Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop freezing [Solved]

Started by kenomikes , Nov 27 2012 05:10 PM

  • This topic is locked This topic is locked

#16
Dakeyras
Posted 06 December 2012 - 03:09 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thx again, are you a wizard? :lol:

No I am a Woolly Mammoth! :lol:

OK levity aside...

Seems to be losing connection again randomly as I've been online this morning testing it, but it does go back online much quicker than a few days ago. I don't have to reboot the laptop or the wifi, it just finds it on its own.

Acknowledged, we have not completed the malware removal process yet so things should improve as we progress etc. Part of the below custom OTL script will remove Windows Sidebar from auto starting as this was recently compromised and the use of gadgets can be used to exploit a system.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Liv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Liv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012/01/22 15:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liv\AppData\Roaming\Mozilla\Extensions
[2012/01/10 16:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/10 16:59:03 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
O3 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Mozilla Firefox

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

Advertisements

#17
kenomikes
Posted 06 December 2012 - 03:46 PM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL logAll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
C:\Windows\system32\npDeployJava1.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/ShockwavePlayer\ deleted successfully.
C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
File C:\Windows\SysWOW64\npDeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Liv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Liv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Users\Liv\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions folder moved successfully.
Folder C:\Users\Liv\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_USERS\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Liv\Desktop\cmd.bat deleted successfully.
C:\Users\Liv\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\jsloader\resource folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\jsloader folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Liv
->Temp folder emptied: 16673236 bytes
->Temporary Internet Files folder emptied: 1137184261 bytes
->Java cache emptied: 2352266 bytes
->FireFox cache emptied: 14506013 bytes
->Google Chrome cache emptied: 255396836 bytes
->Flash cache emptied: 89820 bytes

User: Public

User: TEST

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 825483 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 114621 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,361.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12062012_163925

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Liv\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF11A223A5C32F05B2.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF25E1533B31EB4F3A.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF34ABD053905E2A36.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF3DE114AF8B1A0DB5.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF4680A74BC4C56611.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF46DC67A8A5025BDA.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF47C74E5AA3809278.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF49BFE251BF6B2032.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF6BB400077F02CC0A.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF7300D1BBDA9DE973.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF740D9964C40B9404.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF74B29C125CE6F61D.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF802B13CE9EAC2C51.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFBE6EFD35A3D30537.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFBFAEBB2E8616B559.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFC972B36C4282C5BD.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFD6693869961A54FE.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFEE05CAEBE784AA7F.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFEE648F1EC19A4885.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFEEF82A0A549E4525.TMP not found!
C:\Users\Liv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#18
kenomikes
Posted 06 December 2012 - 04:03 PM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

Ok it froze (lost connection too) for a full 5 minutes in the middle of the Malwarebytes scan, it resolved itself and finished that scan.

I'll report back if notice anything else.

Thanks for this help.

Mike







Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Liv :: LIV-VAIO [administrator]

12/6/2012 4:49:13 PM
mbam-log-2012-12-06 (16-49-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219746
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#19
Dakeyras
Posted 07 December 2012 - 05:07 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Ok it froze (lost connection too) for a full 5 minutes in the middle of the Malwarebytes scan, it resolved itself and finished that scan.

Acknolwedged, lets proceed as follows shall we...

Download/Run ComboFix:

Please visit this web-page for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Quote- Box(do not copy the word quote) below into Notepad:

@echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Go to File >> Save As
  • Save File name as Dakeyras.bat
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • checkhd.txt

  • 0

#20
kenomikes
Posted 07 December 2012 - 08:07 AM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi again,


After I went back online to post this log, it lost connection. Wouldn't resolve itself after a few minutes, so I right clicked on Internet and opened Windows Network Diagnostics. Troubleshooter said it reset windows adapter. Said problems found with adapter or access point. This is what it has been saying/doing for a month now FYI when I try to restablish connection. None of my other computers/XBox etc. have any problems with connection. Back online now.

As I'm typing, just lost interent connection again. Now, it's not even seeing my network, this happened before too. 5 minutes later, fixed itself.



ComboFix log

ComboFix 12-12-04.01 - Liv 12/07/2012 8:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2500 [GMT -5:00]
Running from: c:\users\Liv\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\Java\jre7\bin\ssv.dll
c:\users\Liv\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 13:39 . 2012-12-07 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-07 13:07 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2B9CAE0-44F3-4EE1-9D16-4B4CA4BAE174}\mpengine.dll
2012-12-06 21:39 . 2012-12-06 21:39 -------- d-----w- C:\_OTL
2012-12-05 22:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-03 22:07 . 2012-12-03 22:08 -------- d-----w- c:\program files (x86)\ERUNT
2012-12-03 13:06 . 2012-12-03 13:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-02 21:12 . 2012-12-02 21:12 -------- d-----w- c:\windows\SysWow64\Adobe
2012-12-02 21:12 . 2012-12-02 21:12 289768 ----a-w- c:\windows\system32\javaws.exe
2012-12-02 21:12 . 2012-12-02 21:12 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-02 21:12 . 2012-12-02 21:12 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-02 21:12 . 2012-12-02 21:12 189416 ----a-w- c:\windows\system32\javaw.exe
2012-12-02 21:12 . 2012-12-02 21:12 188904 ----a-w- c:\windows\system32\java.exe
2012-12-02 21:10 . 2012-12-02 21:10 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-02 21:08 . 2012-12-02 21:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-12-02 17:55 . 2012-12-02 18:58 -------- d-----w- c:\users\Liv\AppData\Local\Microsoft Games
2012-11-30 23:32 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-30 23:32 . 2012-08-23 08:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-30 23:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-30 23:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-30 23:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-30 23:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-30 23:07 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-30 23:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-30 23:07 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-30 23:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-30 23:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-30 23:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-30 23:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-28 21:03 . 2012-11-28 21:03 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E459007-02EE-4DA0-9AD1-BF427A0E5FFE}\gapaengine.dll
2012-11-23 03:35 . 2011-06-21 09:03 2753536 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-11-23 03:35 . 2011-06-21 09:03 2753536 ----a-w- c:\windows\system32\athrx.sys
2012-11-23 03:35 . 2012-11-23 03:36 -------- d-----w- c:\program files (x86)\Atheros WiFi Driver Installation
2012-11-23 03:33 . 2012-11-23 03:33 -------- d-----w- c:\programdata\Atheros
2012-11-23 03:31 . 2012-11-23 03:47 -------- d-----w- C:\Update
2012-11-23 02:06 . 2012-11-23 02:06 -------- d-----w- c:\users\Liv\AppData\Roaming\SUPERAntiSpyware.com
2012-11-23 02:06 . 2012-11-23 02:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-23 02:06 . 2012-11-23 02:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-17 20:26 . 2012-11-17 20:26 -------- dc-h--w- c:\programdata\{54907AB1-7CB5-448D-8FED-78973B1D2830}
2012-11-16 15:27 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 15:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 15:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 15:16 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-16 15:16 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 05:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 05:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 05:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 05:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 05:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 05:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 05:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 19:54 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 19:54 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:35 . 2012-11-15 01:35 -------- d-----w- C:\IORRT
2012-11-13 21:14 . 2012-11-13 21:14 -------- d-----w- c:\program files (x86)\Coupons.com CouponBar
2012-11-12 20:35 . 2012-11-12 20:35 -------- d-----w- c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-12 20:29 . 2012-11-12 20:30 -------- d-----w- c:\program files (x86)\GUMDC5C.tmp
2012-11-12 20:21 . 2012-12-06 14:39 -------- d-----w- c:\users\TEST
2012-11-12 18:41 . 2012-11-12 18:41 -------- d-----w- c:\users\Liv\AppData\Local\MyTechGurus
2012-11-12 18:41 . 2012-11-12 18:41 -------- d-----w- c:\programdata\MyTechGurus
2012-11-12 18:17 . 2012-11-14 16:39 -------- d-----w- c:\users\Liv\AppData\Local\LogMeIn Rescue Applet
2012-11-11 15:50 . 2012-12-02 14:03 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-11 15:50 . 2012-11-11 15:50 -------- d-----w- c:\windows\system32\Macromed
2012-11-08 23:11 . 2012-11-08 23:14 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 21:12 . 2011-09-24 16:08 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-02 21:10 . 2011-09-24 16:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-02 14:03 . 2012-02-01 01:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-16 15:13 . 2011-11-28 21:46 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 08:49 . 2012-10-25 08:49 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 17:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:26 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-10 07:22 . 2012-10-10 07:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 07:22 . 2012-10-10 07:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 07:22 . 2012-10-10 07:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 07:22 . 2012-10-10 07:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 07:22 . 2012-10-10 07:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 07:22 . 2012-10-10 07:22 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 07:22 . 2012-10-10 07:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 07:22 . 2012-10-10 07:22 10673664 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-10-10 07:22 . 2012-10-10 07:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 07:22 . 2012-10-10 07:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 07:22 . 2012-10-10 07:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 07:22 . 2012-10-10 07:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 07:22 . 2012-10-10 07:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 07:22 . 2011-03-28 07:04 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 07:22 . 2011-03-28 07:04 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 07:22 . 2012-10-10 07:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 07:22 . 2012-10-10 07:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 07:22 . 2012-10-10 07:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 07:22 . 2012-10-10 07:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 07:22 . 2012-10-10 07:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 07:22 . 2012-10-10 07:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 07:22 . 2012-10-10 07:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 07:22 . 2012-10-10 07:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 07:22 . 2012-10-10 07:22 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
2012-10-10 07:22 . 2012-10-10 07:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 07:22 . 2012-10-10 07:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 07:22 . 2011-03-28 07:04 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 07:22 . 2011-03-28 07:04 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 07:22 . 2012-10-10 07:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 07:22 . 2012-10-10 07:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 07:22 . 2012-10-10 07:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 07:22 . 2012-10-10 07:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 07:22 . 2012-10-10 07:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 07:22 . 2012-10-10 07:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 07:22 . 2012-10-10 07:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 07:22 . 2012-10-10 07:22 12887040 ----a-w- c:\windows\system32\ig4icd64.dll
2012-10-10 07:22 . 2012-10-10 07:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 07:22 . 2012-10-10 07:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 07:22 . 2012-10-10 07:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 07:22 . 2012-10-10 07:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 07:22 . 2012-10-10 07:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 07:22 . 2012-10-10 07:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 07:22 . 2012-10-10 07:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 07:22 . 2012-10-10 07:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 07:22 . 2012-10-10 07:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 07:22 . 2012-10-10 07:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 07:22 . 2012-10-10 07:22 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
2012-10-10 07:22 . 2012-10-10 07:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 07:22 . 2012-10-10 07:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 07:22 . 2012-10-10 07:22 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-10-10 07:22 . 2012-10-10 07:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 07:22 . 2012-10-10 07:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 07:22 . 2012-10-10 07:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 07:22 . 2012-10-10 07:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 07:22 . 2012-10-10 07:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 07:22 . 2011-03-28 07:04 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-10 07:22 . 2012-10-10 07:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 07:22 . 2012-10-10 07:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-10 07:22 . 2012-10-10 07:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-09 14:52 . 2012-02-11 04:34 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 03:54 . 2012-08-23 16:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 04:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 04:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-10-13 2701752]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Liv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-28 1817088]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-28 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 14:03]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167750879-2311690763-2497449094-1005Core.job
- c:\users\Liv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 04:32]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167750879-2311690763-2497449094-1005UA.job
- c:\users\Liv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 08:41:03
ComboFix-quarantined-files.txt 2012-12-07 13:41
.
Pre-Run: 430,961,192,960 bytes free
Post-Run: 430,688,251,904 bytes free
.
- - End Of File - - FC1C053B6EFBE9AA2D4280056A7E4FE3
  • 0

#21
kenomikes
Posted 07 December 2012 - 08:18 AM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Check disk log

Thanks again, will be offline till later today, thanks for helping.

Mike




The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
248 large file records processed.

0 bad file records processed.

0 EA records processed.

48 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
27342 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

477425687 KB total disk space.
56935284 KB in 109830 files.
63416 KB in 27343 indexes.
0 KB in bad sectors.
273303 KB in use by the system.
65536 KB occupied by the log file.
420153684 KB available on disk.

4096 bytes in each allocation unit.
119356421 total allocation units on disk.
105038421 allocation units available on disk.
  • 0

#22
Dakeyras
Posted 07 December 2012 - 05:06 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Troubleshooter said it reset windows adapter. Said problems found with adapter or access point.

OK let me know if this occurs again and advised to reset. Quite feasible either the hard-ware is at fault though the actual driver may be corrupted due to malware that has been removed prior and or still present for example. If the driver we can consider a driver update/reinstall.

Anyway too reiterate, if the same occurs again by all means perform a reset and inform myself etc.

Is the installed Coupon related software used much at all? Reason asking, the software in itself is not exactly classed as malware but it can install dubious third party elements etc.

Plus the use of the installed P2P software can be somewhat perilous due to the fact criminals have "planted" thousands upon thousands of infections in the "free" shared files for example.

Anyway as a precaution we will reset some basic protocols via a custom batch file as follows...

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Quote Box(do not copy the word quote) below into Notepad:

@echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
netsh advfirewall reset
netsh advfirewall set allprofiles state on
shutdown -r -t 1
del %0

  • Go to File >> Save As
  • Save File name as Dakeyras.bat
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to the desktop.

  • Right-click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#23
kenomikes
Posted 08 December 2012 - 08:13 AM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,







09:07:34.0224 4144 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:07:34.0583 4144 ============================================================
09:07:34.0583 4144 Current date / time: 2012/12/08 09:07:34.0583
09:07:34.0583 4144 SystemInfo:
09:07:34.0583 4144
09:07:34.0583 4144 OS Version: 6.1.7601 ServicePack: 1.0
09:07:34.0583 4144 Product type: Workstation
09:07:34.0583 4144 ComputerName: LIV-VAIO
09:07:34.0583 4144 UserName: Liv
09:07:34.0583 4144 Windows directory: C:\Windows
09:07:34.0583 4144 System windows directory: C:\Windows
09:07:34.0583 4144 Running under WOW64
09:07:34.0583 4144 Processor architecture: Intel x64
09:07:34.0583 4144 Number of processors: 4
09:07:34.0583 4144 Page size: 0x1000
09:07:34.0583 4144 Boot type: Normal boot
09:07:34.0583 4144 ============================================================
09:07:35.0519 4144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:07:35.0534 4144 ============================================================
09:07:35.0534 4144 \Device\Harddisk0\DR0:
09:07:35.0534 4144 MBR partitions:
09:07:35.0534 4144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14B5800, BlocksNum 0x32000
09:07:35.0534 4144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14E7800, BlocksNum 0x38E9E030
09:07:35.0534 4144 ============================================================
09:07:35.0581 4144 C: <-> \Device\Harddisk0\DR0\Partition2
09:07:35.0581 4144 ============================================================
09:07:35.0581 4144 Initialize success
09:07:35.0581 4144 ============================================================
09:08:55.0250 0492 ============================================================
09:08:55.0250 0492 Scan started
09:08:55.0250 0492 Mode: Manual; SigCheck; TDLFS;
09:08:55.0250 0492 ============================================================
09:08:55.0422 0492 ================ Scan system memory ========================
09:08:55.0422 0492 System memory - ok
09:08:55.0422 0492 ================ Scan services =============================
09:08:55.0578 0492 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:08:55.0640 0492 !SASCORE - ok
09:08:55.0812 0492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:08:55.0874 0492 1394ohci - ok
09:08:55.0984 0492 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:08:56.0015 0492 ACDaemon - ok
09:08:56.0046 0492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:08:56.0077 0492 ACPI - ok
09:08:56.0093 0492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:08:56.0171 0492 AcpiPmi - ok
09:08:56.0311 0492 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:08:56.0342 0492 AdobeFlashPlayerUpdateSvc - ok
09:08:56.0405 0492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:08:56.0420 0492 adp94xx - ok
09:08:56.0452 0492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:08:56.0483 0492 adpahci - ok
09:08:56.0530 0492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:08:56.0545 0492 adpu320 - ok
09:08:56.0576 0492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:08:56.0717 0492 AeLookupSvc - ok
09:08:56.0764 0492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:08:56.0826 0492 AFD - ok
09:08:56.0857 0492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:08:56.0888 0492 agp440 - ok
09:08:56.0920 0492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:08:56.0982 0492 ALG - ok
09:08:57.0029 0492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:08:57.0044 0492 aliide - ok
09:08:57.0060 0492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:08:57.0076 0492 amdide - ok
09:08:57.0076 0492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:08:57.0122 0492 AmdK8 - ok
09:08:57.0138 0492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:08:57.0169 0492 AmdPPM - ok
09:08:57.0200 0492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:08:57.0216 0492 amdsata - ok
09:08:57.0263 0492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:08:57.0294 0492 amdsbs - ok
09:08:57.0325 0492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:08:57.0341 0492 amdxata - ok
09:08:57.0388 0492 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
09:08:57.0450 0492 androidusb - ok
09:08:57.0497 0492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:08:57.0746 0492 AppID - ok
09:08:57.0778 0492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:08:57.0824 0492 AppIDSvc - ok
09:08:57.0856 0492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:08:57.0902 0492 Appinfo - ok
09:08:57.0949 0492 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:08:57.0980 0492 Apple Mobile Device - ok
09:08:58.0027 0492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:08:58.0058 0492 arc - ok
09:08:58.0058 0492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:08:58.0074 0492 arcsas - ok
09:08:58.0105 0492 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:08:58.0121 0492 ArcSoftKsUFilter - ok
09:08:58.0214 0492 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:08:58.0246 0492 aspnet_state - ok
09:08:58.0277 0492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:08:58.0355 0492 AsyncMac - ok
09:08:58.0386 0492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:08:58.0386 0492 atapi - ok
09:08:58.0495 0492 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:08:58.0589 0492 athr - ok
09:08:58.0636 0492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:08:58.0682 0492 AudioEndpointBuilder - ok
09:08:58.0698 0492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:08:58.0729 0492 AudioSrv - ok
09:08:58.0776 0492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:08:58.0854 0492 AxInstSV - ok
09:08:58.0885 0492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:08:58.0948 0492 b06bdrv - ok
09:08:58.0979 0492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:08:59.0010 0492 b57nd60a - ok
09:08:59.0041 0492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:08:59.0088 0492 BDESVC - ok
09:08:59.0119 0492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:08:59.0213 0492 Beep - ok
09:08:59.0260 0492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:08:59.0322 0492 BFE - ok
09:08:59.0353 0492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
09:08:59.0416 0492 BITS - ok
09:08:59.0447 0492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:08:59.0478 0492 blbdrive - ok
09:08:59.0540 0492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:08:59.0572 0492 Bonjour Service - ok
09:08:59.0650 0492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:08:59.0696 0492 bowser - ok
09:08:59.0728 0492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:08:59.0759 0492 BrFiltLo - ok
09:08:59.0759 0492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:08:59.0774 0492 BrFiltUp - ok
09:08:59.0821 0492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:08:59.0868 0492 BridgeMP - ok
09:08:59.0915 0492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:08:59.0946 0492 Browser - ok
09:08:59.0962 0492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:09:00.0024 0492 Brserid - ok
09:09:00.0055 0492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:09:00.0086 0492 BrSerWdm - ok
09:09:00.0086 0492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:09:00.0118 0492 BrUsbMdm - ok
09:09:00.0149 0492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:09:00.0164 0492 BrUsbSer - ok
09:09:00.0164 0492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:09:00.0196 0492 BTHMODEM - ok
09:09:00.0211 0492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:09:00.0274 0492 bthserv - ok
09:09:00.0289 0492 catchme - ok
09:09:00.0320 0492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:09:00.0352 0492 cdfs - ok
09:09:00.0414 0492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:09:00.0461 0492 cdrom - ok
09:09:00.0492 0492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:09:00.0554 0492 CertPropSvc - ok
09:09:00.0586 0492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:09:00.0601 0492 circlass - ok
09:09:00.0632 0492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:09:00.0679 0492 CLFS - ok
09:09:00.0726 0492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:09:00.0757 0492 clr_optimization_v2.0.50727_32 - ok
09:09:00.0804 0492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:09:00.0835 0492 clr_optimization_v2.0.50727_64 - ok
09:09:00.0913 0492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:09:00.0944 0492 clr_optimization_v4.0.30319_32 - ok
09:09:00.0976 0492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:09:00.0976 0492 clr_optimization_v4.0.30319_64 - ok
09:09:01.0022 0492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:09:01.0054 0492 CmBatt - ok
09:09:01.0069 0492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:09:01.0085 0492 cmdide - ok
09:09:01.0147 0492 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
09:09:01.0210 0492 CNG - ok
09:09:01.0288 0492 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:09:01.0334 0492 CnxtHdAudService - ok
09:09:01.0366 0492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:09:01.0381 0492 Compbatt - ok
09:09:01.0397 0492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:09:01.0428 0492 CompositeBus - ok
09:09:01.0444 0492 COMSysApp - ok
09:09:01.0537 0492 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:09:01.0568 0492 cphs - ok
09:09:01.0615 0492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:09:01.0646 0492 crcdisk - ok
09:09:01.0693 0492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:09:01.0724 0492 CryptSvc - ok
09:09:01.0818 0492 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:09:01.0849 0492 cvhsvc - ok
09:09:01.0896 0492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:09:01.0974 0492 DcomLaunch - ok
09:09:02.0005 0492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:09:02.0052 0492 defragsvc - ok
09:09:02.0068 0492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:09:02.0114 0492 DfsC - ok
09:09:02.0161 0492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:09:02.0208 0492 Dhcp - ok
09:09:02.0239 0492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:09:02.0286 0492 discache - ok
09:09:02.0317 0492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:09:02.0333 0492 Disk - ok
09:09:02.0348 0492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:09:02.0411 0492 Dnscache - ok
09:09:02.0442 0492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:09:02.0504 0492 dot3svc - ok
09:09:02.0520 0492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:09:02.0567 0492 DPS - ok
09:09:02.0598 0492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:09:02.0614 0492 drmkaud - ok
09:09:02.0645 0492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:09:02.0660 0492 DXGKrnl - ok
09:09:02.0707 0492 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
09:09:02.0738 0492 e1yexpress - ok
09:09:02.0770 0492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:09:02.0832 0492 EapHost - ok
09:09:02.0926 0492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:09:03.0019 0492 ebdrv - ok
09:09:03.0035 0492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:09:03.0066 0492 EFS - ok
09:09:03.0128 0492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:09:03.0191 0492 ehRecvr - ok
09:09:03.0206 0492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:09:03.0222 0492 ehSched - ok
09:09:03.0269 0492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:09:03.0300 0492 elxstor - ok
09:09:03.0347 0492 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
09:09:03.0378 0492 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
09:09:03.0378 0492 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
09:09:03.0472 0492 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
09:09:03.0518 0492 EPSON_EB_RPCV4_01 - ok
09:09:03.0565 0492 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
09:09:03.0596 0492 EPSON_PM_RPCV4_01 - ok
09:09:03.0612 0492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:09:03.0643 0492 ErrDev - ok
09:09:03.0674 0492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:09:03.0737 0492 EventSystem - ok
09:09:03.0768 0492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:09:03.0815 0492 exfat - ok
09:09:03.0815 0492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:09:03.0877 0492 fastfat - ok
09:09:03.0908 0492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:09:03.0986 0492 Fax - ok
09:09:04.0002 0492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:09:04.0033 0492 fdc - ok
09:09:04.0064 0492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:09:04.0111 0492 fdPHost - ok
09:09:04.0127 0492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:09:04.0158 0492 FDResPub - ok
09:09:04.0174 0492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:09:04.0189 0492 FileInfo - ok
09:09:04.0220 0492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:09:04.0267 0492 Filetrace - ok
09:09:04.0283 0492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:09:04.0283 0492 flpydisk - ok
09:09:04.0314 0492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:09:04.0330 0492 FltMgr - ok
09:09:04.0376 0492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:09:04.0439 0492 FontCache - ok
09:09:04.0486 0492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:09:04.0501 0492 FontCache3.0.0.0 - ok
09:09:04.0517 0492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:09:04.0532 0492 FsDepends - ok
09:09:04.0564 0492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:09:04.0579 0492 Fs_Rec - ok
09:09:04.0626 0492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:09:04.0642 0492 fvevol - ok
09:09:04.0657 0492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:09:04.0657 0492 gagp30kx - ok
09:09:04.0688 0492 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:09:04.0704 0492 GEARAspiWDM - ok
09:09:04.0751 0492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:09:04.0813 0492 gpsvc - ok
09:09:04.0844 0492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:09:04.0891 0492 hcw85cir - ok
09:09:04.0922 0492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:09:04.0969 0492 HdAudAddService - ok
09:09:05.0016 0492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:09:05.0047 0492 HDAudBus - ok
09:09:05.0063 0492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:09:05.0078 0492 HidBatt - ok
09:09:05.0094 0492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:09:05.0110 0492 HidBth - ok
09:09:05.0125 0492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:09:05.0141 0492 HidIr - ok
09:09:05.0172 0492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:09:05.0234 0492 hidserv - ok
09:09:05.0297 0492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:09:05.0328 0492 HidUsb - ok
09:09:05.0359 0492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:09:05.0406 0492 hkmsvc - ok
09:09:05.0406 0492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:09:05.0437 0492 HomeGroupListener - ok
09:09:05.0468 0492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:09:05.0500 0492 HomeGroupProvider - ok
09:09:05.0531 0492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:09:05.0531 0492 HpSAMD - ok
09:09:05.0562 0492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:09:05.0609 0492 HTTP - ok
09:09:05.0640 0492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:09:05.0671 0492 hwpolicy - ok
09:09:05.0687 0492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:09:05.0718 0492 i8042prt - ok
09:09:05.0734 0492 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
09:09:05.0765 0492 iaStor - ok
09:09:05.0843 0492 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:09:05.0874 0492 IAStorDataMgrSvc - ok
09:09:05.0921 0492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:09:05.0952 0492 iaStorV - ok
09:09:06.0077 0492 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:09:06.0280 0492 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
09:09:06.0280 0492 IconMan_R - detected UnsignedFile.Multi.Generic (1)
09:09:06.0342 0492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:09:06.0389 0492 idsvc - ok
09:09:06.0545 0492 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:09:06.0748 0492 igfx - ok
09:09:06.0779 0492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:09:06.0794 0492 iirsp - ok
09:09:06.0826 0492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:09:06.0888 0492 IKEEXT - ok
09:09:06.0935 0492 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:09:06.0950 0492 IntcDAud - ok
09:09:06.0966 0492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:09:06.0982 0492 intelide - ok
09:09:06.0997 0492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:09:07.0028 0492 intelppm - ok
09:09:07.0060 0492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:09:07.0122 0492 IPBusEnum - ok
09:09:07.0138 0492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:09:07.0169 0492 IpFilterDriver - ok
09:09:07.0216 0492 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:09:07.0262 0492 iphlpsvc - ok
09:09:07.0309 0492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:09:07.0340 0492 IPMIDRV - ok
09:09:07.0372 0492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:09:07.0418 0492 IPNAT - ok
09:09:07.0512 0492 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:09:07.0543 0492 iPod Service - ok
09:09:07.0574 0492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:09:07.0606 0492 IRENUM - ok
09:09:07.0621 0492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:09:07.0637 0492 isapnp - ok
09:09:07.0652 0492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:09:07.0684 0492 iScsiPrt - ok
09:09:07.0699 0492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:09:07.0715 0492 kbdclass - ok
09:09:07.0730 0492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:09:07.0762 0492 kbdhid - ok
09:09:07.0793 0492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:09:07.0808 0492 KeyIso - ok
09:09:07.0840 0492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:09:07.0855 0492 KSecDD - ok
09:09:07.0886 0492 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:09:07.0902 0492 KSecPkg - ok
09:09:07.0933 0492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:09:07.0980 0492 ksthunk - ok
09:09:08.0011 0492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:09:08.0058 0492 KtmRm - ok
09:09:08.0105 0492 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:09:08.0105 0492 L1C - ok
09:09:08.0152 0492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:09:08.0230 0492 LanmanServer - ok
09:09:08.0261 0492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:09:08.0308 0492 LanmanWorkstation - ok
09:09:08.0339 0492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:09:08.0386 0492 lltdio - ok
09:09:08.0417 0492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:09:08.0464 0492 lltdsvc - ok
09:09:08.0479 0492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:09:08.0510 0492 lmhosts - ok
09:09:08.0573 0492 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:09:08.0604 0492 LMS - ok
09:09:08.0635 0492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:09:08.0651 0492 LSI_FC - ok
09:09:08.0651 0492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:09:08.0666 0492 LSI_SAS - ok
09:09:08.0666 0492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:09:08.0682 0492 LSI_SAS2 - ok
09:09:08.0682 0492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:09:08.0698 0492 LSI_SCSI - ok
09:09:08.0729 0492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:09:08.0776 0492 luafv - ok
09:09:08.0822 0492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:09:08.0822 0492 Mcx2Svc - ok
09:09:08.0838 0492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:09:08.0854 0492 megasas - ok
09:09:08.0885 0492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:09:08.0900 0492 MegaSR - ok
09:09:08.0916 0492 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:09:08.0932 0492 MEIx64 - ok
09:09:08.0994 0492 Microsoft SharePoint Workspace Audit Service - ok
09:09:09.0025 0492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:09:09.0088 0492 MMCSS - ok
09:09:09.0103 0492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:09:09.0181 0492 Modem - ok
09:09:09.0197 0492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:09:09.0228 0492 monitor - ok
09:09:09.0244 0492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:09:09.0259 0492 mouclass - ok
09:09:09.0275 0492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:09:09.0290 0492 mouhid - ok
09:09:09.0322 0492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:09:09.0337 0492 mountmgr - ok
09:09:09.0384 0492 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:09:09.0415 0492 MpFilter - ok
09:09:09.0446 0492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:09:09.0462 0492 mpio - ok
09:09:09.0493 0492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:09:09.0524 0492 mpsdrv - ok
09:09:09.0665 0492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:09:09.0743 0492 MpsSvc - ok
09:09:09.0758 0492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:09:09.0790 0492 MRxDAV - ok
09:09:09.0821 0492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:09:09.0868 0492 mrxsmb - ok
09:09:09.0899 0492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:09:09.0914 0492 mrxsmb10 - ok
09:09:09.0914 0492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:09:09.0930 0492 mrxsmb20 - ok
09:09:09.0946 0492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:09:09.0961 0492 msahci - ok
09:09:09.0961 0492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:09:09.0977 0492 msdsm - ok
09:09:09.0992 0492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:09:10.0008 0492 MSDTC - ok
09:09:10.0039 0492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:09:10.0070 0492 Msfs - ok
09:09:10.0117 0492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:09:10.0195 0492 mshidkmdf - ok
09:09:10.0211 0492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:09:10.0226 0492 msisadrv - ok
09:09:10.0273 0492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:09:10.0320 0492 MSiSCSI - ok
09:09:10.0320 0492 msiserver - ok
09:09:10.0336 0492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:09:10.0382 0492 MSKSSRV - ok
09:09:10.0460 0492 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:09:10.0476 0492 MsMpSvc - ok
09:09:10.0507 0492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:09:10.0554 0492 MSPCLOCK - ok
09:09:10.0570 0492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:09:10.0616 0492 MSPQM - ok
09:09:10.0648 0492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:09:10.0663 0492 MsRPC - ok
09:09:10.0679 0492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:09:10.0694 0492 mssmbios - ok
09:09:10.0710 0492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:09:10.0772 0492 MSTEE - ok
09:09:10.0788 0492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:09:10.0804 0492 MTConfig - ok
09:09:10.0819 0492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:09:10.0819 0492 Mup - ok
09:09:10.0866 0492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:09:10.0913 0492 napagent - ok
09:09:10.0960 0492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:09:10.0991 0492 NativeWifiP - ok
09:09:11.0053 0492 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:09:11.0084 0492 NDIS - ok
09:09:11.0131 0492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:09:11.0162 0492 NdisCap - ok
09:09:11.0194 0492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:09:11.0225 0492 NdisTapi - ok
09:09:11.0240 0492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:09:11.0287 0492 Ndisuio - ok
09:09:11.0303 0492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:09:11.0350 0492 NdisWan - ok
09:09:11.0365 0492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:09:11.0396 0492 NDProxy - ok
09:09:11.0428 0492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:09:11.0474 0492 NetBIOS - ok
09:09:11.0490 0492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:09:11.0537 0492 NetBT - ok
09:09:11.0552 0492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:09:11.0568 0492 Netlogon - ok
09:09:11.0599 0492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:09:11.0646 0492 Netman - ok
09:09:11.0724 0492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:09:11.0740 0492 NetMsmqActivator - ok
09:09:11.0755 0492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:09:11.0771 0492 NetPipeActivator - ok
09:09:11.0818 0492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:09:11.0896 0492 netprofm - ok
09:09:11.0911 0492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:09:11.0927 0492 NetTcpActivator - ok
09:09:11.0927 0492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:09:11.0942 0492 NetTcpPortSharing - ok
09:09:11.0974 0492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:09:11.0974 0492 nfrd960 - ok
09:09:12.0052 0492 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:09:12.0083 0492 NisDrv - ok
09:09:12.0145 0492 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:09:12.0192 0492 NisSrv - ok
09:09:12.0239 0492 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:09:12.0270 0492 NlaSvc - ok
09:09:12.0286 0492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:09:12.0317 0492 Npfs - ok
09:09:12.0348 0492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:09:12.0395 0492 nsi - ok
09:09:12.0410 0492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:09:12.0457 0492 nsiproxy - ok
09:09:12.0520 0492 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:09:12.0582 0492 Ntfs - ok
09:09:12.0613 0492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:09:12.0644 0492 Null - ok
09:09:12.0863 0492 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:09:13.0206 0492 nvlddmkm - ok
09:09:13.0237 0492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:09:13.0253 0492 nvraid - ok
09:09:13.0268 0492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:09:13.0284 0492 nvstor - ok
09:09:13.0331 0492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:09:13.0331 0492 nv_agp - ok
09:09:13.0393 0492 [ 07D0A535A44DD048EE346853B0BB9349 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
09:09:13.0424 0492 Oasis2Service ( UnsignedFile.Multi.Generic ) - warning
09:09:13.0424 0492 Oasis2Service - detected UnsignedFile.Multi.Generic (1)
09:09:13.0424 0492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:09:13.0456 0492 ohci1394 - ok
09:09:13.0471 0492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:09:13.0487 0492 ose - ok
09:09:13.0643 0492 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:09:13.0814 0492 osppsvc - ok
09:09:13.0846 0492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:09:13.0892 0492 p2pimsvc - ok
09:09:13.0924 0492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:09:13.0939 0492 p2psvc - ok
09:09:13.0970 0492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:09:13.0986 0492 Parport - ok
09:09:14.0017 0492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:09:14.0017 0492 partmgr - ok
09:09:14.0048 0492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:09:14.0095 0492 PcaSvc - ok
09:09:14.0111 0492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:09:14.0142 0492 pci - ok
09:09:14.0158 0492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:09:14.0173 0492 pciide - ok
09:09:14.0189 0492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:09:14.0204 0492 pcmcia - ok
09:09:14.0220 0492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:09:14.0236 0492 pcw - ok
09:09:14.0251 0492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:09:14.0314 0492 PEAUTH - ok
09:09:14.0392 0492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:09:14.0423 0492 PerfHost - ok
09:09:14.0485 0492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:09:14.0579 0492 pla - ok
09:09:14.0626 0492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:09:14.0657 0492 PlugPlay - ok
09:09:14.0735 0492 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:09:14.0782 0492 PMBDeviceInfoProvider - ok
09:09:14.0797 0492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:09:14.0828 0492 PNRPAutoReg - ok
09:09:14.0860 0492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:09:14.0875 0492 PNRPsvc - ok
09:09:14.0906 0492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:09:14.0953 0492 PolicyAgent - ok
09:09:14.0984 0492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:09:15.0062 0492 Power - ok
09:09:15.0109 0492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:09:15.0172 0492 PptpMiniport - ok
09:09:15.0187 0492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:09:15.0218 0492 Processor - ok
09:09:15.0265 0492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:09:15.0328 0492 ProfSvc - ok
09:09:15.0343 0492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:09:15.0374 0492 ProtectedStorage - ok
09:09:15.0374 0492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:09:15.0437 0492 Psched - ok
09:09:15.0484 0492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:09:15.0515 0492 ql2300 - ok
09:09:15.0530 0492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:09:15.0546 0492 ql40xx - ok
09:09:15.0577 0492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:09:15.0593 0492 QWAVE - ok
09:09:15.0624 0492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:09:15.0655 0492 QWAVEdrv - ok
09:09:15.0671 0492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:09:15.0702 0492 RasAcd - ok
09:09:15.0733 0492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:09:15.0780 0492 RasAgileVpn - ok
09:09:15.0796 0492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:09:15.0842 0492 RasAuto - ok
09:09:15.0889 0492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:09:15.0952 0492 Rasl2tp - ok
09:09:15.0983 0492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:09:16.0045 0492 RasMan - ok
09:09:16.0061 0492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:09:16.0123 0492 RasPppoe - ok
09:09:16.0123 0492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:09:16.0170 0492 RasSstp - ok
09:09:16.0186 0492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:09:16.0232 0492 rdbss - ok
09:09:16.0264 0492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:09:16.0279 0492 rdpbus - ok
09:09:16.0295 0492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:09:16.0342 0492 RDPCDD - ok
09:09:16.0357 0492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:09:16.0404 0492 RDPENCDD - ok
09:09:16.0435 0492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:09:16.0466 0492 RDPREFMP - ok
09:09:16.0513 0492 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:09:16.0576 0492 RdpVideoMiniport - ok
09:09:16.0638 0492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:09:16.0669 0492 RDPWD - ok
09:09:16.0685 0492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:09:16.0700 0492 rdyboost - ok
09:09:16.0732 0492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:09:16.0810 0492 RemoteAccess - ok
09:09:16.0841 0492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:09:16.0903 0492 RemoteRegistry - ok
09:09:16.0919 0492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:09:16.0950 0492 RpcEptMapper - ok
09:09:16.0981 0492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:09:16.0981 0492 RpcLocator - ok
09:09:17.0028 0492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
09:09:17.0090 0492 RpcSs - ok
09:09:17.0122 0492 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
09:09:17.0137 0492 RSPCIESTOR - ok
09:09:17.0168 0492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:09:17.0200 0492 rspndr - ok
09:09:17.0215 0492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:09:17.0231 0492 SamSs - ok
09:09:17.0278 0492 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:09:17.0309 0492 SASDIFSV - ok
09:09:17.0340 0492 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:09:17.0356 0492 SASKUTIL - ok
09:09:17.0371 0492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:09:17.0402 0492 sbp2port - ok
09:09:17.0434 0492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:09:17.0496 0492 SCardSvr - ok
09:09:17.0512 0492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:09:17.0543 0492 scfilter - ok
09:09:17.0574 0492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:09:17.0636 0492 Schedule - ok
09:09:17.0652 0492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:09:17.0683 0492 SCPolicySvc - ok
09:09:17.0714 0492 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:09:17.0730 0492 sdbus - ok
09:09:17.0761 0492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:09:17.0824 0492 SDRSVC - ok
09:09:17.0855 0492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:09:17.0917 0492 secdrv - ok
09:09:17.0948 0492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:09:17.0980 0492 seclogon - ok
09:09:17.0995 0492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:09:18.0042 0492 SENS - ok
09:09:18.0073 0492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:09:18.0136 0492 SensrSvc - ok
09:09:18.0151 0492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:09:18.0182 0492 Serenum - ok
09:09:18.0214 0492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:09:18.0245 0492 Serial - ok
09:09:18.0260 0492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:09:18.0292 0492 sermouse - ok
09:09:18.0323 0492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:09:18.0370 0492 SessionEnv - ok
09:09:18.0416 0492 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:09:18.0463 0492 SFEP - ok
09:09:18.0463 0492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:09:18.0494 0492 sffdisk - ok
09:09:18.0510 0492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:09:18.0526 0492 sffp_mmc - ok
09:09:18.0557 0492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:09:18.0572 0492 sffp_sd - ok
09:09:18.0588 0492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:09:18.0588 0492 sfloppy - ok
09:09:18.0635 0492 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
09:09:18.0650 0492 Sftfs - ok
09:09:18.0697 0492 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:09:18.0744 0492 sftlist - ok
09:09:18.0775 0492 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:09:18.0806 0492 Sftplay - ok
09:09:18.0822 0492 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:09:18.0822 0492 Sftredir - ok
09:09:18.0853 0492 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
09:09:18.0853 0492 Sftvol - ok
09:09:18.0900 0492 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:09:18.0916 0492 sftvsa - ok
09:09:18.0962 0492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:09:19.0025 0492 SharedAccess - ok
09:09:19.0056 0492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:09:19.0103 0492 ShellHWDetection - ok
09:09:19.0118 0492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:09:19.0134 0492 SiSRaid2 - ok
09:09:19.0150 0492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:09:19.0165 0492 SiSRaid4 - ok
09:09:19.0181 0492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:09:19.0228 0492 Smb - ok
09:09:19.0259 0492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:09:19.0290 0492 SNMPTRAP - ok
09:09:19.0384 0492 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:09:19.0462 0492 SOHCImp - ok
09:09:19.0477 0492 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:09:19.0524 0492 SOHDs - ok
09:09:19.0586 0492 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
09:09:19.0633 0492 SpfService - ok
09:09:19.0649 0492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:09:19.0664 0492 spldr - ok
09:09:19.0696 0492 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:09:19.0727 0492 Spooler - ok
09:09:19.0836 0492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:09:20.0008 0492 sppsvc - ok
09:09:20.0023 0492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:09:20.0054 0492 sppuinotify - ok
09:09:20.0070 0492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:09:20.0117 0492 srv - ok
09:09:20.0148 0492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:09:20.0179 0492 srv2 - ok
09:09:20.0210 0492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:09:20.0226 0492 srvnet - ok
09:09:20.0257 0492 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
09:09:20.0304 0492 ssadbus - ok
09:09:20.0382 0492 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:09:20.0460 0492 ssadmdfl - ok
09:09:20.0476 0492 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
09:09:20.0507 0492 ssadmdm - ok
09:09:20.0569 0492 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
09:09:20.0616 0492 ssadserd - ok
09:09:20.0694 0492 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
09:09:20.0725 0492 sscdbus - ok
09:09:20.0897 0492 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:09:20.0912 0492 sscdmdfl - ok
09:09:20.0959 0492 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
09:09:20.0990 0492 sscdmdm - ok
09:09:21.0006 0492 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
09:09:21.0037 0492 sscdserd - ok
09:09:21.0146 0492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:09:21.0271 0492 SSDPSRV - ok
09:09:21.0318 0492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:09:21.0380 0492 SstpSvc - ok
09:09:21.0412 0492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:09:21.0443 0492 stexstor - ok
09:09:21.0848 0492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:09:22.0082 0492 stisvc - ok
09:09:22.0145 0492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:09:22.0145 0492 swenum - ok
09:09:22.0301 0492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:09:22.0613 0492 swprv - ok
09:09:22.0660 0492 [ C43E3CA9C672B2EC30B66CCE0B89BD36 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:09:22.0691 0492 SynTP - ok
09:09:22.0862 0492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:09:22.0987 0492 SysMain - ok
09:09:23.0034 0492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:09:23.0128 0492 TabletInputService - ok
09:09:23.0299 0492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:09:23.0425 0492 TapiSrv - ok
09:09:23.0503 0492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:09:23.0550 0492 TBS - ok
09:09:23.0799 0492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:09:23.0893 0492 Tcpip - ok
09:09:24.0267 0492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:09:24.0330 0492 TCPIP6 - ok
09:09:24.0361 0492 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:09:24.0408 0492 tcpipreg - ok
09:09:24.0455 0492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:09:24.0501 0492 TDPIPE - ok
09:09:24.0548 0492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:09:24.0595 0492 TDTCP - ok
09:09:24.0611 0492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:09:24.0689 0492 tdx - ok
09:09:24.0704 0492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:09:24.0720 0492 TermDD - ok
09:09:24.0845 0492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:09:24.0923 0492 TermService - ok
09:09:24.0969 0492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:09:24.0985 0492 Themes - ok
09:09:25.0016 0492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:09:25.0063 0492 THREADORDER - ok
09:09:25.0079 0492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:09:25.0157 0492 TrkWks - ok
09:09:25.0250 0492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:09:25.0313 0492 TrustedInstaller - ok
09:09:25.0328 0492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:09:25.0391 0492 tssecsrv - ok
09:09:25.0484 0492 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:09:25.0547 0492 TsUsbFlt - ok
09:09:25.0671 0492 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:09:25.0687 0492 TsUsbGD - ok
09:09:25.0749 0492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:09:25.0827 0492 tunnel - ok
09:09:25.0874 0492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:09:25.0905 0492 uagp35 - ok
09:09:25.0999 0492 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:09:26.0030 0492 uCamMonitor - ok
09:09:26.0093 0492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:09:26.0186 0492 udfs - ok
09:09:26.0217 0492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:09:26.0233 0492 UI0Detect - ok
09:09:26.0295 0492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:09:26.0342 0492 uliagpkx - ok
09:09:26.0373 0492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:09:26.0420 0492 umbus - ok
09:09:26.0483 0492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:09:26.0529 0492 UmPass - ok
09:09:26.0966 0492 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:09:27.0075 0492 UNS - ok
09:09:27.0169 0492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:09:27.0263 0492 upnphost - ok
09:09:27.0325 0492 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:09:27.0372 0492 USBAAPL64 - ok
09:09:27.0403 0492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:09:27.0465 0492 usbccgp - ok
09:09:27.0497 0492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:09:27.0512 0492 usbcir - ok
09:09:27.0559 0492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:09:27.0590 0492 usbehci - ok
09:09:27.0668 0492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:09:27.0731 0492 usbhub - ok
09:09:27.0762 0492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:09:27.0809 0492 usbohci - ok
09:09:27.0840 0492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:09:27.0887 0492 usbprint - ok
09:09:27.0933 0492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:09:28.0011 0492 USBSTOR - ok
09:09:28.0058 0492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:09:28.0089 0492 usbuhci - ok
09:09:28.0167 0492 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:09:28.0214 0492 usbvideo - ok
09:09:28.0245 0492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:09:28.0323 0492 UxSms - ok
09:09:28.0418 0492 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
09:09:28.0449 0492 VAIO Event Service - ok
09:09:28.0465 0492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:09:28.0480 0492 VaultSvc - ok
09:09:28.0590 0492 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:09:28.0948 0492 VCFw - ok
09:09:29.0026 0492 [ BFFDE5AF83DBEF61F8AFE1781482521D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:09:29.0089 0492 VcmIAlzMgr - ok
09:09:29.0167 0492 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
09:09:29.0401 0492 VcmINSMgr - ok
09:09:29.0479 0492 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
09:09:29.0541 0492 VcmXmlIfHelper - ok
09:09:29.0619 0492 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
09:09:29.0635 0492 VCService - ok
09:09:29.0682 0492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:09:29.0697 0492 vdrvroot - ok
09:09:29.0744 0492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:09:29.0806 0492 vds - ok
09:09:29.0884 0492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:09:29.0931 0492 vga - ok
09:09:29.0947 0492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:09:30.0009 0492 VgaSave - ok
09:09:30.0056 0492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:09:30.0103 0492 vhdmp - ok
09:09:30.0118 0492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:09:30.0134 0492 viaide - ok
09:09:30.0150 0492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:09:30.0181 0492 volmgr - ok
09:09:30.0212 0492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:09:30.0290 0492 volmgrx - ok
09:09:30.0337 0492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:09:30.0368 0492 volsnap - ok
09:09:30.0384 0492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:09:30.0399 0492 vsmraid - ok
09:09:30.0508 0492 [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
09:09:30.0571 0492 VSNService - ok
09:09:30.0867 0492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:09:31.0023 0492 VSS - ok
09:09:31.0117 0492 [ 9C665557B314EAD129555599D94233DB ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
09:09:31.0179 0492 VUAgent - ok
09:09:31.0210 0492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:09:31.0273 0492 vwifibus - ok
09:09:31.0304 0492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:09:31.0335 0492 vwififlt - ok
09:09:31.0413 0492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:09:31.0491 0492 W32Time - ok
09:09:31.0522 0492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:09:31.0554 0492 WacomPen - ok
09:09:31.0569 0492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:09:31.0678 0492 WANARP - ok
09:09:31.0725 0492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:09:31.0772 0492 Wanarpv6 - ok
09:09:31.0928 0492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:09:32.0006 0492 WatAdminSvc - ok
09:09:32.0162 0492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:09:32.0302 0492 wbengine - ok
09:09:32.0365 0492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:09:32.0412 0492 WbioSrvc - ok
09:09:32.0443 0492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:09:32.0490 0492 wcncsvc - ok
09:09:32.0521 0492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:09:32.0568 0492 WcsPlugInService - ok
09:09:32.0599 0492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:09:32.0614 0492 Wd - ok
09:09:32.0724 0492 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:09:32.0786 0492 Wdf01000 - ok
09:09:32.0817 0492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:09:33.0176 0492 WdiServiceHost - ok
09:09:33.0207 0492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:09:33.0223 0492 WdiSystemHost - ok
09:09:33.0316 0492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:09:33.0394 0492 WebClient - ok
09:09:33.0410 0492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:09:33.0488 0492 Wecsvc - ok
09:09:33.0535 0492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:09:33.0597 0492 wercplsupport - ok
09:09:33.0644 0492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:09:33.0691 0492 WerSvc - ok
09:09:33.0722 0492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:09:33.0784 0492 WfpLwf - ok
09:09:33.0816 0492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:09:33.0816 0492 WIMMount - ok
09:09:33.0847 0492 WinDefend - ok
09:09:33.0847 0492 WinHttpAutoProxySvc - ok
09:09:33.0987 0492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:09:34.0050 0492 Winmgmt - ok
09:09:34.0221 0492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:09:34.0408 0492 WinRM - ok
09:09:34.0471 0492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:09:34.0518 0492 WinUsb - ok
09:09:34.0580 0492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:09:34.0658 0492 Wlansvc - ok
09:09:34.0736 0492 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:09:34.0767 0492 wlcrasvc - ok
09:09:35.0079 0492 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:09:35.0157 0492 wlidsvc - ok
09:09:35.0204 0492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:09:35.0235 0492 WmiAcpi - ok
09:09:35.0282 0492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:09:35.0344 0492 wmiApSrv - ok
09:09:35.0391 0492 WMPNetworkSvc - ok
09:09:35.0454 0492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:09:35.0500 0492 WPCSvc - ok
09:09:35.0516 0492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:09:35.0547 0492 WPDBusEnum - ok
09:09:35.0610 0492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:09:35.0656 0492 ws2ifsl - ok
09:09:35.0703 0492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:09:35.0750 0492 wscsvc - ok
09:09:35.0750 0492 WSearch - ok
09:09:36.0046 0492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:09:36.0156 0492 wuauserv - ok
09:09:36.0202 0492 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:09:36.0280 0492 WudfPf - ok
09:09:36.0452 0492 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:09:36.0499 0492 WUDFRd - ok
09:09:36.0546 0492 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:09:36.0592 0492 wudfsvc - ok
09:09:36.0655 0492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:09:36.0717 0492 WwanSvc - ok
09:09:36.0733 0492 ================ Scan global ===============================
09:09:36.0795 0492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:09:36.0842 0492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:09:36.0873 0492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:09:36.0920 0492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:09:36.0967 0492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:09:36.0998 0492 [Global] - ok
09:09:36.0998 0492 ================ Scan MBR ==================================
09:09:37.0014 0492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:09:38.0230 0492 \Device\Harddisk0\DR0 - ok
09:09:38.0230 0492 ================ Scan VBR ==================================
09:09:38.0262 0492 [ 0CC1E4DEF5E7331DA5945A091CA5814D ] \Device\Harddisk0\DR0\Partition1
09:09:38.0277 0492 \Device\Harddisk0\DR0\Partition1 - ok
09:09:38.0308 0492 [ 8C77A7C4DFBA3EB7397AD19D09F56EAF ] \Device\Harddisk0\DR0\Partition2
09:09:38.0324 0492 \Device\Harddisk0\DR0\Partition2 - ok
09:09:38.0324 0492 ============================================================
09:09:38.0324 0492 Scan finished
09:09:38.0324 0492 ============================================================
09:09:38.0355 5764 Detected object count: 3
09:09:38.0355 5764 Actual detected object count: 3
09:10:36.0356 5764 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:36.0356 5764 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:10:36.0356 5764 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:36.0356 5764 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:10:36.0356 5764 Oasis2Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:36.0356 5764 Oasis2Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#24
kenomikes
Posted 08 December 2012 - 08:20 AM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,


I removed the coupon bar, and as far as P2P, do you mean uTorrent? I had removed that earlier when I saw it. I guess she had got some music from there?Is there something else I should remove? I told her not to use those sites. Let me know if i need to remove anythingelse to clean this up.


I ran the batch file and posted log of TDSS killer above.

Hasn't lost connection yet this morning. Liv said it did once or twice yesterday.

Thanks again for your help.

Mike
  • 0

#25
Dakeyras
Posted 08 December 2012 - 03:18 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I removed the coupon bar, and as far as P2P, do you mean uTorrent?

OK and aye that was the P2P software I was referring to etc.

Hasn't lost connection yet this morning. Liv said it did once or twice yesterday.

Acknowledged.

Next:

Post a new OTL for myself too review please and we will go from there...

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, one Notepad file will open named OTL.txt.

  • 0

Advertisements

#26
kenomikes
Posted 08 December 2012 - 05:06 PM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OK,

Here you go.


Thx,

Mike

OTL logfile created on: 12/8/2012 5:58:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liv\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.00% Memory free
7.90 Gb Paging File | 6.18 Gb Available in Paging File | 78.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.31 Gb Total Space | 400.75 Gb Free Space | 88.02% Space Free | Partition Type: NTFS

Computer Name: LIV-VAIO | User Name: Liv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/02 09:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liv\Desktop\OTL.exe
PRC - [2012/11/13 15:17:53 | 001,432,040 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2012/11/13 15:13:30 | 000,060,416 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 02:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/03/05 18:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/23 16:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 13:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/14 15:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/14 01:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 01:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 07:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/11/27 02:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/04/07 11:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 21:41:36 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\294fc5b3a3eb726bcb35558fd1c21aad\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2012/11/18 21:41:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\526e535175775d4c3880f59d6a1463b7\System.Xml.Linq.ni.dll
MOD - [2012/11/18 21:41:06 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d8e39b3f96f52e48499e35d9977e62dc\System.Data.Linq.ni.dll
MOD - [2012/11/18 21:39:48 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\c1ad69b7f48a6dcd540fe5d07d4a4aa3\System.AddIn.Contract.ni.dll
MOD - [2012/11/18 21:36:00 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll
MOD - [2012/11/17 16:38:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 16:38:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll
MOD - [2012/11/17 16:38:31 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll
MOD - [2012/11/17 16:38:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 16:38:05 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\67f6dc95800c3590a2989b287abcf97b\System.AddIn.ni.dll
MOD - [2012/11/16 10:42:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 10:42:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/16 10:42:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 10:41:59 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
MOD - [2012/11/16 10:41:58 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/16 10:41:56 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 10:41:49 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\861f9a52eb8a04cf23742abe07b37c26\System.DirectoryServices.ni.dll
MOD - [2012/11/16 10:41:37 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 10:41:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 10:41:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 10:40:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 10:40:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 10:40:34 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/16 10:40:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 10:40:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 10:40:21 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 10:40:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/11/05 12:52:08 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/09/27 09:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 09:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/21 04:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 23:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/12 17:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 15:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 23:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 23:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/05/24 08:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/03/30 11:09:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/28 12:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/02/19 00:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 00:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 15:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 07:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/20 14:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/02 09:03:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/13 15:13:30 | 000,060,416 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/28 02:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/23 16:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 14:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 14:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/14 01:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/14 01:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 14:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/16 22:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/10 22:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/31 00:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 15:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 11:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 11:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 11:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 11:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/21 04:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/13 05:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 05:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 05:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 05:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 05:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/28 02:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/27 23:12:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 22:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/21 12:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/15 02:42:50 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/14 01:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/02/11 03:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 03:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 03:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 03:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 03:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/04/26 15:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\SearchScopes,DefaultScope = {A25754AD-EFDC-423B-A215-43469FC93111}
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\SearchScopes\{243BBBAF-C6FC-4E0A-90B1-206E5A780F2D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\SearchScopes\{67F056E4-A206-45A2-B763-428746C76BD7}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..\SearchScopes\{A25754AD-EFDC-423B-A215-43469FC93111}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found




========== Chrome ==========

CHR - default_search_provider: Yahoo (By Genieo) (Enabled)
CHR - default_search_provider: search_url = http://us.yhs4.searc...p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Liv\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Liv\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Liv\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Liv\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Liv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/12/07 08:39:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E76A17E-65E4-4B7B-B96F-18B74B601D75}: DhcpNameServer = 192.53.112.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB1D6ED-3C62-4C9D-94CF-89FD9A6BB8F0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 09:06:05 | 000,000,000 | ---D | C] -- C:\Users\Liv\Desktop\tdsskiller
[2012/12/08 08:49:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/07 08:41:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/07 08:24:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/07 08:24:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/07 08:24:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/07 08:24:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/07 08:21:24 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Liv\Desktop\ComboFix.exe
[2012/12/06 16:39:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/04 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\Liv\Desktop\RK_Quarantine
[2012/12/04 16:57:28 | 000,696,153 | ---- | C] (Farbar) -- C:\Users\Liv\Desktop\FSS.exe
[2012/12/03 17:08:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/12/03 17:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/12/03 17:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/12/03 08:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/02 16:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/12/02 16:12:32 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/12/02 16:12:32 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/12/02 16:12:17 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/12/02 16:12:17 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/12/02 16:12:17 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/12/02 16:10:49 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/02 16:10:29 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/02 16:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/12/02 12:55:45 | 000,000,000 | ---D | C] -- C:\Users\Liv\AppData\Local\Microsoft Games
[2012/12/02 09:39:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Liv\Desktop\OTL.exe
[2012/11/30 18:33:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/30 18:33:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/30 18:33:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/30 18:33:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/30 18:33:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/11/30 18:33:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/30 18:33:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/11/30 18:33:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/11/30 18:33:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/11/30 18:33:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/11/30 18:33:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/11/30 18:33:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/11/30 18:33:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/30 18:33:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/11/30 18:33:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/11/30 18:33:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/30 18:33:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/11/30 18:33:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/30 18:33:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/11/30 18:33:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/11/30 18:33:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/11/30 18:33:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/11/30 18:33:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/11/30 18:32:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/11/30 18:32:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/11/30 18:07:55 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/11/30 18:07:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/30 18:07:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/11/30 18:07:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/11/22 22:35:57 | 002,753,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/11/22 22:35:57 | 002,753,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/11/22 22:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros WiFi Driver Installation
[2012/11/22 22:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/11/22 22:31:35 | 000,000,000 | ---D | C] -- C:\Update
[2012/11/22 21:06:59 | 000,000,000 | ---D | C] -- C:\Users\Liv\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/22 21:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/22 21:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/11/22 21:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/17 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger
[2012/11/17 15:26:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}
[2012/11/16 10:27:21 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 10:27:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 10:17:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 10:17:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 10:17:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 10:17:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 10:17:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 10:17:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 10:17:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 10:17:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 10:17:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 10:17:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 10:17:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 10:17:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 10:17:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 10:17:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 10:17:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 00:45:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 00:45:47 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 00:45:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 00:45:47 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 14:55:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 14:55:42 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 14:55:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 14:55:35 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 14:55:35 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 14:55:35 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 14:55:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 14:55:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 14:55:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 14:54:42 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 14:54:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/14 20:35:12 | 000,000,000 | ---D | C] -- C:\IORRT
[2012/11/12 15:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG PC HELPDESK
[2012/11/12 15:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/11/12 13:41:31 | 000,000,000 | ---D | C] -- C:\Users\Liv\AppData\Local\MyTechGurus
[2012/11/12 13:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTechGurus
[2012/11/12 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\Liv\AppData\Local\LogMeIn Rescue Applet
[2012/11/11 10:50:48 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/11 10:50:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/11/08 18:21:27 | 000,000,000 | ---D | C] -- C:\Users\Liv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/08 18:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/08 17:55:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 17:55:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4167750879-2311690763-2497449094-1005UA.job
[2012/12/08 17:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/08 15:22:27 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4167750879-2311690763-2497449094-1005Core.job
[2012/12/08 09:05:35 | 002,195,061 | ---- | M] () -- C:\Users\Liv\Desktop\tdsskiller.zip
[2012/12/08 09:04:46 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 09:04:46 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 09:01:45 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/08 09:01:45 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/08 09:01:45 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/08 08:57:06 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/07 08:39:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/07 08:21:25 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Liv\Desktop\ComboFix.exe
[2012/12/06 08:43:29 | 000,856,731 | ---- | M] () -- C:\Users\Liv\Desktop\SecurityCheck.exe
[2012/12/06 08:41:28 | 000,681,984 | ---- | M] () -- C:\Users\Liv\Desktop\CKScanner.exe
[2012/12/04 17:22:00 | 000,752,128 | ---- | M] () -- C:\Users\Liv\Desktop\RogueKiller.exe
[2012/12/04 16:57:28 | 000,696,153 | ---- | M] (Farbar) -- C:\Users\Liv\Desktop\FSS.exe
[2012/12/04 16:52:52 | 000,540,743 | ---- | M] () -- C:\Users\Liv\Desktop\AdwCleaner.exe
[2012/12/03 17:07:53 | 000,000,888 | ---- | M] () -- C:\Users\Liv\Desktop\NTREGOPT.lnk
[2012/12/03 17:07:53 | 000,000,869 | ---- | M] () -- C:\Users\Liv\Desktop\ERUNT.lnk
[2012/12/02 16:12:07 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/12/02 16:12:04 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/12/02 16:12:03 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/12/02 16:12:03 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/12/02 16:12:01 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/12/02 16:12:01 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/12/02 16:10:23 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/02 16:10:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/02 16:10:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/02 16:10:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/02 16:10:18 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/12/02 09:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liv\Desktop\OTL.exe
[2012/12/02 09:03:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/02 09:03:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/01 21:24:49 | 000,002,477 | ---- | M] () -- C:\Users\Liv\Desktop\Google Chrome.lnk
[2012/11/30 17:19:19 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/11/26 11:18:49 | 000,025,959 | ---- | M] () -- C:\test.xml
[2012/11/22 21:06:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/16 10:38:41 | 000,437,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/12 15:35:37 | 000,002,409 | ---- | M] () -- C:\Users\Public\Desktop\MTG PC HELPDESK .lnk
[2012/11/12 13:34:35 | 000,000,017 | ---- | M] () -- C:\Users\Liv\AppData\Local\resmon.resmoncfg
[2012/11/11 10:52:23 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 18:21:27 | 000,000,219 | ---- | M] () -- C:\Users\Liv\Desktop\Team Fortress 2.url
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/08 09:05:31 | 002,195,061 | ---- | C] () -- C:\Users\Liv\Desktop\tdsskiller.zip
[2012/12/07 08:24:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/07 08:24:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/07 08:24:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/07 08:24:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/07 08:24:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/06 08:43:29 | 000,856,731 | ---- | C] () -- C:\Users\Liv\Desktop\SecurityCheck.exe
[2012/12/06 08:41:27 | 000,681,984 | ---- | C] () -- C:\Users\Liv\Desktop\CKScanner.exe
[2012/12/04 17:21:57 | 000,752,128 | ---- | C] () -- C:\Users\Liv\Desktop\RogueKiller.exe
[2012/12/04 16:52:52 | 000,540,743 | ---- | C] () -- C:\Users\Liv\Desktop\AdwCleaner.exe
[2012/12/03 17:07:53 | 000,000,888 | ---- | C] () -- C:\Users\Liv\Desktop\NTREGOPT.lnk
[2012/12/03 17:07:53 | 000,000,869 | ---- | C] () -- C:\Users\Liv\Desktop\ERUNT.lnk
[2012/11/22 22:35:57 | 000,434,654 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/11/22 22:35:57 | 000,066,623 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/11/22 21:06:56 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/16 10:27:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 00:45:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/12 15:35:37 | 000,002,409 | ---- | C] () -- C:\Users\Public\Desktop\MTG PC HELPDESK .lnk
[2012/11/12 13:34:35 | 000,000,017 | ---- | C] () -- C:\Users\Liv\AppData\Local\resmon.resmoncfg
[2012/11/11 10:50:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/08 18:21:27 | 000,000,219 | ---- | C] () -- C:\Users\Liv\Desktop\Team Fortress 2.url
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/05/06 17:20:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/05 13:11:36 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/11/05 13:11:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/11/05 13:11:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/11/05 13:11:36 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/11/05 13:11:36 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/11/05 13:11:36 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/11/05 13:11:36 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/11/05 13:11:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/11/05 13:11:36 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/11/05 13:11:36 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/11/05 13:11:36 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/11/05 13:11:36 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/11/05 13:11:36 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/11/05 13:11:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/11/05 13:11:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/11/05 13:11:35 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/11/05 13:06:44 | 000,000,090 | ---- | C] () -- C:\Windows\EPART710.ini
[2011/09/24 10:51:03 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/28 02:04:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/28 02:04:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/28 02:04:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 18:03:27 | 000,797,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#27
Dakeyras
Posted 08 December 2012 - 05:58 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Here you go.

Good, lets proceed as follows shall we...

Custom OTL Script:

  • Right-click on OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O15 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-4167750879-2311690763-2497449094-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
[2012/12/03 08:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/17 15:26:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}

:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Coupons.com CouponBar

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

ESET Online Scanner:

Note: You will need to disable the current installed Anti-Virus for the duration of this scan. How to do so can be read here.

Windows 7 users: You will need to to right-click on the the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at :C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Eset Log.

  • 0

#28
kenomikes
Posted 08 December 2012 - 08:19 PM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4167750879-2311690763-2497449094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\genieo.com\yahoo\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4167750879-2311690763-2497449094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\mMSI.dll folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\FA76DC96\933692D3 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\FA76DC96 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\F0C5E6F5\9D08B208 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\F0C5E6F5 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\EDE985F8\70BF3BA9 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\EDE985F8 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\EDD91BBF\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\EDD91BBF folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\E93ABF34\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\E93ABF34 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\DCE19BDE\8E31F345 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\DCE19BDE folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\DAEE0F3D\9E3AA38F folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\DAEE0F3D folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D63FF275\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D63FF275 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D5745109\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D5745109 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D38A7252\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\D38A7252 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\CE31593E\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\CE31593E folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\CBFCBEC0\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\CBFCBEC0 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\C953EA9C\FE888747 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\C953EA9C folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\C7AB3239\C2CBAF2B folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\C7AB3239 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B8E5D7E1\D9C85251 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B8E5D7E1 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B666BBB\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B666BBB folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B2E36EB9\6CB0BBBB folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\B2E36EB9 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\A7B404E7\8E31F345 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\A7B404E7 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9A94A3A3\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9A94A3A3 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9725A27B\A0FBF2EA folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9725A27B folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9708C669\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\9708C669 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\8B017E3C\70BF3BA9 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\8B017E3C folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\7E18B736\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\7E18B736 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\79426B2E\F25C3119 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\79426B2E folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\78FF4926\6F87ABFA folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\78FF4926 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\779A3D42\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\779A3D42 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\6B9AC226\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\6B9AC226 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\5AB8752C\629E4B61 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\5AB8752C folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\5772D9C0\9D08B208 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\5772D9C0 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\521DB589\D4BC555E folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\521DB589 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\4FC8BDA0\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\4FC8BDA0 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\39E7EB80\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\39E7EB80 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\368D7F1F\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\368D7F1F folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\31E2440D\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\31E2440D folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\3123F4D\EA56FFFD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\3123F4D folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\30C7A37F\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\30C7A37F folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\28C78ECD\C6535C71 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\28C78ECD folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\1237FF7D\4230E980 folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE\1237FF7D folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\OFFLINE folder moved successfully.
C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830} folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Ask.com not found.
File\Folder C:\Program Files (x86)\Coupons.com CouponBar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Liv
->Temp folder emptied: 4700910 bytes
->Temporary Internet Files folder emptied: 11986087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7149481 bytes
->Flash cache emptied: 796 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEST
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53470 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12082012_211309

Files\Folders moved on Reboot...
C:\Users\Liv\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF02EC7D100A33A29C.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF0B2D6A22A8A1A93A.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF290D6FFCA414E22F.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF2F529E27B3DF3D51.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF302326CCBB13FDE1.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF306B645A9F0D844E.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF3BA202526C4C46D2.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF61C67CAF681D38F6.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF62AB97BFE6185D74.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF6E5324C58D612F55.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF7A75724865EBD574.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF831ED5AC49CDF56E.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF9085C636D80CF3DB.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DF99CD19F53478E3D6.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFAD98F3163A8100AE.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFB256CCAF80220310.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFB94F612C87A1A5FD.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFBAB0C01523F20BCF.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFC03B8D5CFC145ABE.TMP not found!
File\Folder C:\Users\Liv\AppData\Local\Temp\~DFCF52D2291DFE7D64.TMP not found!
C:\Users\Liv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#29
kenomikes
Posted 09 December 2012 - 07:12 AM

kenomikes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

Having problems running that last ESET scan, laptop freezes, got as far as 23% thru scan when froze. It did say found 1 threat
Win32/BundleInstaller application

Mike
  • 0

#30
Dakeyras
Posted 09 December 2012 - 05:15 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Try this alternative scan instead please as follows...

Panda Online Scan:

Windows 7 users: You will need to to right-click on the IE in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Now please go here to run Panda's ActiveScan

  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...select the option Quick scan then click on the Scan Now button <-- Allow all the UAC(User Access Control prompts)
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP