620 SoundMovieServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0253 1620 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0253 1620 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0268 1620 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0268 1620 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0268 1620 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0268 1620 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0268 1620 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0268 1620 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0268 1620 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0268 1620 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0284 1620 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0284 1620 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
00:43:08.0284 1620 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:08.0284 1620 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:43:08.0284 1620 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip










Farbar Service Scanner Version: 17-05-2012
Ran by Computer (administrator) on 29-05-2012 at 00:37:58
Running from "C:\Documents and Settings\Computer\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

[Nedklaw]

Hi.
How is everything running on your computer?