Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse Cryptic - Please help! [Solved]


  • This topic is locked This topic is locked

#1
Mara1983

Mara1983

    Member

  • Member
  • PipPip
  • 55 posts
Hello,

I would greatly appreciate somebody's help on this. I have noticed today that when i clicked on certain links, it brought me to some weird different pages, advertising free dowloads and such. So i did an AVG scan and got the following results:
1 infection found
C:\Windows\System32\drivers\smb.sys
Trojan Horse Cyptic.EAY
SDK Type: Core
Result: Healable object that is white-listed (critical/system file that should not be removed)

I ran OTL and these are the results:

OTL logfile created on: 5/23/2012 9:09:15 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Marzena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.77% Memory free
4.22 Gb Paging File | 2.05 Gb Available in Paging File | 48.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.97 Gb Total Space | 142.26 Gb Free Space | 63.23% Space Free | Partition Type: NTFS

Computer Name: MARZENA-PC | User Name: Marzena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/23 21:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
PRC - [2012/05/13 11:22:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/13 11:22:27 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/13 17:40:14 | 004,361,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/05/09 20:33:53 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/12 19:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/10/10 19:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/20 13:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/09/20 13:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/09/19 14:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/08 08:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 08:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 08:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 16:03:05 | 000,683,024 | ---- | M] () -- C:\Users\Marzena\AppData\Local\AOL\Adobe\forsfb.dll
MOD - [2012/05/13 11:22:30 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/13 11:22:27 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/08 21:14:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/08 21:14:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/08 21:12:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/08 21:12:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/19 08:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/13 11:22:28 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/09/29 00:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 15:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 04:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/10 20:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2007/09/19 16:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 20:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {71FF0F51-013D-4E92-A992-5CAB809BDCF9}
IE - HKLM\..\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}: "URL" = http://search.aol.co...onType=sny_ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{46723C7C-7E2A-4FF2-A008-2130EDD8CE9F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}: "URL" = http://search.aol.co...onType=sny_ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-13 11:22:32&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/30 21:56:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 20:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 12:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/13 11:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/13 11:22:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/30 21:56:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/11/29 12:38:19 | 000,288,544 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 9943 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Adobe] C:\Users\Marzena\AppData\Local\AOL\Adobe\forsfb.dll ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fernuni-hagen.de ([ca] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://photoservice...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B9CFD6-0C92-4F3A-973C-EBB7425B69DE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77361748-D6EA-4F04-B395-A9FCD0AE4CAB}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 21:07:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
[2012/05/23 18:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/23 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\Marzena\Desktop\Adobe Photoshop CS6
[2012/05/23 18:09:45 | 000,000,000 | ---D | C] -- C:\Users\Marzena\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/23 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/05/15 12:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/13 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\Marzena\AppData\Local\AVG Secure Search
[2012/05/13 11:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/13 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/13 11:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/13 11:21:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/23 21:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
[2012/05/23 20:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 19:30:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 19:30:12 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 18:09:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/05/23 18:01:11 | 098,931,543 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/23 18:00:19 | 000,137,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/23 13:29:30 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 12:44:07 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/13 22:22:02 | 000,612,786 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/13 22:22:02 | 000,108,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/13 18:55:41 | 000,685,063 | ---- | M] () -- C:\Users\Marzena\Desktop\receipt.jpg
[2012/05/13 10:49:15 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/05/08 21:09:42 | 000,335,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/27 14:14:19 | 000,021,086 | ---- | M] () -- C:\Users\Marzena\Desktop\logo_centered.jpg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 18:35:12 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/05/23 18:33:37 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/05/23 18:31:17 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/05/23 18:31:08 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/05/23 18:09:40 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/05/23 18:09:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/05/13 18:55:40 | 000,685,063 | ---- | C] () -- C:\Users\Marzena\Desktop\receipt.jpg
[2012/05/13 11:22:38 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/27 14:14:19 | 000,021,086 | ---- | C] () -- C:\Users\Marzena\Desktop\logo_centered.jpg

========== LOP Check ==========

[2012/04/14 08:33:21 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\AVG
[2012/04/14 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\AVG2012
[2012/05/23 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/20 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\DVDVideoSoft
[2011/07/20 20:15:20 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/15 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\E-centives
[2011/05/01 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\eMusic
[2010/08/02 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\ICAClient
[2009/01/24 16:31:33 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\LimeWire
[2012/05/23 03:03:57 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB47503$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


Thank you!!!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Mara1983 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks!!

Step 2, TDSSKiller report: (cure as not vailable, ll results ere suspicious, not malicious, therfore skip as selected)

11:05:47.0531 1212 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:05:47.0821 1212 ============================================================
11:05:47.0821 1212 Current date / time: 2012/05/24 11:05:47.0821
11:05:47.0821 1212 SystemInfo:
11:05:47.0821 1212
11:05:47.0821 1212 OS Version: 6.0.6002 ServicePack: 2.0
11:05:47.0821 1212 Product type: Workstation
11:05:47.0821 1212 ComputerName: MARZENA-PC
11:05:47.0821 1212 UserName: Marzena
11:05:47.0821 1212 Windows directory: C:\Windows
11:05:47.0821 1212 System windows directory: C:\Windows
11:05:47.0821 1212 Processor architecture: Intel x86
11:05:47.0821 1212 Number of processors: 2
11:05:47.0821 1212 Page size: 0x1000
11:05:47.0821 1212 Boot type: Normal boot
11:05:47.0821 1212 ============================================================
11:05:48.0411 1212 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:05:48.0411 1212 ============================================================
11:05:48.0411 1212 \Device\Harddisk0\DR0:
11:05:48.0411 1212 MBR partitions:
11:05:48.0411 1212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD3000, BlocksNum 0x1C1F2170
11:05:48.0411 1212 ============================================================
11:05:48.0486 1212 C: <-> \Device\Harddisk0\DR0\Partition0
11:05:48.0486 1212 ============================================================
11:05:48.0486 1212 Initialize success
11:05:48.0486 1212 ============================================================
11:05:52.0890 5736 ============================================================
11:05:52.0890 5736 Scan started
11:05:52.0890 5736 Mode: Manual; SigCheck; TDLFS;
11:05:52.0890 5736 ============================================================
11:05:53.0143 5736 .avgldx86 - ok
11:05:53.0550 5736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:05:53.0698 5736 ACPI - ok
11:05:53.0829 5736 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:05:53.0856 5736 adp94xx - ok
11:05:53.0924 5736 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:05:53.0944 5736 adpahci - ok
11:05:53.0992 5736 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:05:54.0008 5736 adpu160m - ok
11:05:54.0043 5736 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:05:54.0060 5736 adpu320 - ok
11:05:54.0103 5736 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:05:54.0130 5736 AeLookupSvc - ok
11:05:54.0211 5736 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:05:54.0232 5736 AFD - ok
11:05:54.0297 5736 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
11:05:54.0313 5736 agp440 - ok
11:05:54.0342 5736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:05:54.0358 5736 aic78xx - ok
11:05:54.0428 5736 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:05:54.0464 5736 ALG - ok
11:05:54.0515 5736 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
11:05:54.0530 5736 aliide - ok
11:05:54.0559 5736 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
11:05:54.0574 5736 amdagp - ok
11:05:54.0615 5736 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
11:05:54.0630 5736 amdide - ok
11:05:54.0646 5736 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:05:54.0708 5736 AmdK7 - ok
11:05:54.0786 5736 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
11:05:54.0849 5736 AmdK8 - ok
11:05:54.0927 5736 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:05:54.0942 5736 ApfiltrService - ok
11:05:55.0052 5736 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:05:55.0067 5736 Appinfo - ok
11:05:55.0286 5736 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:05:55.0301 5736 Apple Mobile Device - ok
11:05:55.0364 5736 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:05:55.0379 5736 arc - ok
11:05:55.0446 5736 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:05:55.0466 5736 arcsas - ok
11:05:55.0526 5736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:05:55.0556 5736 AsyncMac - ok
11:05:55.0696 5736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:05:55.0716 5736 atapi - ok
11:05:55.0816 5736 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:05:55.0886 5736 AudioEndpointBuilder - ok
11:05:55.0886 5736 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:05:55.0916 5736 Audiosrv - ok
11:05:56.0794 5736 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
11:05:57.0136 5736 AVGIDSAgent - ok
11:05:57.0374 5736 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:05:57.0451 5736 AVGIDSDriver - ok
11:05:57.0497 5736 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
11:05:57.0512 5736 AVGIDSFilter - ok
11:05:57.0584 5736 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
11:05:57.0599 5736 AVGIDSHX - ok
11:05:57.0684 5736 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:05:57.0698 5736 AVGIDSShim - ok
11:05:57.0739 5736 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
11:05:57.0759 5736 Avgldx86 - ok
11:05:57.0823 5736 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:05:57.0839 5736 Avgmfx86 - ok
11:05:57.0902 5736 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:05:57.0915 5736 Avgrkx86 - ok
11:05:57.0979 5736 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
11:05:58.0002 5736 Avgtdix - ok
11:05:58.0139 5736 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:05:58.0157 5736 avgwd - ok
11:05:58.0245 5736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:05:58.0298 5736 Beep - ok
11:05:58.0494 5736 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:05:58.0564 5736 BITS - ok
11:05:58.0580 5736 blbdrive - ok
11:05:58.0720 5736 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:05:58.0752 5736 Bonjour Service - ok
11:05:58.0783 5736 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:05:58.0814 5736 bowser - ok
11:05:58.0876 5736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:05:58.0908 5736 BrFiltLo - ok
11:05:58.0939 5736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:05:58.0970 5736 BrFiltUp - ok
11:05:59.0110 5736 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:05:59.0140 5736 Browser - ok
11:05:59.0170 5736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:05:59.0220 5736 Brserid - ok
11:05:59.0290 5736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:05:59.0340 5736 BrSerWdm - ok
11:05:59.0430 5736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:05:59.0480 5736 BrUsbMdm - ok
11:05:59.0530 5736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:05:59.0580 5736 BrUsbSer - ok
11:05:59.0630 5736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:05:59.0690 5736 BTHMODEM - ok
11:05:59.0690 5736 catchme - ok
11:05:59.0790 5736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:05:59.0820 5736 cdfs - ok
11:05:59.0900 5736 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:05:59.0930 5736 cdrom - ok
11:06:00.0010 5736 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:06:00.0040 5736 CertPropSvc - ok
11:06:00.0100 5736 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:06:00.0150 5736 circlass - ok
11:06:00.0220 5736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:06:00.0250 5736 CLFS - ok
11:06:00.0440 5736 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:06:00.0460 5736 clr_optimization_v2.0.50727_32 - ok
11:06:00.0618 5736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:00.0635 5736 clr_optimization_v4.0.30319_32 - ok
11:06:00.0732 5736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:06:00.0766 5736 CmBatt - ok
11:06:00.0800 5736 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
11:06:00.0816 5736 cmdide - ok
11:06:00.0861 5736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:06:00.0878 5736 Compbatt - ok
11:06:00.0883 5736 COMSysApp - ok
11:06:00.0894 5736 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:06:00.0911 5736 crcdisk - ok
11:06:00.0935 5736 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:06:00.0994 5736 Crusoe - ok
11:06:01.0086 5736 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:06:01.0115 5736 CryptSvc - ok
11:06:01.0213 5736 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:06:01.0258 5736 DcomLaunch - ok
11:06:01.0336 5736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:06:01.0391 5736 DfsC - ok
11:06:01.0645 5736 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:06:01.0764 5736 DFSR - ok
11:06:02.0046 5736 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:06:02.0076 5736 Dhcp - ok
11:06:02.0213 5736 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:06:02.0232 5736 disk - ok
11:06:02.0317 5736 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
11:06:02.0331 5736 DMICall - ok
11:06:02.0415 5736 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:06:02.0470 5736 Dnscache - ok
11:06:02.0547 5736 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:06:02.0576 5736 dot3svc - ok
11:06:02.0676 5736 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:06:02.0723 5736 Dot4 - ok
11:06:02.0770 5736 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:06:02.0801 5736 Dot4Print - ok
11:06:02.0816 5736 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:06:02.0863 5736 dot4usb - ok
11:06:02.0910 5736 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:06:02.0941 5736 DPS - ok
11:06:03.0011 5736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:06:03.0031 5736 drmkaud - ok
11:06:03.0101 5736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:06:03.0141 5736 DXGKrnl - ok
11:06:03.0201 5736 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:06:03.0261 5736 E1G60 - ok
11:06:03.0311 5736 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:06:03.0331 5736 EapHost - ok
11:06:03.0471 5736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:06:03.0501 5736 Ecache - ok
11:06:03.0611 5736 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:06:03.0631 5736 ehRecvr - ok
11:06:03.0691 5736 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:06:03.0701 5736 ehSched - ok
11:06:03.0711 5736 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:06:03.0731 5736 ehstart - ok
11:06:03.0801 5736 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:06:03.0821 5736 elxstor - ok
11:06:03.0911 5736 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:06:03.0951 5736 EMDMgmt - ok
11:06:04.0061 5736 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:06:04.0091 5736 EventSystem - ok
11:06:04.0151 5736 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:06:04.0171 5736 exfat - ok
11:06:04.0251 5736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:06:04.0271 5736 fastfat - ok
11:06:04.0361 5736 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
11:06:04.0411 5736 fdc - ok
11:06:04.0471 5736 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:06:04.0485 5736 fdPHost - ok
11:06:04.0593 5736 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:06:04.0647 5736 FDResPub - ok
11:06:04.0714 5736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:06:04.0732 5736 FileInfo - ok
11:06:04.0810 5736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:06:04.0842 5736 Filetrace - ok
11:06:04.0942 5736 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
11:06:04.0995 5736 flpydisk - ok
11:06:05.0086 5736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:06:05.0106 5736 FltMgr - ok
11:06:05.0303 5736 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:06:05.0346 5736 FontCache - ok
11:06:05.0487 5736 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:06:05.0503 5736 FontCache3.0.0.0 - ok
11:06:05.0567 5736 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:06:05.0600 5736 Fs_Rec - ok
11:06:05.0662 5736 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:06:05.0679 5736 gagp30kx - ok
11:06:05.0748 5736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:06:05.0763 5736 GEARAspiWDM - ok
11:06:05.0891 5736 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:06:05.0934 5736 gpsvc - ok
11:06:06.0018 5736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:06:06.0076 5736 HdAudAddService - ok
11:06:06.0180 5736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:06:06.0222 5736 HDAudBus - ok
11:06:06.0296 5736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:06:06.0351 5736 HidBth - ok
11:06:06.0392 5736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:06:06.0446 5736 HidIr - ok
11:06:06.0539 5736 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
11:06:06.0559 5736 hidserv - ok
11:06:06.0676 5736 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:06:06.0707 5736 HidUsb - ok
11:06:06.0785 5736 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:06:06.0816 5736 hkmsvc - ok
11:06:06.0894 5736 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:06:06.0910 5736 HpCISSs - ok
11:06:07.0035 5736 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:06:07.0035 5736 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:06:07.0050 5736 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:06:07.0081 5736 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:06:07.0097 5736 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:06:07.0097 5736 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:06:07.0191 5736 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:06:07.0222 5736 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
11:06:07.0222 5736 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
11:06:07.0284 5736 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:06:07.0331 5736 HSFHWAZL - ok
11:06:07.0487 5736 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:06:07.0534 5736 HSF_DPV - ok
11:06:07.0596 5736 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:06:07.0612 5736 HSXHWAZL - ok
11:06:07.0705 5736 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:06:07.0768 5736 HTTP - ok
11:06:07.0861 5736 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:06:07.0877 5736 i2omp - ok
11:06:07.0971 5736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:06:07.0986 5736 i8042prt - ok
11:06:08.0111 5736 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
11:06:08.0127 5736 iaStor - ok
11:06:08.0173 5736 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:06:08.0205 5736 iaStorV - ok
11:06:08.0314 5736 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:06:08.0329 5736 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:06:08.0329 5736 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:06:08.0532 5736 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:08.0610 5736 idsvc - ok
11:06:09.0063 5736 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:06:09.0119 5736 igfx - ok
11:06:09.0399 5736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:06:09.0419 5736 iirsp - ok
11:06:09.0539 5736 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:06:09.0579 5736 IKEEXT - ok
11:06:09.0839 5736 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
11:06:09.0919 5736 IntcAzAudAddService - ok
11:06:10.0219 5736 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
11:06:10.0229 5736 intelide - ok
11:06:10.0299 5736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:06:10.0329 5736 intelppm - ok
11:06:10.0399 5736 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:06:10.0439 5736 IPBusEnum - ok
11:06:10.0499 5736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:06:10.0529 5736 IpFilterDriver - ok
11:06:10.0539 5736 IpInIp - ok
11:06:10.0579 5736 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:06:10.0639 5736 IPMIDRV - ok
11:06:10.0749 5736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:06:10.0779 5736 IPNAT - ok
11:06:11.0029 5736 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:06:11.0059 5736 iPod Service - ok
11:06:11.0129 5736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:06:11.0169 5736 IRENUM - ok
11:06:11.0269 5736 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
11:06:11.0289 5736 isapnp - ok
11:06:11.0359 5736 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:06:11.0379 5736 iScsiPrt - ok
11:06:11.0459 5736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:06:11.0479 5736 iteatapi - ok
11:06:11.0509 5736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:06:11.0510 5736 iteraid - ok
11:06:11.0611 5736 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:06:11.0627 5736 IviRegMgr - ok
11:06:11.0695 5736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:06:11.0713 5736 kbdclass - ok
11:06:11.0752 5736 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
11:06:11.0806 5736 kbdhid - ok
11:06:11.0866 5736 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:06:11.0897 5736 KeyIso - ok
11:06:12.0052 5736 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:06:12.0085 5736 KSecDD - ok
11:06:12.0192 5736 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:06:12.0235 5736 KtmRm - ok
11:06:12.0305 5736 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:06:12.0327 5736 LanmanServer - ok
11:06:12.0406 5736 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:06:12.0461 5736 LanmanWorkstation - ok
11:06:12.0531 5736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:06:12.0563 5736 lltdio - ok
11:06:12.0622 5736 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:06:12.0676 5736 lltdsvc - ok
11:06:12.0774 5736 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:06:12.0829 5736 lmhosts - ok
11:06:12.0913 5736 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:06:12.0930 5736 LSI_FC - ok
11:06:12.0971 5736 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:06:12.0988 5736 LSI_SAS - ok
11:06:13.0040 5736 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:06:13.0057 5736 LSI_SCSI - ok
11:06:13.0135 5736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:06:13.0172 5736 luafv - ok
11:06:13.0230 5736 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:06:13.0248 5736 Mcx2Svc - ok
11:06:13.0300 5736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:06:13.0316 5736 mdmxsdk - ok
11:06:13.0374 5736 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:06:13.0390 5736 megasas - ok
11:06:13.0457 5736 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:06:13.0491 5736 MMCSS - ok
11:06:13.0538 5736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:06:13.0569 5736 Modem - ok
11:06:13.0719 5736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:06:13.0750 5736 monitor - ok
11:06:13.0828 5736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:06:13.0844 5736 mouclass - ok
11:06:13.0895 5736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:06:13.0935 5736 mouhid - ok
11:06:13.0995 5736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:06:14.0015 5736 MountMgr - ok
11:06:14.0075 5736 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:06:14.0095 5736 mpio - ok
11:06:14.0155 5736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:06:14.0175 5736 mpsdrv - ok
11:06:14.0235 5736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:06:14.0245 5736 Mraid35x - ok
11:06:14.0345 5736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:06:14.0365 5736 MRxDAV - ok
11:06:14.0415 5736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:06:14.0475 5736 mrxsmb - ok
11:06:14.0575 5736 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:06:14.0595 5736 mrxsmb10 - ok
11:06:14.0645 5736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:06:14.0675 5736 mrxsmb20 - ok
11:06:14.0725 5736 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
11:06:14.0745 5736 msahci - ok
11:06:14.0895 5736 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
11:06:14.0925 5736 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
11:06:14.0925 5736 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
11:06:14.0965 5736 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:06:14.0985 5736 msdsm - ok
11:06:15.0055 5736 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:06:15.0085 5736 MSDTC - ok
11:06:15.0165 5736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:06:15.0195 5736 Msfs - ok
11:06:15.0295 5736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:06:15.0305 5736 msisadrv - ok
11:06:15.0385 5736 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:06:15.0415 5736 MSiSCSI - ok
11:06:15.0425 5736 msiserver - ok
11:06:15.0533 5736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:06:15.0564 5736 MSKSSRV - ok
11:06:15.0628 5736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:06:15.0663 5736 MSPCLOCK - ok
11:06:15.0723 5736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:06:15.0754 5736 MSPQM - ok
11:06:15.0841 5736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:06:15.0864 5736 MsRPC - ok
11:06:15.0947 5736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:06:15.0964 5736 mssmbios - ok
11:06:16.0037 5736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:06:16.0069 5736 MSTEE - ok
11:06:16.0107 5736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:06:16.0125 5736 Mup - ok
11:06:16.0240 5736 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:06:16.0275 5736 napagent - ok
11:06:16.0382 5736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:06:16.0405 5736 NativeWifiP - ok
11:06:16.0514 5736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:06:16.0550 5736 NDIS - ok
11:06:16.0608 5736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:06:16.0633 5736 NdisTapi - ok
11:06:16.0708 5736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:06:16.0740 5736 Ndisuio - ok
11:06:16.0773 5736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:06:16.0801 5736 NdisWan - ok
11:06:16.0882 5736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:06:16.0909 5736 NDProxy - ok
11:06:16.0977 5736 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
11:06:17.0004 5736 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:06:17.0004 5736 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:06:17.0039 5736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:06:17.0070 5736 NetBIOS - ok
11:06:17.0155 5736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:06:17.0187 5736 netbt - ok
11:06:17.0277 5736 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:06:17.0294 5736 Netlogon - ok
11:06:17.0354 5736 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:06:17.0393 5736 Netman - ok
11:06:17.0481 5736 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:06:17.0521 5736 netprofm - ok
11:06:17.0754 5736 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:06:17.0769 5736 NetTcpPortSharing - ok
11:06:18.0066 5736 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
11:06:18.0222 5736 NETw3v32 - ok
11:06:18.0752 5736 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
11:06:18.0924 5736 NETw4v32 - ok
11:06:19.0220 5736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:06:19.0236 5736 nfrd960 - ok
11:06:19.0314 5736 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:06:19.0345 5736 NlaSvc - ok
11:06:19.0407 5736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:06:19.0439 5736 Npfs - ok
11:06:19.0501 5736 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:06:19.0532 5736 nsi - ok
11:06:19.0610 5736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:06:19.0641 5736 nsiproxy - ok
11:06:19.0782 5736 NSUService (510320ec1933ef2eaba71bf9e6635f31) C:\Program Files\Sony\Network Utility\NSUService.exe
11:06:19.0797 5736 NSUService ( UnsignedFile.Multi.Generic ) - warning
11:06:19.0797 5736 NSUService - detected UnsignedFile.Multi.Generic (1)
11:06:19.0950 5736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:06:20.0000 5736 Ntfs - ok
11:06:20.0080 5736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:06:20.0140 5736 ntrigdigi - ok
11:06:20.0190 5736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:06:20.0220 5736 Null - ok
11:06:20.0270 5736 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:06:20.0290 5736 nvraid - ok
11:06:20.0310 5736 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:06:20.0330 5736 nvstor - ok
11:06:20.0360 5736 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
11:06:20.0370 5736 nv_agp - ok
11:06:20.0380 5736 NwlnkFlt - ok
11:06:20.0390 5736 NwlnkFwd - ok
11:06:20.0610 5736 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:06:20.0640 5736 odserv - ok
11:06:20.0730 5736 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:06:20.0760 5736 ohci1394 - ok
11:06:20.0830 5736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:06:20.0850 5736 ose - ok
11:06:20.0990 5736 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:06:21.0070 5736 p2pimsvc - ok
11:06:21.0080 5736 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:06:21.0120 5736 p2psvc - ok
11:06:21.0180 5736 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
11:06:21.0190 5736 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
11:06:21.0190 5736 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
11:06:21.0260 5736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:06:21.0310 5736 Parport - ok
11:06:21.0360 5736 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:06:21.0380 5736 partmgr - ok
11:06:21.0420 5736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:06:21.0470 5736 Parvdm - ok
11:06:21.0550 5736 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:06:21.0570 5736 PcaSvc - ok
11:06:21.0680 5736 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:06:21.0700 5736 pci - ok
11:06:21.0750 5736 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
11:06:21.0770 5736 pciide - ok
11:06:21.0840 5736 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
11:06:21.0860 5736 pcmcia - ok
11:06:22.0070 5736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:06:22.0150 5736 PEAUTH - ok
11:06:22.0400 5736 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:06:22.0490 5736 pla - ok
11:06:22.0784 5736 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:06:22.0816 5736 PlugPlay - ok
11:06:22.0862 5736 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
11:06:22.0869 5736 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:06:22.0869 5736 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:06:22.0965 5736 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:06:22.0998 5736 PNRPAutoReg - ok
11:06:23.0008 5736 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:06:23.0043 5736 PNRPsvc - ok
11:06:23.0089 5736 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:06:23.0126 5736 PolicyAgent - ok
11:06:23.0212 5736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:06:23.0244 5736 PptpMiniport - ok
11:06:23.0277 5736 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:06:23.0333 5736 Processor - ok
11:06:23.0430 5736 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:06:23.0460 5736 ProfSvc - ok
11:06:23.0500 5736 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:06:23.0518 5736 ProtectedStorage - ok
11:06:23.0564 5736 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
11:06:23.0581 5736 ProtexisLicensing - ok
11:06:23.0646 5736 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:06:23.0672 5736 PSched - ok
11:06:23.0745 5736 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:06:23.0759 5736 PxHelp20 - ok
11:06:23.0899 5736 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:06:23.0950 5736 ql2300 - ok
11:06:24.0022 5736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:06:24.0042 5736 ql40xx - ok
11:06:24.0152 5736 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:06:24.0177 5736 QWAVE - ok
11:06:24.0274 5736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:06:24.0300 5736 QWAVEdrv - ok
11:06:24.0413 5736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:06:24.0449 5736 RasAcd - ok
11:06:24.0599 5736 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:06:24.0634 5736 RasAuto - ok
11:06:24.0760 5736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:06:24.0792 5736 Rasl2tp - ok
11:06:24.0916 5736 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:06:24.0948 5736 RasMan - ok
11:06:24.0994 5736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:06:25.0026 5736 RasPppoe - ok
11:06:25.0104 5736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:06:25.0166 5736 RasSstp - ok
11:06:25.0306 5736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:06:25.0338 5736 rdbss - ok
11:06:25.0431 5736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:06:25.0462 5736 RDPCDD - ok
11:06:25.0545 5736 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
11:06:25.0605 5736 rdpdr - ok
11:06:25.0685 5736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:06:25.0715 5736 RDPENCDD - ok
11:06:25.0805 5736 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
11:06:25.0865 5736 RDPWD - ok
11:06:25.0935 5736 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
11:06:25.0945 5736 regi - ok
11:06:26.0055 5736 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:06:26.0095 5736 RemoteAccess - ok
11:06:26.0165 5736 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:06:26.0185 5736 RemoteRegistry - ok
11:06:26.0255 5736 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:06:26.0265 5736 RpcLocator - ok
11:06:26.0375 5736 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:06:26.0415 5736 RpcSs - ok
11:06:26.0505 5736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:06:26.0545 5736 rspndr - ok
11:06:26.0600 5736 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:06:26.0617 5736 SamSs - ok
11:06:26.0699 5736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:06:26.0716 5736 sbp2port - ok
11:06:26.0788 5736 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:06:26.0822 5736 SCardSvr - ok
11:06:27.0012 5736 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:06:27.0092 5736 Schedule - ok
11:06:27.0177 5736 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:06:27.0203 5736 SCPolicySvc - ok
11:06:27.0281 5736 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:06:27.0339 5736 SDRSVC - ok
11:06:27.0460 5736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:06:27.0516 5736 secdrv - ok
11:06:27.0571 5736 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:06:27.0605 5736 seclogon - ok
11:06:27.0679 5736 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:06:27.0713 5736 SENS - ok
11:06:27.0780 5736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:06:27.0839 5736 Serenum - ok
11:06:27.0877 5736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:06:27.0933 5736 Serial - ok
11:06:27.0981 5736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:06:28.0013 5736 sermouse - ok
11:06:28.0116 5736 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:06:28.0151 5736 SessionEnv - ok
11:06:28.0201 5736 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
11:06:28.0229 5736 SFEP - ok
11:06:28.0255 5736 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
11:06:28.0309 5736 sffdisk - ok
11:06:28.0338 5736 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
11:06:28.0392 5736 sffp_mmc - ok
11:06:28.0428 5736 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
11:06:28.0481 5736 sffp_sd - ok
11:06:28.0533 5736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
11:06:28.0587 5736 sfloppy - ok
11:06:28.0638 5736 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:06:28.0699 5736 SharedAccess - ok
11:06:28.0777 5736 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:06:28.0834 5736 ShellHWDetection - ok
11:06:28.0854 5736 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
11:06:28.0864 5736 sisagp - ok
11:06:28.0894 5736 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:06:28.0914 5736 SiSRaid2 - ok
11:06:28.0984 5736 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:06:29.0004 5736 SiSRaid4 - ok
11:06:29.0534 5736 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:06:29.0768 5736 slsvc - ok
11:06:30.0033 5736 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:06:30.0062 5736 SLUINotify - ok
11:06:30.0157 5736 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:06:30.0175 5736 SNMPTRAP - ok
11:06:30.0278 5736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:06:30.0295 5736 spldr - ok
11:06:30.0368 5736 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:06:30.0431 5736 Spooler - ok
11:06:30.0622 5736 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
11:06:30.0629 5736 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
11:06:30.0629 5736 SPTISRV - detected UnsignedFile.Multi.Generic (1)
11:06:30.0741 5736 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:06:30.0797 5736 srv - ok
11:06:30.0895 5736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:06:30.0933 5736 srv2 - ok
11:06:31.0034 5736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:06:31.0053 5736 srvnet - ok
11:06:31.0172 5736 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:06:31.0209 5736 SSDPSRV - ok
11:06:31.0329 5736 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:06:31.0352 5736 SstpSvc - ok
11:06:31.0464 5736 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:06:31.0498 5736 stisvc - ok
11:06:31.0597 5736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:06:31.0614 5736 swenum - ok
11:06:31.0807 5736 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:06:31.0823 5736 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:06:31.0823 5736 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:06:31.0901 5736 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:06:31.0948 5736 swprv - ok
11:06:31.0979 5736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:06:31.0994 5736 Symc8xx - ok
11:06:32.0010 5736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:06:32.0026 5736 Sym_hi - ok
11:06:32.0057 5736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:06:32.0072 5736 Sym_u3 - ok
11:06:32.0228 5736 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:06:32.0306 5736 SysMain - ok
11:06:32.0353 5736 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:06:32.0369 5736 TabletInputService - ok
11:06:32.0447 5736 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:06:32.0494 5736 TapiSrv - ok
11:06:32.0535 5736 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:06:32.0565 5736 TBS - ok
11:06:32.0785 5736 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:06:32.0845 5736 Tcpip - ok
11:06:32.0865 5736 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:06:32.0945 5736 Tcpip6 - ok
11:06:33.0015 5736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:06:33.0035 5736 tcpipreg - ok
11:06:33.0125 5736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:06:33.0155 5736 TDPIPE - ok
11:06:33.0215 5736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:06:33.0245 5736 TDTCP - ok
11:06:33.0305 5736 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:06:33.0335 5736 tdx - ok
11:06:33.0415 5736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:06:33.0435 5736 TermDD - ok
11:06:33.0515 5736 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:06:33.0555 5736 TermService - ok
11:06:33.0618 5736 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:06:33.0641 5736 Themes - ok
11:06:33.0692 5736 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:06:33.0725 5736 THREADORDER - ok
11:06:33.0861 5736 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
11:06:33.0940 5736 ti21sony - ok
11:06:33.0983 5736 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:06:34.0018 5736 TrkWks - ok
11:06:34.0133 5736 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:06:34.0160 5736 TrustedInstaller - ok
11:06:34.0249 5736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:06:34.0280 5736 tssecsrv - ok
11:06:34.0356 5736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:06:34.0386 5736 tunmp - ok
11:06:34.0441 5736 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:06:34.0459 5736 tunnel - ok
11:06:34.0542 5736 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:06:34.0559 5736 uagp35 - ok
11:06:34.0616 5736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:06:34.0647 5736 udfs - ok
11:06:34.0715 5736 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:06:34.0749 5736 UI0Detect - ok
11:06:34.0812 5736 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
11:06:34.0829 5736 uliagpkx - ok
11:06:34.0880 5736 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:06:34.0905 5736 uliahci - ok
11:06:35.0001 5736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:06:35.0019 5736 UlSata - ok
11:06:35.0090 5736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:06:35.0109 5736 ulsata2 - ok
11:06:35.0171 5736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:06:35.0203 5736 umbus - ok
11:06:35.0315 5736 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:06:35.0354 5736 upnphost - ok
11:06:35.0433 5736 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:06:35.0463 5736 USBAAPL - ok
11:06:35.0548 5736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:06:35.0575 5736 usbccgp - ok
11:06:35.0646 5736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:06:35.0708 5736 usbcir - ok
11:06:35.0786 5736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:06:35.0817 5736 usbehci - ok
11:06:35.0880 5736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:06:35.0926 5736 usbhub - ok
11:06:35.0958 5736 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:06:36.0020 5736 usbohci - ok
11:06:36.0067 5736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:06:36.0098 5736 usbprint - ok
11:06:36.0192 5736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:06:36.0223 5736 usbscan - ok
11:06:36.0285 5736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:06:36.0316 5736 USBSTOR - ok
11:06:36.0363 5736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:06:36.0394 5736 usbuhci - ok
11:06:36.0472 5736 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:06:36.0504 5736 UxSms - ok
11:06:36.0613 5736 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
11:06:36.0613 5736 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
11:06:36.0613 5736 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
11:06:36.0722 5736 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
11:06:36.0738 5736 VAIO Event Service - ok
11:06:37.0119 5736 VAIOMediaPlatform-IntegratedServer-AppServer (4b8f85bfc82b849d52fd4f3f32259dbc) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
11:06:37.0239 5736 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
11:06:37.0239 5736 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
11:06:37.0399 5736 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
11:06:37.0419 5736 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
11:06:37.0419 5736 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
11:06:37.0609 5736 VAIOMediaPlatform-IntegratedServer-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
11:06:37.0649 5736 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
11:06:37.0649 5736 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
11:06:37.0739 5736 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
11:06:37.0769 5736 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
11:06:37.0769 5736 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
11:06:37.0839 5736 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
11:06:37.0849 5736 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
11:06:37.0849 5736 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
11:06:38.0019 5736 VAIOMediaPlatform-UCLS-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
11:06:38.0079 5736 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
11:06:38.0079 5736 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
11:06:38.0239 5736 VcmIAlzMgr (6ef45df2fcc4ae35c715a6c9b5c68b17) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
11:06:38.0299 5736 VcmIAlzMgr - ok
11:06:38.0419 5736 VcmXmlIfHelper (c4de5ba157fd83bbdaeb70ee27417e0e) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
11:06:38.0429 5736 VcmXmlIfHelper - ok
11:06:38.0439 5736 Vcsw - ok
11:06:38.0790 5736 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:06:38.0829 5736 vds - ok
11:06:38.0965 5736 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
11:06:39.0031 5736 vga - ok
11:06:39.0103 5736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:06:39.0135 5736 VgaSave - ok
11:06:39.0207 5736 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
11:06:39.0227 5736 viaagp - ok
11:06:39.0276 5736 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:06:39.0330 5736 ViaC7 - ok
11:06:39.0376 5736 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
11:06:39.0391 5736 viaide - ok
11:06:39.0423 5736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:06:39.0456 5736 volmgr - ok
11:06:39.0523 5736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:06:39.0549 5736 volmgrx - ok
11:06:39.0611 5736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:06:39.0634 5736 volsnap - ok
11:06:39.0694 5736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:06:39.0718 5736 vsmraid - ok
11:06:40.0007 5736 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:06:40.0058 5736 VSS - ok
11:06:40.0355 5736 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
11:06:40.0405 5736 vToolbarUpdater11.0.2 - ok
11:06:40.0553 5736 VzCdbSvc (2e785f4f92c4c67cebb61dd55ed1f6a1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
11:06:40.0561 5736 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
11:06:40.0562 5736 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
11:06:40.0690 5736 VzFw (2d876cad8c7ffb08179dff361ff851e6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
11:06:40.0690 5736 VzFw ( UnsignedFile.Multi.Generic ) - warning
11:06:40.0690 5736 VzFw - detected UnsignedFile.Multi.Generic (1)
11:06:40.0955 5736 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:06:40.0986 5736 W32Time - ok
11:06:41.0096 5736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:06:41.0142 5736 WacomPen - ok
11:06:41.0220 5736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:06:41.0252 5736 Wanarp - ok
11:06:41.0252 5736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:06:41.0283 5736 Wanarpv6 - ok
11:06:41.0330 5736 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:06:41.0361 5736 wcncsvc - ok
11:06:41.0392 5736 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:06:41.0423 5736 WcsPlugInService - ok
11:06:41.0517 5736 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:06:41.0532 5736 Wd - ok
11:06:41.0657 5736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:06:41.0688 5736 Wdf01000 - ok
11:06:41.0751 5736 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:06:41.0782 5736 WdiServiceHost - ok
11:06:41.0782 5736 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:06:41.0813 5736 WdiSystemHost - ok
11:06:41.0891 5736 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:06:41.0907 5736 WebClient - ok
11:06:42.0000 5736 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:06:42.0016 5736 Wecsvc - ok
11:06:42.0078 5736 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:06:42.0110 5736 wercplsupport - ok
11:06:42.0203 5736 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:06:42.0234 5736 WerSvc - ok
11:06:42.0312 5736 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
11:06:42.0328 5736 WimFltr - ok
11:06:42.0453 5736 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:06:42.0484 5736 winachsf - ok
11:06:42.0484 5736 WinHttpAutoProxySvc - ok
11:06:42.0669 5736 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:06:42.0709 5736 Winmgmt - ok
11:06:42.0879 5736 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:06:42.0939 5736 WinRM - ok
11:06:43.0069 5736 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:06:43.0109 5736 Wlansvc - ok
11:06:43.0199 5736 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
11:06:43.0249 5736 WmiAcpi - ok
11:06:43.0459 5736 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:06:43.0479 5736 wmiApSrv - ok
11:06:43.0759 5736 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:06:43.0819 5736 WMPNetworkSvc - ok
11:06:43.0889 5736 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:06:43.0919 5736 WPCSvc - ok
11:06:43.0989 5736 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:06:44.0059 5736 WPDBusEnum - ok
11:06:44.0189 5736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:06:44.0199 5736 WpdUsb - ok
11:06:44.0579 5736 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:06:44.0649 5736 WPFFontCache_v0400 - ok
11:06:44.0699 5736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:06:44.0729 5736 ws2ifsl - ok
11:06:44.0739 5736 WSearch - ok
11:06:45.0029 5736 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:06:45.0309 5736 wuauserv - ok
11:06:45.0539 5736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:06:45.0569 5736 WUDFRd - ok
11:06:45.0630 5736 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:06:45.0665 5736 wudfsvc - ok
11:06:45.0739 5736 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
11:06:45.0753 5736 XAudio - ok
11:06:45.0807 5736 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
11:06:45.0828 5736 XAudioService - ok
11:06:45.0894 5736 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
11:06:45.0961 5736 yukonwlh - ok
11:06:45.0999 5736 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:06:46.0808 5736 \Device\Harddisk0\DR0 - ok
11:06:46.0842 5736 Boot (0x1200) (ce4b76020a1b20acb64f8b8d4be7f577) \Device\Harddisk0\DR0\Partition0
11:06:46.0844 5736 \Device\Harddisk0\DR0\Partition0 - ok
11:06:46.0844 5736 ============================================================
11:06:46.0844 5736 Scan finished
11:06:46.0844 5736 ============================================================
11:06:46.0858 4792 Detected object count: 20
11:06:46.0858 4792 Actual detected object count: 20
11:07:02.0630 4792 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0630 4792 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0631 4792 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0631 4792 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0634 4792 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0634 4792 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0640 4792 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0640 4792 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0641 4792 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0641 4792 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0644 4792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0644 4792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0646 4792 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0647 4792 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0650 4792 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0650 4792 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0653 4792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0653 4792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0656 4792 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0656 4792 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0658 4792 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0658 4792 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0662 4792 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0662 4792 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0664 4792 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0664 4792 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0671 4792 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0671 4792 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0674 4792 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0674 4792 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0677 4792 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0677 4792 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0680 4792 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0680 4792 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0682 4792 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0683 4792 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0686 4792 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0686 4792 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:02.0689 4792 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:02.0689 4792 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I ran Combofix, the last thing i saw was "Deleting file" (dont know the exact name of the file), that took a long time and then the PC turned off. I did not see the log, should i run Combofix again? Computer seems to be better now.

Edited by Mara1983, 24 May 2012 - 10:03 PM.

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mara1983,

You did good job with TDSSkiller.

Please restart your PC once. Then run Combofix again as you did before and hopefully we will get log. Post it here for me.
  • 0

#6
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ComboFix 12-05-25.02 - Marzena 05/25/2012 10:27:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1156 [GMT -4:00]
Running from: c:\users\Marzena\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 14:41 . 2012-05-25 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 16:00 . 2012-05-25 14:42 -------- d-----w- c:\users\Marzena\AppData\Local\temp
2012-05-24 13:59 . 2012-05-24 13:59 -------- d-----w- c:\program files\AceBIT
2012-05-24 13:58 . 2004-07-16 04:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-05-24 13:58 . 2004-07-16 04:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-05-24 13:58 . 2004-07-16 04:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-05-24 13:58 . 2004-07-16 04:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-05-24 13:58 . 2004-07-16 04:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-05-24 13:58 . 2012-05-24 13:58 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-05-24 13:58 . 2012-05-24 13:58 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-05-23 22:35 . 2012-05-23 22:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-23 22:09 . 2012-05-23 22:09 -------- d-----w- c:\users\Marzena\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-23 22:09 . 2012-05-23 22:09 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\users\Marzena\AppData\Local\AVG Secure Search
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\program files\AVG Secure Search
2012-05-13 15:21 . 2012-05-13 15:21 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-13 00:56 . 2012-03-13 00:56 947472 ----a-w- c:\windows\system32\msjava.dll
2012-02-29 15:11 . 2012-04-12 23:57 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 23:57 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 23:57 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 23:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-13 00:01 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 00:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 00:01 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 00:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-13 15:22 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-13 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"Skytel"="Skytel.exe" [2007-09-01 1826816]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-13 1116544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\Marzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2010-7-6 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: fernuni-hagen.de\ca
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Adobe - c:\users\Marzena\AppData\Local\AOL\Adobe\forsfb.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 10:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Marzena\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.avgldx86]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(340)
c:\ddi\overicon.dll
.
Completion time: 2012-05-25 10:50:17
ComboFix-quarantined-files.txt 2012-05-25 14:50
.
Pre-Run: 136,497,659,904 bytes free
Post-Run: 136,401,350,656 bytes free
.
- - End Of File - - FEF6131D169DB3A750421AF373AFEF21
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice work. Do you have any problems now?

Let's see what we have now:

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#8
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Last night i still had problems, the computer just turned off by itself. When i just ran OTL, a pop-up showed two threats (same ones, Trojan Horse Cryptic). Here are the scan results:

OTL logfile created on: 5/26/2012 12:32:15 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Marzena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.37% Memory free
4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.97 Gb Total Space | 126.68 Gb Free Space | 56.31% Space Free | Partition Type: NTFS

Computer Name: MARZENA-PC | User Name: Marzena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/23 21:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
PRC - [2012/05/13 11:22:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/13 11:22:27 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/12 19:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/10/10 19:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/20 13:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/09/20 13:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/09/19 14:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/08 08:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 08:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 08:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/13 11:22:30 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/13 11:22:27 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/08 21:14:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/08 21:14:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/08 21:12:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/08 21:12:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/19 08:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/13 11:22:28 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/29 00:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 15:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 13:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 04:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 04:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 04:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 17:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/10 20:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marzena\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2007/09/19 16:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 20:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {71FF0F51-013D-4E92-A992-5CAB809BDCF9}
IE - HKLM\..\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}: "URL" = http://search.aol.co...onType=sny_ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{46723C7C-7E2A-4FF2-A008-2130EDD8CE9F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}: "URL" = http://search.aol.co...onType=sny_ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-13 11:22:32&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smar[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/30 21:56:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 20:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 12:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/13 11:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/13 11:22:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/30 21:56:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/25 08:29:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fernuni-hagen.de ([ca] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://photoservice...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B9CFD6-0C92-4F3A-973C-EBB7425B69DE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77361748-D6EA-4F04-B395-A9FCD0AE4CAB}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marzena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/25 10:49:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/24 12:00:39 | 000,000,000 | ---D | C] -- C:\Users\Marzena\AppData\Local\temp
[2012/05/24 11:30:15 | 004,526,981 | R--- | C] (Swearware) -- C:\Users\Marzena\Desktop\ComboFix.exe
[2012/05/24 11:02:39 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marzena\Desktop\tdsskiller.exe
[2012/05/24 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\Marzena\Documents\AceBackup 3
[2012/05/24 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\AceBIT
[2012/05/24 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceBIT
[2012/05/23 21:07:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
[2012/05/23 18:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/23 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\Marzena\Desktop\Adobe Photoshop CS6
[2012/05/23 18:09:45 | 000,000,000 | ---D | C] -- C:\Users\Marzena\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/23 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/05/15 12:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/13 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\Marzena\AppData\Local\AVG Secure Search
[2012/05/13 11:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/13 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/13 11:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/13 11:21:20 | 000,000,000 | ---D | C] -- C:\$AVG
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/26 12:31:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/26 09:59:05 | 099,176,094 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/26 09:53:00 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 09:52:59 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 09:52:45 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/26 00:09:26 | 219,049,162 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/25 08:29:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/25 08:08:25 | 004,526,981 | R--- | M] (Swearware) -- C:\Users\Marzena\Desktop\ComboFix.exe
[2012/05/24 11:02:39 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marzena\Desktop\tdsskiller.exe
[2012/05/23 22:10:14 | 003,726,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/23 21:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marzena\Desktop\OTL.exe
[2012/05/23 18:09:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/05/23 18:00:19 | 000,137,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/15 12:44:07 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/13 22:22:02 | 000,612,786 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/13 22:22:02 | 000,108,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/13 18:55:41 | 000,685,063 | ---- | M] () -- C:\Users\Marzena\Desktop\receipt.jpg
[2012/05/13 10:49:15 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/04/27 14:14:19 | 000,021,086 | ---- | M] () -- C:\Users\Marzena\Desktop\logo_centered.jpg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/26 00:13:30 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 11:32:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/24 11:32:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/24 11:18:03 | 219,049,162 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/23 18:35:12 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/05/23 18:33:37 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/05/23 18:31:17 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/05/23 18:31:08 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/05/23 18:09:40 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/05/23 18:09:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/05/13 18:55:40 | 000,685,063 | ---- | C] () -- C:\Users\Marzena\Desktop\receipt.jpg
[2012/05/13 11:22:38 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/27 14:14:19 | 000,021,086 | ---- | C] () -- C:\Users\Marzena\Desktop\logo_centered.jpg

========== LOP Check ==========

[2012/04/14 08:33:21 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\AVG
[2012/04/14 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\AVG2012
[2012/05/23 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/20 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\DVDVideoSoft
[2011/07/20 20:15:20 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/15 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\E-centives
[2011/05/01 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\eMusic
[2010/08/02 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\ICAClient
[2009/01/24 16:31:33 | 000,000,000 | ---D | M] -- C:\Users\Marzena\AppData\Roaming\LimeWire
[2012/05/26 02:58:15 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's continue.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#10
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marzena\Desktop\cmd.bat deleted successfully.
C:\Users\Marzena\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marzena
->Temp folder emptied: 1573317 bytes
->Temporary Internet Files folder emptied: 264816370 bytes
->Java cache emptied: 19149 bytes
->Flash cache emptied: 63747 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 262834488 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 553461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 505.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05282012_125826

Files\Folders moved on Reboot...
C:\Users\Marzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IK2JPHTB\fastbutton[1].htm moved successfully.
C:\Users\Marzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Marzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Marzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Status: Detected (events: 6)
5/28/2012 6:05:44 PM Detected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc High
5/28/2012 1:34:25 PM Detected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/b.class High
5/28/2012 1:42:03 PM Detected Trojan program Exploit.Java.CVE-2012-0507.ej C:\Documents and Settings\Marzena\Documents\AceBackup 3\Backups\BCK1\Archives\_nsd_C\Users\Marzena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5eee42de-3d591964.nsz.000//la/n.class High
5/28/2012 5:45:40 PM Detected Trojan program Exploit.Java.CVE-2012-0507.ej C:\Documents and Settings\Marzena\My Documents\AceBackup 3\Backups\BCK1\Archives\_nsd_C\Users\Marzena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5eee42de-3d591964.nsz.000//la/n.class High
5/28/2012 6:32:49 PM Detected Trojan program Exploit.Java.CVE-2012-0507.ej C:\Users\Marzena\Documents\AceBackup 3\Backups\BCK1\Archives\_nsd_C\Users\Marzena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5eee42de-3d591964.nsz.000//la/n.class High
5/28/2012 6:46:24 PM Detected Trojan program Exploit.Java.CVE-2012-0507.ej C:\Users\Marzena\My Documents\AceBackup 3\Backups\BCK1\Archives\_nsd_C\Users\Marzena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5eee42de-3d591964.nsz.000//la/n.class High
Status: Disinfected (events: 20)
5/28/2012 6:05:45 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc High
5/28/2012 6:05:45 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file High
5/28/2012 5:44:33 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/b.class High
5/28/2012 5:44:33 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/KAVS.class High
5/28/2012 5:44:33 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ji C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/purok.class High
5/28/2012 5:44:34 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000269.file/setup/lang.class High
5/28/2012 5:45:25 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000301.file High
5/28/2012 6:05:45 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000269.file High
5/28/2012 5:47:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000269.file/setup/lang.class High
5/28/2012 5:47:52 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.k C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000322.file/ka/ka.class High
5/28/2012 5:49:36 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000301.file High
5/28/2012 6:05:45 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.k C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000322.file High
5/28/2012 5:57:38 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.k C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000322.file/ka/ka.class High
5/28/2012 5:59:48 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/a.class High
5/28/2012 5:59:48 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/b.class High
5/28/2012 6:05:45 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file High
5/28/2012 6:00:37 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/a.class High
5/28/2012 5:59:48 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/KAVS.class High
5/28/2012 6:00:37 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/b.class High
5/28/2012 6:00:37 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\Application Data\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000390.file/bpac/KAVS.class High
Status: Deleted (events: 3)
5/28/2012 4:34:12 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/KAVS.class High
5/28/2012 4:34:55 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ji C:\Documents and Settings\Marzena\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414083346770.rsc/120414083346770-000170.file/bpac/purok.class High
5/28/2012 8:03:29 PM Deleted virus Virus.Win32.ZAccess.k C:\Windows\System32\drivers\smb.sys High
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice. VRT did great job. How is your system now? Problems?
  • 0

#13
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Computer seems good now. Is there anything else i should do?
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mara1983,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.


3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#15
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hello,

i did clean everything up. Thank you so much for your help!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP