Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihavenet Virus Entfernung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2013, 13:40   #1
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Problem sicher wie bei vielen anderen auch staendige Umleitungen. Bin fuer jede Hilfe beim Entfernen dankbar. Hier die Reports aus OTL:

OTL:

OTL logfile created on: 07/03/2013 11:20:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.00 Mb Total Physical Memory | 322.80 Mb Available Physical Memory | 31.87% Memory free
1.99 Gb Paging File | 0.92 Gb Available in Paging File | 46.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.77 Gb Total Space | 190.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive D: | 243.24 Mb Total Space | 241.59 Mb Free Space | 99.32% Space Free | Partition Type: FAT

Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation)
PRC - C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\Admload.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (HPSLPSVC) -- C:\Users\Shelagh\AppData\Local\Temp\7zS51AB\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0604010.00E\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys (Symantec Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{5DAD095A-7592-4209-A115-4C33A10B6FEB}: "URL" = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{865958B6-E7DB-4888-A7F5-DC596EF617E8}: "URL" = hxxp://uk.shopping.com/?linkin_id=8056359
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{8EE97BFC-04D8-4BB9-A720-52D223677C11}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63"
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.12.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/28 09:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/03/07 09:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/03 21:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/07 11:10:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions
[2011/06/03 21:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/03/07 11:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions
[2013/03/07 11:09:36 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions\ffxtlbr@delta.com
[2013/03/07 11:09:43 | 000,001,294 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\delta.xml
[2011/06/03 21:00:35 | 000,002,471 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\safesearch.xml
[2013/02/06 11:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 11:10:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 09:17:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN
[2013/02/06 11:10:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/02 20:03:22 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/03/07 11:08:41 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 17:24:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/02 20:03:22 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/02 20:03:22 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/24 18:15:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/02 20:03:22 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [MJPZ] C:\Users\Shelagh\AppData\Roaming\midimapn.dll ()
O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [awde7zip23090] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58833387-8861-4805-8F58-51C3DBDB8960}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0B2680D-B882-4B00-A942-E2C3A5FBAB7D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/07 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/07 11:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/03/07 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/03/07 11:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/03/07 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/03/07 11:09:06 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\BabSolution
[2013/03/07 11:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/03/07 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\Babylon
[2013/02/24 17:43:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/24 17:43:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/24 17:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/24 17:43:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/24 17:43:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/24 17:43:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/24 17:43:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/24 17:43:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/24 16:10:32 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/24 16:10:11 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/24 16:10:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/24 16:10:07 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/24 16:09:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/06 11:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/07 11:21:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 11:17:16 | 000,628,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/07 11:17:16 | 000,110,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/07 11:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/03/07 09:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 09:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 09:15:40 | 000,001,950 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk
[2013/03/07 09:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/07 09:15:03 | 796,655,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/03 18:22:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/03 18:22:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/03 17:23:46 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/03 17:21:32 | 001,669,357 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\Cat.DB
[2013/02/10 10:37:33 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/02/10 10:36:05 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\VT20130115.021
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/02 17:21:18 | 000,118,784 | RHS- | C] () -- C:\Users\Shelagh\AppData\Roaming\midimapn.dll
[2012/03/09 18:32:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/06/03 20:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 03:48:37 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/07 11:09:10 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\BabSolution
[2013/03/07 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\Babylon
[2011/06/03 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\Thunderbird
[2012/10/04 07:22:56 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\TomTom

========== Purity Check ==========



< End of report >


und Extras:

OTL Extras logfile created on: 07/03/2013 11:20:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.00 Mb Total Physical Memory | 322.80 Mb Available Physical Memory | 31.87% Memory free
1.99 Gb Paging File | 0.92 Gb Available in Paging File | 46.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.77 Gb Total Space | 190.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive D: | 243.24 Mb Total Space | 241.59 Mb Free Space | 99.32% Space Free | Partition Type: FAT

Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FEE9D1-BCC1-484F-8F8F-000F84FBFA46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B6BD721-6F47-4EF3-A6D3-30C6A3A1EB4E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C822CED-28E0-40B1-B1EA-6DD5B477EC0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{36AEEED6-06B6-4A2E-9227-957625E7511F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4132BBC4-7002-452A-B572-22219F62CF39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5EC366AA-27E0-4AB1-BC86-B1A256C7CE73}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B8348F2-15C0-404C-922F-5E5851E6AEA8}" = lport=139 | protocol=6 | dir=in | app=system |
"{747D73C1-8B6C-4851-ABE3-CDEA2C6A616D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7F6CA6BC-B53F-40E0-A4C1-DEA72F70EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81D71D02-84DD-432A-BC5F-1BA0413DB254}" = rport=138 | protocol=17 | dir=out | app=system |
"{8248FB61-C9F5-4286-93F8-D7214405C9AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8D4226BA-FBC7-495F-B3FA-B56E595EB88B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B067DE8D-1157-47DE-8076-B8DE3A23BBDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3C8D817-8DE8-45B0-B1DB-7AEB8E36B69C}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB450BA2-E5CB-4FC2-8127-9F9F744D548F}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9BC34B-6A5C-4A7A-A69F-57284C9E5433}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{5E2696E5-8110-465A-9751-C01DFADB389C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60CBE6D8-A7B1-455E-9992-891EEA9CE70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{61589531-F7BE-48D9-972E-5C2B7600F838}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8E558D33-CAC6-489A-8CB1-18595E7CC09E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8EB7C58E-C073-48CE-9C74-B6D6C943926A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{A7C59FB6-1A5E-4266-8902-27E5DC25EB69}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B059C5B1-3458-4A1E-AAB0-05593ACEE4E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D8B0290F-B9B4-4D17-B352-0133F2A4CA49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8F4474D-ECAA-4CED-9C38-402F3EB0C8B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E27CC4A5-7FB4-4472-B53D-01915B237B18}" = protocol=17 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe |
"{EE1FA221-88CB-496B-96DC-1BF6B2D86300}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe |
"{FE6CA35C-0CAB-49BE-8F34-63979161260C}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe |
"{FF048860-50FD-49CC-9514-11CC71026D78}" = protocol=6 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{03F4834E-C91A-4A02-BA50-5B93878B3D0B}" = VAIO Original Function Settings
"{04092C44-FD5D-46EC-BD12-B0D5BCB8E2BD}" = VAIO Content Monitoring Settings
"{045A8E80-A24B-4F16-88B7-20D86C024569}" = VAIO Entertainment Platform
"{05A57A3E-667D-420E-8128-3CC6BE40457D}" = Setup_msm_VCMS_x86
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{10D68787-463C-4133-B15A-F8DF0FC15EE9}" = Setup_VEP_x86_Contain_SSDB
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{82092922-A8C9-4CE0-9284-7A20DB7A525D}" = VAIO Content Metadata XML Interface Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{988A2E30-C8BD-45F8-941C-91C70FD774A8}" = Setup_msm_VOFS_x86
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BEE5AFB8-DFC9-479B-A537-C19C6287C6B2}" = VAIO Content Metadata Intelligent Network Service Manager
"{C2F3460B-0C14-4A85-A330-5D1D5028C496}" = HP Photosmart 5510 series Product Improvement Study
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}" = HP Photosmart 5510 series Basic Device Software
"{D409F3A2-97A7-40D5-BCC0-4CCA1775D9A0}" = VAIO Content Metadata Manager Settings
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E716DBB1-DC04-4116-9C6A-5512A9BC2B30}" = VAIO Content Metadata Intelligent Analyzing Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BFEE6FC237B51D7CD2E0A40D81E188A6ED95001F" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"MarketingTools" = VAIO Marketing Tools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 en-GB)" = Mozilla Firefox 18.0.2 (x86 en-GB)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2012 15:38:09 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8d8 Start
Time: 01ccfe2b0f44f615 Termination Time: 23 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 09/03/2012 15:38:31 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13b0 Start
Time: 01ccfe28e260f99c Termination Time: 66 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 09/03/2012 15:55:46 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 710 Start
Time: 01ccfe2d94ae2bbe Termination Time: 24 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 09/03/2012 16:27:31 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b30 Start
Time: 01ccfe32792c72fa Termination Time: 16 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 09/03/2012 16:27:48 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1628 Start
Time: 01ccfe3128d94507 Termination Time: 16 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 09/03/2012 16:34:34 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002
Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1108 Start
Time: 01ccfe33896d7763 Termination Time: 47 Application Path: C:\Program Files\HP\HP
Photosmart 5510 series\Bin\DeviceSetup.exe Report Id:

Error - 13/05/2012 16:08:20 | Computer Name = Shelagh-VAIO | Source = MsiInstaller | ID = 11921
Description =

Error - 13/05/2012 16:12:32 | Computer Name = Shelagh-VAIO | Source = MsiInstaller | ID = 1023
Description =

Error - 18/11/2012 15:59:10 | Computer Name = Shelagh-VAIO | Source = VSS | ID = 8194
Description =

Error - 30/12/2012 05:49:23 | Computer Name = Shelagh-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'VUAgent' could not be restarted.

[ System Events ]
Error - 20/01/2013 13:18:27 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 20/01/2013 14:13:45 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7043
Description = The Windows Modules Installer service did not shut down properly after
receiving a preshutdown control.

Error - 20/01/2013 14:16:50 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 22/01/2013 13:14:37 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 24/01/2013 14:43:55 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 26/01/2013 13:16:44 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 29/01/2013 12:52:13 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 29/01/2013 15:50:18 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 02/02/2013 11:35:37 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 02/02/2013 12:31:10 | Computer Name = Shelagh-VAIO | Source = DCOM | ID = 10010
Description =


< End of report >

Alt 07.03.2013, 13:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.03.2013, 14:10   #3
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Sorry wegen meiner Unfaehigkeit - werd mich bessern. Weitere Logs hab ich erstmal keine, Norton 360 ist installiert, habe aber keine Log Datei gefunden
__________________

Alt 07.03.2013, 14:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Zitat:
Sorry wegen meiner Unfaehigkeit


Ich hab dir doch keine Unfähigkeit vorgeworfen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2013, 16:07   #5
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Danke fuer eure Hilfe, das war auch nicht boes gemeint

hier die Logs aus GMER und MBAR, hoffentlich klappts jetzt:

GMER
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-07 14:25:05
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232.89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Shelagh\AppData\Local\Temp\uwtiikob.sys


---- System - GMER 2.1 ----

SSDT            85069FD0                                                                                                                              ZwAlertResumeThread
SSDT            84B05388                                                                                                                              ZwAlertThread
SSDT            84916768                                                                                                                              ZwAllocateVirtualMemory
SSDT            8489A318                                                                                                                              ZwAlpcConnectPort
SSDT            85069798                                                                                                                              ZwAssignProcessToJobObject
SSDT            85069D40                                                                                                                              ZwCreateMutant
SSDT            850694B8                                                                                                                              ZwCreateSymbolicLinkObject
SSDT            8493A418                                                                                                                              ZwCreateThread
SSDT            850695A8                                                                                                                              ZwCreateThreadEx
SSDT            85069878                                                                                                                              ZwDebugActiveProcess
SSDT            847E5808                                                                                                                              ZwDuplicateObject
SSDT            84916520                                                                                                                              ZwFreeVirtualMemory
SSDT            85069E30                                                                                                                              ZwImpersonateAnonymousToken
SSDT            85069F10                                                                                                                              ZwImpersonateThread
SSDT            84895498                                                                                                                              ZwLoadDriver
SSDT            84B05998                                                                                                                              ZwMapViewOfSection
SSDT            85069C60                                                                                                                              ZwOpenEvent
SSDT            8493A328                                                                                                                              ZwOpenProcess
SSDT            847E5728                                                                                                                              ZwOpenProcessToken
SSDT            85069AA0                                                                                                                              ZwOpenSection
SSDT            8493AAA8                                                                                                                              ZwOpenThread
SSDT            850696A8                                                                                                                              ZwProtectVirtualMemory
SSDT            84B05468                                                                                                                              ZwResumeThread
SSDT            84B05708                                                                                                                              ZwSetContextThread
SSDT            84B057E8                                                                                                                              ZwSetInformationProcess
SSDT            85069958                                                                                                                              ZwSetSystemInformation
SSDT            85069B80                                                                                                                              ZwSuspendProcess
SSDT            84B05548                                                                                                                              ZwSuspendThread
SSDT            84A378A8                                                                                                                              ZwTerminateProcess
SSDT            84B05628                                                                                                                              ZwTerminateThread
SSDT            84B058D8                                                                                                                              ZwUnmapViewOfSection
SSDT            84916610                                                                                                                              ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                              81C529E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                81C8C1C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                                                                   81C931F0 8 Bytes  [D0, 9F, 06, 85, 88, 53, B0, ...] {RCR BYTE [EDI+0x53888506], 0x1; MOV AL, 0x84}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                   81C93208 4 Bytes  [68, 67, 91, 84]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                                   81C93214 4 Bytes  [18, A3, 89, 84]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                   81C93268 4 Bytes  [98, 97, 06, 85]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                                   81C932E4 4 Bytes  [40, 9D, 06, 85]
.text           ...                                                                                                                                   

---- User code sections - GMER 2.1 ----

.text           C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[7488] USER32.dll!DialogBoxParamW  769C3B9B 5 Bytes  JMP 5C8044C0 C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
.text           C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe[8372] USER32.dll!DialogBoxParamW                                                          769C3B9B 5 Bytes  JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text           C:\Windows\system32\schtasks.exe[8624] USER32.dll!DialogBoxParamW                                                                     769C3B9B 5 Bytes  JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text           C:\Windows\system32\conhost.exe[8916] USER32.dll!DialogBoxParamW                                                                      769C3B9B 5 Bytes  JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text           C:\Windows\system32\taskeng.exe[9148] USER32.dll!DialogBoxParamW                                                                      769C3B9B 5 Bytes  JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text           ...                                                                                                                                   

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                               Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                               Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                              fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ae4f5f5                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313e06b06                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbbba882                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ae4f5f5 (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313e06b06 (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbbba882 (not active ControlSet)                                       

---- EOF - GMER 2.1 ----
         
MBAR
Code:
ATTFilter
Database version: v2013.03.07.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

07/03/2013 14:56:28
mbar-log-2013-03-07 (14-56-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27932
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
im MBAR war kein CleanUp noetig
Gruss


Alt 07.03.2013, 16:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Ihavenet Virus Entfernung

Alt 07.03.2013, 17:10   #7
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



hier die Logs

aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-07 15:34:26
-----------------------------
15:34:26.351    OS Version: Windows 6.1.7601 Service Pack 1
15:34:26.351    Number of processors: 2 586 0x1C0A
15:34:26.351    ComputerName: *****  UserName: *****
15:34:27.599    Initialize success
15:35:48.717    AVAST engine defs: 13030700
15:36:01.087    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:36:01.087    Disk 0 Vendor: WDC_WD2500BEVT-22A23T0 01.01A01 Size: 238475MB BusType: 3
15:36:01.119    Disk 0 MBR read successfully
15:36:01.119    Disk 0 MBR scan
15:36:01.150    Disk 0 Windows 7 default MBR code
15:36:01.165    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         7184 MB offset 2048
15:36:01.197    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 14714880
15:36:01.228    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       231189 MB offset 14919680
15:36:01.243    Disk 0 scanning sectors +488395120
15:36:01.384    Disk 0 scanning C:\Windows\system32\drivers
15:36:21.898    Service scanning
15:37:18.526    Modules scanning
15:37:40.850    Disk 0 trace - called modules:
15:37:40.896    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
15:37:40.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84517030]
15:37:40.912    3 CLASSPNP.SYS[86bb359e] -> nt!IofCallDriver -> [0x84431148]
15:37:40.928    5 ACPI.sys[864ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84434610]
15:37:42.004    AVAST engine scan C:\Windows
15:37:45.888    AVAST engine scan C:\Windows\system32
15:43:10.868    AVAST engine scan C:\Windows\system32\drivers
15:43:37.201    AVAST engine scan C:\Users\Shelagh
15:44:43.922    File: C:\Users\Shelagh\AppData\Roaming\midimapn.dll  **INFECTED** Win32:Malware-gen
15:45:23.687    AVAST engine scan C:\ProgramData
15:47:45.085    Scan finished successfully
15:56:15.316    Disk 0 MBR has been saved successfully to "C:\Users\Shelagh\Desktop\MBR.dat"
15:56:15.331    The log file has been saved successfully to "C:\Users\Shelagh\Desktop\aswMBR.txt"
         
TDSS
Code:
ATTFilter
15:57:03.0572 6740  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:57:03.0852 6740  ============================================================
15:57:03.0852 6740  Current date / time: 2013/03/07 15:57:03.0852
15:57:03.0852 6740  SystemInfo:
15:57:03.0852 6740  
15:57:03.0852 6740  OS Version: 6.1.7601 ServicePack: 1.0
15:57:03.0852 6740  Product type: Workstation
15:57:03.0852 6740  ComputerName: *****
15:57:03.0852 6740  UserName: *****
15:57:03.0868 6740  Windows directory: C:\Windows
15:57:03.0868 6740  System windows directory: C:\Windows
15:57:03.0868 6740  Processor architecture: Intel x86
15:57:03.0868 6740  Number of processors: 2
15:57:03.0868 6740  Page size: 0x1000
15:57:03.0868 6740  Boot type: Normal boot
15:57:03.0868 6740  ============================================================
15:57:07.0331 6740  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:57:07.0331 6740  ============================================================
15:57:07.0331 6740  \Device\Harddisk0\DR0:
15:57:07.0331 6740  MBR partitions:
15:57:07.0331 6740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE08800, BlocksNum 0x32000
15:57:07.0331 6740  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE3A800, BlocksNum 0x1C38A970
15:57:07.0331 6740  ============================================================
15:57:07.0378 6740  C: <-> \Device\Harddisk0\DR0\Partition2
15:57:07.0425 6740  ============================================================
15:57:07.0425 6740  Initialize success
15:57:07.0425 6740  ============================================================
15:57:29.0515 6920  ============================================================
15:57:29.0515 6920  Scan started
15:57:29.0515 6920  Mode: Manual; SigCheck; TDLFS; 
15:57:29.0515 6920  ============================================================
15:57:30.0045 6920  ================ Scan system memory ========================
15:57:30.0045 6920  System memory - ok
15:57:30.0045 6920  ================ Scan services =============================
15:57:30.0295 6920  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:57:30.0591 6920  1394ohci - ok
15:57:30.0872 6920  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:57:30.0950 6920  ACDaemon - ok
15:57:31.0090 6920  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:57:31.0168 6920  ACPI - ok
15:57:31.0277 6920  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:57:31.0480 6920  AcpiPmi - ok
15:57:31.0683 6920  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:57:31.0761 6920  AdobeFlashPlayerUpdateSvc - ok
15:57:31.0901 6920  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:57:32.0011 6920  adp94xx - ok
15:57:32.0120 6920  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:57:32.0198 6920  adpahci - ok
15:57:32.0291 6920  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:57:32.0401 6920  adpu320 - ok
15:57:32.0447 6920  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:57:32.0681 6920  AeLookupSvc - ok
15:57:32.0791 6920  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:57:32.0978 6920  AFD - ok
15:57:33.0056 6920  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:57:33.0118 6920  agp440 - ok
15:57:33.0243 6920  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:57:33.0305 6920  aic78xx - ok
15:57:33.0461 6920  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:57:33.0680 6920  ALG - ok
15:57:33.0773 6920  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:57:33.0836 6920  aliide - ok
15:57:33.0898 6920  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:57:33.0976 6920  amdagp - ok
15:57:34.0023 6920  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:57:34.0117 6920  amdide - ok
15:57:34.0273 6920  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:57:34.0429 6920  AmdK8 - ok
15:57:34.0538 6920  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:57:34.0709 6920  AmdPPM - ok
15:57:34.0819 6920  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:57:34.0897 6920  amdsata - ok
15:57:34.0975 6920  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:57:35.0068 6920  amdsbs - ok
15:57:35.0131 6920  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:57:35.0224 6920  amdxata - ok
15:57:35.0365 6920  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:57:35.0739 6920  AppID - ok
15:57:35.0864 6920  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:57:36.0051 6920  AppIDSvc - ok
15:57:36.0191 6920  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:57:36.0347 6920  Appinfo - ok
15:57:36.0503 6920  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
15:57:36.0628 6920  arc - ok
15:57:36.0722 6920  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:57:36.0831 6920  arcsas - ok
15:57:36.0925 6920  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:37.0127 6920  AsyncMac - ok
15:57:37.0205 6920  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:57:37.0268 6920  atapi - ok
15:57:37.0439 6920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:57:37.0564 6920  AudioEndpointBuilder - ok
15:57:37.0595 6920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:57:37.0673 6920  Audiosrv - ok
15:57:37.0736 6920  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:57:37.0861 6920  AxInstSV - ok
15:57:37.0923 6920  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
15:57:38.0001 6920  b06bdrv - ok
15:57:38.0048 6920  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:57:38.0126 6920  b57nd60x - ok
15:57:38.0251 6920  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:57:38.0329 6920  BBSvc - ok
15:57:38.0391 6920  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:57:38.0438 6920  BBUpdate - ok
15:57:38.0531 6920  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:57:38.0641 6920  BDESVC - ok
15:57:38.0687 6920  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:57:38.0812 6920  Beep - ok
15:57:38.0890 6920  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:57:38.0999 6920  BFE - ok
15:57:39.0218 6920  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
15:57:39.0311 6920  BHDrvx86 - ok
15:57:39.0389 6920  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:57:39.0514 6920  BITS - ok
15:57:39.0577 6920  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:57:39.0670 6920  blbdrive - ok
15:57:39.0733 6920  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:57:39.0795 6920  bowser - ok
15:57:39.0811 6920  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:57:39.0920 6920  BrFiltLo - ok
15:57:39.0951 6920  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:57:40.0013 6920  BrFiltUp - ok
15:57:40.0060 6920  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:57:40.0154 6920  Browser - ok
15:57:40.0294 6920  [ FA127AC8BDF668903543D29C96B31632 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
15:57:40.0466 6920  BrowserProtect - ok
15:57:40.0528 6920  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:57:40.0622 6920  Brserid - ok
15:57:40.0653 6920  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:57:40.0747 6920  BrSerWdm - ok
15:57:40.0778 6920  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:57:40.0840 6920  BrUsbMdm - ok
15:57:40.0887 6920  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:57:40.0949 6920  BrUsbSer - ok
15:57:41.0012 6920  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:57:41.0230 6920  BthEnum - ok
15:57:41.0261 6920  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:57:41.0324 6920  BTHMODEM - ok
15:57:41.0371 6920  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:57:41.0433 6920  BthPan - ok
15:57:41.0495 6920  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:57:41.0605 6920  BTHPORT - ok
15:57:41.0667 6920  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:57:41.0807 6920  bthserv - ok
15:57:41.0870 6920  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:57:41.0932 6920  BTHUSB - ok
15:57:41.0995 6920  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
15:57:42.0041 6920  btusbflt - ok
15:57:42.0088 6920  [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:57:42.0135 6920  btwaudio - ok
15:57:42.0182 6920  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
15:57:42.0213 6920  btwavdt - ok
15:57:42.0307 6920  [ F55C99818FD1EACFC7784958A8592536 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:57:42.0369 6920  btwdins - ok
15:57:42.0431 6920  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:57:42.0478 6920  btwl2cap - ok
15:57:42.0509 6920  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:57:42.0556 6920  btwrchid - ok
15:57:42.0634 6920  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360      C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys
15:57:42.0712 6920  ccSet_N360 - ok
15:57:42.0759 6920  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:57:42.0868 6920  cdfs - ok
15:57:42.0931 6920  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:57:42.0993 6920  cdrom - ok
15:57:43.0040 6920  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:57:43.0133 6920  CertPropSvc - ok
15:57:43.0165 6920  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:57:43.0258 6920  circlass - ok
15:57:43.0289 6920  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:57:43.0367 6920  CLFS - ok
15:57:43.0477 6920  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:57:43.0523 6920  clr_optimization_v2.0.50727_32 - ok
15:57:43.0617 6920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:57:43.0695 6920  clr_optimization_v4.0.30319_32 - ok
15:57:43.0742 6920  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:57:43.0804 6920  CmBatt - ok
15:57:43.0835 6920  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:57:43.0898 6920  cmdide - ok
15:57:43.0929 6920  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:57:44.0007 6920  CNG - ok
15:57:44.0054 6920  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:57:44.0101 6920  Compbatt - ok
15:57:44.0132 6920  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:57:44.0225 6920  CompositeBus - ok
15:57:44.0272 6920  COMSysApp - ok
15:57:44.0303 6920  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:57:44.0350 6920  crcdisk - ok
15:57:44.0397 6920  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:57:44.0475 6920  CryptSvc - ok
15:57:44.0553 6920  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:57:44.0662 6920  DcomLaunch - ok
15:57:44.0725 6920  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:57:44.0818 6920  defragsvc - ok
15:57:44.0865 6920  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:57:44.0943 6920  DfsC - ok
15:57:45.0005 6920  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:57:45.0115 6920  Dhcp - ok
15:57:45.0177 6920  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:57:45.0286 6920  discache - ok
15:57:45.0317 6920  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
15:57:45.0364 6920  Disk - ok
15:57:45.0411 6920  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:57:45.0520 6920  Dnscache - ok
15:57:45.0583 6920  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:57:45.0676 6920  dot3svc - ok
15:57:45.0707 6920  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:57:45.0817 6920  DPS - ok
15:57:45.0848 6920  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:57:45.0910 6920  drmkaud - ok
15:57:45.0957 6920  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:57:46.0035 6920  DXGKrnl - ok
15:57:46.0066 6920  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:57:46.0191 6920  EapHost - ok
15:57:46.0347 6920  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
15:57:46.0534 6920  ebdrv - ok
15:57:46.0628 6920  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:57:46.0690 6920  eeCtrl - ok
15:57:46.0737 6920  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:57:46.0831 6920  EFS - ok
15:57:46.0893 6920  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:57:46.0971 6920  elxstor - ok
15:57:47.0002 6920  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:57:47.0033 6920  EraserUtilRebootDrv - ok
15:57:47.0080 6920  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:57:47.0143 6920  ErrDev - ok
15:57:47.0221 6920  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:57:47.0314 6920  EventSystem - ok
15:57:47.0361 6920  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:57:47.0455 6920  exfat - ok
15:57:47.0486 6920  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:57:47.0564 6920  fastfat - ok
15:57:47.0642 6920  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:57:47.0751 6920  Fax - ok
15:57:47.0798 6920  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
15:57:47.0860 6920  fdc - ok
15:57:47.0891 6920  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:57:48.0001 6920  fdPHost - ok
15:57:48.0047 6920  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:57:48.0157 6920  FDResPub - ok
15:57:48.0219 6920  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:57:48.0266 6920  FileInfo - ok
15:57:48.0297 6920  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:57:48.0375 6920  Filetrace - ok
15:57:48.0406 6920  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:57:48.0469 6920  flpydisk - ok
15:57:48.0515 6920  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:57:48.0562 6920  FltMgr - ok
15:57:48.0625 6920  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
15:57:48.0734 6920  FontCache - ok
15:57:48.0812 6920  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:57:48.0843 6920  FontCache3.0.0.0 - ok
15:57:48.0905 6920  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:57:48.0952 6920  FsDepends - ok
15:57:48.0999 6920  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:57:49.0046 6920  Fs_Rec - ok
15:57:49.0108 6920  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:57:49.0171 6920  fvevol - ok
15:57:49.0202 6920  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:57:49.0264 6920  gagp30kx - ok
15:57:49.0311 6920  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:57:49.0436 6920  gpsvc - ok
15:57:49.0483 6920  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:57:49.0545 6920  hcw85cir - ok
15:57:49.0607 6920  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:57:49.0670 6920  HdAudAddService - ok
15:57:49.0701 6920  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:57:49.0779 6920  HDAudBus - ok
15:57:49.0826 6920  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:57:49.0873 6920  HidBatt - ok
15:57:49.0919 6920  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:57:49.0982 6920  HidBth - ok
15:57:50.0029 6920  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:57:50.0107 6920  HidIr - ok
15:57:50.0153 6920  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:57:50.0278 6920  hidserv - ok
15:57:50.0325 6920  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:57:50.0403 6920  HidUsb - ok
15:57:50.0450 6920  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:57:50.0543 6920  hkmsvc - ok
15:57:50.0575 6920  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:57:50.0684 6920  HomeGroupListener - ok
15:57:50.0731 6920  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:57:50.0824 6920  HomeGroupProvider - ok
15:57:50.0887 6920  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:57:50.0933 6920  HpSAMD - ok
15:57:51.0089 6920  [ C3B71A7EE3ADA9E9D1A30133B9D2FC74 ] HPSLPSVC        C:\Users\Shelagh\AppData\Local\Temp\7zS51AB\hpslpsvc32.dll
15:57:51.0167 6920  HPSLPSVC - ok
15:57:51.0245 6920  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:57:51.0339 6920  HTTP - ok
15:57:51.0386 6920  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:57:51.0433 6920  hwpolicy - ok
15:57:51.0479 6920  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:57:51.0573 6920  i8042prt - ok
15:57:51.0667 6920  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:57:51.0760 6920  iaStorV - ok
15:57:51.0838 6920  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:57:51.0994 6920  idsvc - ok
15:57:52.0103 6920  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys
15:57:52.0166 6920  IDSVix86 - ok
15:57:52.0400 6920  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:57:52.0665 6920  igfx - ok
15:57:52.0727 6920  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:57:52.0774 6920  iirsp - ok
15:57:52.0837 6920  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:57:52.0961 6920  IKEEXT - ok
15:57:53.0133 6920  [ 0B7E398549ACEC7A6F8BD755C2CE40B5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:57:53.0305 6920  IntcAzAudAddService - ok
15:57:53.0351 6920  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:57:53.0398 6920  intelide - ok
15:57:53.0461 6920  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:57:53.0539 6920  intelppm - ok
15:57:53.0585 6920  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:57:53.0726 6920  IPBusEnum - ok
15:57:53.0757 6920  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:53.0882 6920  IpFilterDriver - ok
15:57:53.0960 6920  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:57:54.0100 6920  iphlpsvc - ok
15:57:54.0131 6920  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:57:54.0209 6920  IPMIDRV - ok
15:57:54.0225 6920  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:57:54.0350 6920  IPNAT - ok
15:57:54.0412 6920  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:57:54.0521 6920  IRENUM - ok
15:57:54.0568 6920  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:57:54.0631 6920  isapnp - ok
15:57:54.0662 6920  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:57:54.0724 6920  iScsiPrt - ok
15:57:54.0787 6920  [ 0A1B5DD3AF49C91B852F23AD747973FB ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:57:54.0833 6920  JMCR - ok
15:57:54.0880 6920  [ 8A06C7A0E701BE6D618571095032DCB9 ] JME             C:\Windows\system32\DRIVERS\JME.sys
15:57:54.0911 6920  JME - ok
15:57:54.0958 6920  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:57:55.0005 6920  kbdclass - ok
15:57:55.0067 6920  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:57:55.0130 6920  kbdhid - ok
15:57:55.0161 6920  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:57:55.0208 6920  KeyIso - ok
15:57:55.0255 6920  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:57:55.0301 6920  KSecDD - ok
15:57:55.0333 6920  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:57:55.0395 6920  KSecPkg - ok
15:57:55.0442 6920  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:57:55.0551 6920  KtmRm - ok
15:57:55.0582 6920  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:57:55.0723 6920  LanmanServer - ok
15:57:55.0769 6920  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:55.0863 6920  LanmanWorkstation - ok
15:57:55.0941 6920  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:57:56.0081 6920  lltdio - ok
15:57:56.0113 6920  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:57:56.0237 6920  lltdsvc - ok
15:57:56.0253 6920  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:57:56.0347 6920  lmhosts - ok
15:57:56.0409 6920  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:57:56.0456 6920  LSI_FC - ok
15:57:56.0487 6920  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:57:56.0549 6920  LSI_SAS - ok
15:57:56.0581 6920  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:57:56.0627 6920  LSI_SAS2 - ok
15:57:56.0659 6920  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:57:56.0705 6920  LSI_SCSI - ok
15:57:56.0768 6920  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:57:56.0861 6920  luafv - ok
15:57:56.0908 6920  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:57:56.0939 6920  megasas - ok
15:57:56.0986 6920  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:57:57.0033 6920  MegaSR - ok
15:57:57.0095 6920  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:57:57.0220 6920  MMCSS - ok
15:57:57.0267 6920  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:57:57.0376 6920  Modem - ok
15:57:57.0407 6920  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:57:57.0454 6920  monitor - ok
15:57:57.0501 6920  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:57:57.0548 6920  mouclass - ok
15:57:57.0595 6920  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:57:57.0657 6920  mouhid - ok
15:57:57.0704 6920  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:57:57.0751 6920  mountmgr - ok
15:57:57.0844 6920  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:57:57.0907 6920  MozillaMaintenance - ok
15:57:57.0953 6920  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:57:58.0000 6920  mpio - ok
15:57:58.0016 6920  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:57:58.0125 6920  mpsdrv - ok
15:57:58.0172 6920  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:57:58.0312 6920  MpsSvc - ok
15:57:58.0359 6920  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:57:58.0421 6920  MRxDAV - ok
15:57:58.0484 6920  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:58.0577 6920  mrxsmb - ok
15:57:58.0624 6920  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:58.0687 6920  mrxsmb10 - ok
15:57:58.0702 6920  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:58.0780 6920  mrxsmb20 - ok
15:57:58.0827 6920  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:57:58.0874 6920  msahci - ok
15:57:58.0905 6920  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:57:58.0952 6920  msdsm - ok
15:57:58.0999 6920  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:57:59.0061 6920  MSDTC - ok
15:57:59.0139 6920  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:57:59.0217 6920  Msfs - ok
15:57:59.0248 6920  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:57:59.0342 6920  mshidkmdf - ok
15:57:59.0389 6920  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:57:59.0451 6920  msisadrv - ok
15:57:59.0513 6920  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:57:59.0591 6920  MSiSCSI - ok
15:57:59.0607 6920  msiserver - ok
15:57:59.0638 6920  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:57:59.0732 6920  MSKSSRV - ok
15:57:59.0763 6920  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:59.0857 6920  MSPCLOCK - ok
15:57:59.0888 6920  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:57:59.0997 6920  MSPQM - ok
15:58:00.0059 6920  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:58:00.0137 6920  MsRPC - ok
15:58:00.0184 6920  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:58:00.0231 6920  mssmbios - ok
15:58:00.0262 6920  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:58:00.0356 6920  MSTEE - ok
15:58:00.0387 6920  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:58:00.0449 6920  MTConfig - ok
15:58:00.0481 6920  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:58:00.0543 6920  Mup - ok
15:58:00.0715 6920  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
15:58:00.0761 6920  N360 - ok
15:58:00.0808 6920  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:58:00.0917 6920  napagent - ok
15:58:00.0964 6920  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:58:01.0042 6920  NativeWifiP - ok
15:58:01.0136 6920  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVENG.SYS
15:58:01.0198 6920  NAVENG - ok
15:58:01.0261 6920  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVEX15.SYS
15:58:01.0385 6920  NAVEX15 - ok
15:58:01.0448 6920  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:58:01.0557 6920  NDIS - ok
15:58:01.0619 6920  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:01.0729 6920  NdisCap - ok
15:58:01.0760 6920  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:01.0869 6920  NdisTapi - ok
15:58:01.0916 6920  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:02.0025 6920  Ndisuio - ok
15:58:02.0087 6920  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:02.0165 6920  NdisWan - ok
15:58:02.0197 6920  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:58:02.0290 6920  NDProxy - ok
15:58:02.0353 6920  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:58:02.0509 6920  NetBIOS - ok
15:58:02.0555 6920  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:58:02.0649 6920  NetBT - ok
15:58:02.0665 6920  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:58:02.0727 6920  Netlogon - ok
15:58:02.0789 6920  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:58:02.0883 6920  Netman - ok
15:58:02.0914 6920  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:58:03.0023 6920  netprofm - ok
15:58:03.0086 6920  [ C340A607BA9D7FB82D39B12F0E829BDB ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
15:58:03.0164 6920  netr28 - ok
15:58:03.0211 6920  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:58:03.0242 6920  NetTcpPortSharing - ok
15:58:03.0304 6920  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:58:03.0351 6920  nfrd960 - ok
15:58:03.0398 6920  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:58:03.0460 6920  NlaSvc - ok
15:58:03.0491 6920  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:58:03.0585 6920  Npfs - ok
15:58:03.0616 6920  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:58:03.0710 6920  nsi - ok
15:58:03.0725 6920  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:58:03.0850 6920  nsiproxy - ok
15:58:03.0928 6920  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:58:04.0037 6920  Ntfs - ok
15:58:04.0069 6920  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:58:04.0178 6920  Null - ok
15:58:04.0209 6920  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:58:04.0256 6920  nvraid - ok
15:58:04.0287 6920  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:58:04.0349 6920  nvstor - ok
15:58:04.0365 6920  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:58:04.0412 6920  nv_agp - ok
15:58:04.0459 6920  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:58:04.0521 6920  ohci1394 - ok
15:58:04.0599 6920  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:04.0661 6920  ose - ok
15:58:04.0849 6920  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:58:05.0114 6920  osppsvc - ok
15:58:05.0192 6920  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:58:05.0285 6920  p2pimsvc - ok
15:58:05.0332 6920  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:58:05.0441 6920  p2psvc - ok
15:58:05.0488 6920  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
15:58:05.0535 6920  Parport - ok
15:58:05.0582 6920  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:58:05.0644 6920  partmgr - ok
15:58:05.0660 6920  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:58:05.0738 6920  Parvdm - ok
15:58:05.0816 6920  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:58:05.0894 6920  PcaSvc - ok
15:58:05.0956 6920  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:58:06.0034 6920  pci - ok
15:58:06.0081 6920  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:58:06.0159 6920  pciide - ok
15:58:06.0206 6920  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:58:06.0268 6920  pcmcia - ok
15:58:06.0299 6920  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:58:06.0362 6920  pcw - ok
15:58:06.0424 6920  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:58:06.0580 6920  PEAUTH - ok
15:58:06.0814 6920  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:58:07.0001 6920  pla - ok
15:58:07.0048 6920  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:58:07.0126 6920  PlugPlay - ok
15:58:07.0282 6920  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
15:58:07.0376 6920  PMBDeviceInfoProvider - ok
15:58:07.0407 6920  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:58:07.0469 6920  PNRPAutoReg - ok
15:58:07.0532 6920  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:58:07.0594 6920  PNRPsvc - ok
15:58:07.0641 6920  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:58:07.0750 6920  PolicyAgent - ok
15:58:07.0813 6920  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:58:07.0891 6920  Power - ok
15:58:07.0953 6920  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:58:08.0109 6920  PptpMiniport - ok
15:58:08.0125 6920  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
15:58:08.0265 6920  Processor - ok
15:58:08.0390 6920  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:58:08.0468 6920  ProfSvc - ok
15:58:08.0499 6920  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:58:08.0546 6920  ProtectedStorage - ok
15:58:08.0577 6920  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:58:08.0655 6920  Psched - ok
15:58:08.0733 6920  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:58:08.0842 6920  ql2300 - ok
15:58:08.0889 6920  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:58:08.0967 6920  ql40xx - ok
15:58:09.0014 6920  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:58:09.0076 6920  QWAVE - ok
15:58:09.0123 6920  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:58:09.0170 6920  QWAVEdrv - ok
15:58:09.0201 6920  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:58:09.0295 6920  RasAcd - ok
15:58:09.0341 6920  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:09.0451 6920  RasAgileVpn - ok
15:58:09.0513 6920  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:58:09.0607 6920  RasAuto - ok
15:58:09.0638 6920  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:09.0731 6920  Rasl2tp - ok
15:58:09.0794 6920  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:58:09.0887 6920  RasMan - ok
15:58:09.0934 6920  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:10.0028 6920  RasPppoe - ok
15:58:10.0075 6920  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:58:10.0153 6920  RasSstp - ok
15:58:10.0199 6920  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:58:10.0309 6920  rdbss - ok
15:58:10.0324 6920  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:58:10.0371 6920  rdpbus - ok
15:58:10.0402 6920  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:10.0496 6920  RDPCDD - ok
15:58:10.0558 6920  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:58:10.0683 6920  RDPENCDD - ok
15:58:10.0730 6920  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:58:10.0855 6920  RDPREFMP - ok
15:58:10.0933 6920  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:58:11.0042 6920  RdpVideoMiniport - ok
15:58:11.0104 6920  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:58:11.0213 6920  RDPWD - ok
15:58:11.0260 6920  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:58:11.0338 6920  rdyboost - ok
15:58:11.0369 6920  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:58:11.0525 6920  RemoteAccess - ok
15:58:11.0572 6920  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:58:11.0681 6920  RemoteRegistry - ok
15:58:11.0728 6920  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:58:11.0791 6920  RFCOMM - ok
15:58:11.0822 6920  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:58:11.0931 6920  RpcEptMapper - ok
15:58:11.0993 6920  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:58:12.0118 6920  RpcLocator - ok
15:58:12.0181 6920  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:58:12.0274 6920  RpcSs - ok
15:58:12.0305 6920  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:58:12.0430 6920  rspndr - ok
15:58:12.0508 6920  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:58:12.0571 6920  SamSs - ok
15:58:12.0633 6920  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:58:12.0680 6920  sbp2port - ok
15:58:12.0727 6920  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:58:12.0820 6920  SCardSvr - ok
15:58:12.0851 6920  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:58:12.0961 6920  scfilter - ok
15:58:13.0039 6920  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:58:13.0163 6920  Schedule - ok
15:58:13.0210 6920  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:58:13.0304 6920  SCPolicySvc - ok
15:58:13.0351 6920  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
15:58:13.0429 6920  sdbus - ok
15:58:13.0475 6920  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:58:13.0585 6920  SDRSVC - ok
15:58:13.0647 6920  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:58:13.0741 6920  secdrv - ok
15:58:13.0787 6920  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:58:13.0897 6920  seclogon - ok
15:58:13.0928 6920  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:58:14.0037 6920  SENS - ok
15:58:14.0084 6920  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:58:14.0146 6920  Serenum - ok
15:58:14.0193 6920  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
15:58:14.0302 6920  Serial - ok
15:58:14.0349 6920  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:58:14.0427 6920  sermouse - ok
15:58:14.0489 6920  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:58:14.0599 6920  SessionEnv - ok
15:58:14.0677 6920  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\drivers\SFEP.sys
15:58:14.0770 6920  SFEP - ok
15:58:14.0801 6920  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:58:14.0926 6920  sffdisk - ok
15:58:14.0942 6920  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:58:15.0020 6920  sffp_mmc - ok
15:58:15.0051 6920  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:58:15.0113 6920  sffp_sd - ok
15:58:15.0145 6920  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:58:15.0207 6920  sfloppy - ok
15:58:15.0269 6920  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:58:15.0379 6920  SharedAccess - ok
15:58:15.0425 6920  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:58:15.0519 6920  ShellHWDetection - ok
15:58:15.0550 6920  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:58:15.0597 6920  sisagp - ok
15:58:15.0644 6920  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:58:15.0691 6920  SiSRaid2 - ok
15:58:15.0737 6920  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:58:15.0784 6920  SiSRaid4 - ok
15:58:15.0847 6920  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:58:15.0893 6920  SkypeUpdate - ok
15:58:15.0940 6920  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:58:16.0018 6920  Smb - ok
15:58:16.0096 6920  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:58:16.0159 6920  SNMPTRAP - ok
15:58:16.0283 6920  [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp         C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:58:16.0330 6920  SOHCImp - ok
15:58:16.0393 6920  [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms          C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:58:16.0455 6920  SOHDms - ok
15:58:16.0471 6920  [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs           C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:58:16.0517 6920  SOHDs - ok
15:58:16.0611 6920  [ B91C063FE1D572DFB3FD8C3898E0D0C1 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
15:58:16.0658 6920  SpfService - ok
15:58:16.0705 6920  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:58:16.0751 6920  spldr - ok
15:58:16.0814 6920  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:58:16.0939 6920  Spooler - ok
15:58:17.0063 6920  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:58:17.0282 6920  sppsvc - ok
15:58:17.0329 6920  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:58:17.0438 6920  sppuinotify - ok
15:58:17.0563 6920  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS
15:58:17.0641 6920  SRTSP - ok
15:58:17.0672 6920  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS
15:58:17.0719 6920  SRTSPX - ok
15:58:17.0765 6920  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:58:17.0890 6920  srv - ok
15:58:17.0921 6920  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:58:17.0999 6920  srv2 - ok
15:58:18.0046 6920  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:58:18.0109 6920  srvnet - ok
15:58:18.0171 6920  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:58:18.0265 6920  SSDPSRV - ok
15:58:18.0296 6920  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:58:18.0389 6920  SstpSvc - ok
15:58:18.0436 6920  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:58:18.0530 6920  stexstor - ok
15:58:18.0592 6920  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:58:18.0670 6920  StillCam - ok
15:58:18.0717 6920  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:58:18.0826 6920  StiSvc - ok
15:58:18.0857 6920  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:58:18.0904 6920  swenum - ok
15:58:18.0951 6920  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:58:19.0060 6920  swprv - ok
15:58:19.0123 6920  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\N360\0604010.00E\SYMDS.SYS
15:58:19.0185 6920  SymDS - ok
15:58:19.0232 6920  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\N360\0604010.00E\SYMEFA.SYS
15:58:19.0294 6920  SymEFA - ok
15:58:19.0341 6920  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
15:58:19.0388 6920  SymEvent - ok
15:58:19.0466 6920  [ 6E3AD51710CB4A27EA70ADF685FCA4CA ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
15:58:19.0497 6920  SymIM - ok
15:58:19.0528 6920  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS
15:58:19.0575 6920  SymIRON - ok
15:58:19.0622 6920  [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS         C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS
15:58:19.0669 6920  SymNetS - ok
15:58:19.0731 6920  [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP           C:\Windows\system32\drivers\SynTP.sys
15:58:19.0778 6920  SynTP - ok
15:58:19.0856 6920  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:58:19.0981 6920  SysMain - ok
15:58:20.0012 6920  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:58:20.0090 6920  TabletInputService - ok
15:58:20.0137 6920  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:58:20.0246 6920  TapiSrv - ok
15:58:20.0308 6920  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:58:20.0417 6920  TBS - ok
15:58:20.0511 6920  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:58:20.0636 6920  Tcpip - ok
15:58:20.0714 6920  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:58:20.0792 6920  TCPIP6 - ok
15:58:20.0854 6920  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:58:20.0932 6920  tcpipreg - ok
15:58:20.0979 6920  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:58:21.0073 6920  TDPIPE - ok
15:58:21.0104 6920  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:58:21.0151 6920  TDTCP - ok
15:58:21.0197 6920  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:58:21.0291 6920  tdx - ok
15:58:21.0307 6920  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:58:21.0369 6920  TermDD - ok
15:58:21.0416 6920  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:58:21.0587 6920  TermService - ok
15:58:21.0650 6920  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:58:21.0743 6920  Themes - ok
15:58:21.0775 6920  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:58:21.0868 6920  THREADORDER - ok
15:58:21.0977 6920  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:58:22.0040 6920  TomTomHOMEService - ok
15:58:22.0087 6920  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:58:22.0211 6920  TrkWks - ok
15:58:22.0289 6920  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:58:22.0399 6920  TrustedInstaller - ok
15:58:22.0445 6920  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:22.0555 6920  tssecsrv - ok
15:58:22.0601 6920  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:58:22.0679 6920  TsUsbFlt - ok
15:58:22.0742 6920  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:58:22.0835 6920  tunnel - ok
15:58:22.0898 6920  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:58:22.0945 6920  uagp35 - ok
15:58:22.0991 6920  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:58:23.0101 6920  udfs - ok
15:58:23.0147 6920  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:58:23.0225 6920  UI0Detect - ok
15:58:23.0257 6920  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:58:23.0335 6920  uliagpkx - ok
15:58:23.0397 6920  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:58:23.0459 6920  umbus - ok
15:58:23.0491 6920  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:58:23.0553 6920  UmPass - ok
15:58:23.0600 6920  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:58:23.0740 6920  upnphost - ok
15:58:23.0787 6920  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:23.0849 6920  usbccgp - ok
15:58:23.0896 6920  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:58:23.0943 6920  usbcir - ok
15:58:23.0974 6920  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:58:24.0021 6920  usbehci - ok
15:58:24.0068 6920  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:58:24.0146 6920  usbhub - ok
15:58:24.0177 6920  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:58:24.0239 6920  usbohci - ok
15:58:24.0271 6920  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:58:24.0333 6920  usbprint - ok
15:58:24.0380 6920  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:58:24.0458 6920  usbscan - ok
15:58:24.0489 6920  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:24.0551 6920  USBSTOR - ok
15:58:24.0598 6920  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:24.0645 6920  usbuhci - ok
15:58:24.0692 6920  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:58:24.0754 6920  usbvideo - ok
15:58:24.0801 6920  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:58:24.0879 6920  UxSms - ok
15:58:24.0941 6920  [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:58:24.0988 6920  VAIO Entertainment TV Device Arbitration Service - ok
15:58:25.0035 6920  [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
15:58:25.0066 6920  VAIO Event Service - ok
15:58:25.0160 6920  [ 49A7C107D51D5F481F702FE75548CE8F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:58:25.0222 6920  VAIO Power Management - ok
15:58:25.0253 6920  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:58:25.0300 6920  VaultSvc - ok
15:58:25.0378 6920  [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:58:25.0487 6920  VCFw - ok
15:58:25.0597 6920  [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:58:25.0659 6920  VcmIAlzMgr - ok
15:58:25.0753 6920  [ CBB9F0D1017E0BED4CB5BBC0EBF26DC1 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
15:58:25.0815 6920  VcmINSMgr - ok
15:58:25.0862 6920  [ A9AEAA21FC7B30E48A682F43DEB389FC ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
15:58:25.0909 6920  VcmXmlIfHelper - ok
15:58:25.0987 6920  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
15:58:26.0033 6920  VCService - ok
15:58:26.0080 6920  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:58:26.0143 6920  vdrvroot - ok
15:58:26.0205 6920  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:58:26.0314 6920  vds - ok
15:58:26.0361 6920  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:26.0423 6920  vga - ok
15:58:26.0455 6920  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:58:26.0548 6920  VgaSave - ok
15:58:26.0579 6920  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:58:26.0626 6920  vhdmp - ok
15:58:26.0642 6920  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:58:26.0704 6920  viaagp - ok
15:58:26.0735 6920  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:58:26.0798 6920  ViaC7 - ok
15:58:26.0829 6920  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:58:26.0876 6920  viaide - ok
15:58:26.0907 6920  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:58:26.0954 6920  volmgr - ok
15:58:27.0001 6920  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:58:27.0063 6920  volmgrx - ok
15:58:27.0094 6920  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:58:27.0157 6920  volsnap - ok
15:58:27.0235 6920  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:58:27.0281 6920  vsmraid - ok
15:58:27.0359 6920  [ 27C6DE0DC4171DDA8AA8C3A65D08BD3D ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
15:58:27.0406 6920  VSNService ( UnsignedFile.Multi.Generic ) - warning
15:58:27.0406 6920  VSNService - detected UnsignedFile.Multi.Generic (1)
15:58:27.0469 6920  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:58:27.0609 6920  VSS - ok
15:58:27.0796 6920  [ 416F115DC1003BB624D03E019C3D563D ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
15:58:27.0890 6920  VUAgent - ok
15:58:27.0937 6920  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:27.0999 6920  vwifibus - ok
15:58:28.0030 6920  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:28.0093 6920  vwififlt - ok
15:58:28.0155 6920  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:58:28.0249 6920  W32Time - ok
15:58:28.0295 6920  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:58:28.0358 6920  WacomPen - ok
15:58:28.0389 6920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:58:28.0498 6920  WANARP - ok
15:58:28.0514 6920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:58:28.0592 6920  Wanarpv6 - ok
15:58:28.0654 6920  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:58:28.0826 6920  wbengine - ok
15:58:28.0888 6920  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:58:28.0966 6920  WbioSrvc - ok
15:58:29.0013 6920  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:58:29.0075 6920  wcncsvc - ok
15:58:29.0107 6920  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:58:29.0200 6920  WcsPlugInService - ok
15:58:29.0231 6920  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
15:58:29.0278 6920  Wd - ok
15:58:29.0341 6920  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:58:29.0403 6920  Wdf01000 - ok
15:58:29.0450 6920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:58:29.0762 6920  WdiServiceHost - ok
15:58:29.0777 6920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:58:29.0855 6920  WdiSystemHost - ok
15:58:29.0902 6920  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:58:30.0027 6920  WebClient - ok
15:58:30.0074 6920  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:58:30.0230 6920  Wecsvc - ok
15:58:30.0277 6920  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:58:30.0401 6920  wercplsupport - ok
15:58:30.0448 6920  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:58:30.0604 6920  WerSvc - ok
15:58:30.0667 6920  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:30.0791 6920  WfpLwf - ok
15:58:30.0838 6920  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:58:30.0885 6920  WIMMount - ok
15:58:30.0963 6920  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:58:31.0072 6920  WinDefend - ok
15:58:31.0088 6920  WinHttpAutoProxySvc - ok
15:58:31.0166 6920  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:58:31.0259 6920  Winmgmt - ok
15:58:31.0337 6920  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:58:31.0478 6920  WinRM - ok
15:58:31.0571 6920  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:58:31.0665 6920  Wlansvc - ok
15:58:31.0774 6920  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:58:31.0899 6920  wlidsvc - ok
15:58:31.0946 6920  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:58:32.0024 6920  WmiAcpi - ok
15:58:32.0071 6920  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:58:32.0149 6920  wmiApSrv - ok
15:58:32.0227 6920  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:58:32.0336 6920  WMPNetworkSvc - ok
15:58:32.0383 6920  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:58:32.0476 6920  WPCSvc - ok
15:58:32.0523 6920  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:58:32.0648 6920  WPDBusEnum - ok
15:58:32.0695 6920  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:58:32.0773 6920  ws2ifsl - ok
15:58:32.0804 6920  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:58:32.0897 6920  wscsvc - ok
15:58:32.0897 6920  WSearch - ok
15:58:33.0007 6920  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:58:33.0178 6920  wuauserv - ok
15:58:33.0209 6920  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:58:33.0319 6920  WudfPf - ok
15:58:33.0365 6920  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:33.0443 6920  WUDFRd - ok
15:58:33.0506 6920  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:58:33.0568 6920  wudfsvc - ok
15:58:33.0615 6920  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:58:33.0677 6920  WwanSvc - ok
15:58:33.0740 6920  ================ Scan global ===============================
15:58:33.0771 6920  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:58:33.0818 6920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:58:33.0849 6920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:58:33.0880 6920  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:58:33.0943 6920  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:58:33.0958 6920  [Global] - ok
15:58:33.0958 6920  ================ Scan MBR ==================================
15:58:33.0974 6920  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:58:34.0395 6920  \Device\Harddisk0\DR0 - ok
15:58:34.0395 6920  ================ Scan VBR ==================================
15:58:34.0411 6920  [ E02D280E5375D469BF85EE559BD1FCC8 ] \Device\Harddisk0\DR0\Partition1
15:58:34.0411 6920  \Device\Harddisk0\DR0\Partition1 - ok
15:58:34.0457 6920  [ 31D29B1ABAA92C8AA9EF601C427EAFEB ] \Device\Harddisk0\DR0\Partition2
15:58:34.0457 6920  \Device\Harddisk0\DR0\Partition2 - ok
15:58:34.0473 6920  ============================================================
15:58:34.0473 6920  Scan finished
15:58:34.0473 6920  ============================================================
15:58:34.0504 6912  Detected object count: 1
15:58:34.0504 6912  Actual detected object count: 1
16:06:15.0228 6912  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:15.0228 6912  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 07.03.2013, 17:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2013, 18:06   #9
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Combofix hat nach deaktivieren des Norton 360 immernoch gemeckert, aber den Scan dann ohne zu mucken durchgezogen

ComboFix Log:
Code:
ATTFilter
ComboFix 13-03-07.02 - Shelagh 07/03/2013  16:23:49.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.44.1033.18.1013.369 [GMT 0:00]
Running from: c:\users\Shelagh\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shelagh\AppData\Local\Temp\7zS51AB\HPSLPSVC32.DLL
c:\users\Shelagh\AppData\Roaming\midimapn.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-07 to 2013-03-07  )))))))))))))))))))))))))))))))
.
.
2013-03-07 14:36 . 2013-03-07 14:36	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-07 11:10 . 2013-03-07 11:10	--------	d-----w-	c:\programdata\BrowserProtect
2013-03-07 11:09 . 2013-03-07 11:09	--------	d-----w-	c:\program files\Delta
2013-03-07 11:09 . 2013-03-07 11:09	--------	d-----w-	c:\program files\7-Zip
2013-03-07 11:09 . 2013-03-07 11:09	--------	d-----w-	c:\users\Shelagh\AppData\Roaming\BabSolution
2013-03-07 11:08 . 2013-03-07 11:08	--------	d-----w-	c:\programdata\Babylon
2013-03-07 11:08 . 2013-03-07 11:08	--------	d-----w-	c:\users\Shelagh\AppData\Roaming\Babylon
2013-02-24 17:42 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 16:10 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-24 16:10 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-24 16:10 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-24 16:10 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-06 11:15 . 2013-02-10 10:36	--------	d-----w-	c:\windows\system32\drivers\N360\0604010.00E
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-03 18:22 . 2012-12-01 07:59	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-03 18:22 . 2011-10-03 14:23	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 22:03 . 2013-02-24 17:43	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-01-08 21:58 . 2013-02-24 17:43	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-01-04 04:50 . 2013-02-24 16:09	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-24 16:10	2347008	----a-w-	c:\windows\system32\win32k.sys
2012-12-16 14:13 . 2012-12-30 10:08	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-30 10:08	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-02-06 11:10 . 2013-02-06 11:10	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-23 8120864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1578280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-07-29 26624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
.
c:\users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 18:23]
.
2013-03-07 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
FF - prefs.js: keyword.URL - hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q=
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - a0fe223f00000000000090fba6ffbc63
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15771
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MJPZ - c:\users\Shelagh\AppData\Roaming\midimapn.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5396)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Smart Network\VSNClient.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Update\VAIOUpdt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\windows\system32\sppsvc.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\program files\Sony\VAIO Care\VCAgent.exe
c:\windows\System32\vds.exe
c:\program files\HP\HP Photosmart 5510d series\bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Completion time: 2013-03-07  16:54:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-07 16:54
.
Pre-Run: 204,164,907,008 bytes free
Post-Run: 204,106,612,736 bytes free
.
- - End Of File - - F971898994E7B7E067DBB7C14D71FA32
         

Alt 08.03.2013, 09:28   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 10:52   #11
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



JRT Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Starter x86
Ran by Shelagh on 08/03/2013 at  9:08:12.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browserprotect 
Successfully deleted: [Service] browserprotect 



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2812557452-3284765411-2812134352-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} 



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Failed to delete: [Folder] "C:\ProgramData\application data\browserprotect"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\microsoft\windows\start menu\programs\browserprotect"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\user.js
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\extensions\ffxtlbr@delta.com
Successfully deleted the following from C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.delta.instlDay", "15771");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.011:09:39");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("keyword.URL", "hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q=");
Emptied folder: C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/03/2013 at  9:20:36.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner Log:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.114 - Logfile created 03/08/2013 at 09:22:37
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *****
# Boot Mode : Normal
# Running from : C:\Users\Shelagh\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\safesearch.xml
Folder Deleted : C:\ProgramData\BrowserProtect

***** [Registry] *****

Key Deleted : HKCU\Software\a6888cb63eef17
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\a6888cb63eef17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-GB)

File : C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3126 octets] - [08/03/2013 09:22:37]

########## EOF - C:\AdwCleaner[S1].txt - [3186 octets] ##########
         
--- --- ---


OTL - OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08/03/2013 09:34:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shelagh\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1013.00 Mb Total Physical Memory | 312.79 Mb Available Physical Memory | 30.88% Memory free
1.99 Gb Paging File | 1.27 Gb Available in Paging File | 63.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.77 Gb Total Space | 189.81 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
PRC - C:\Users\Shelagh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Shelagh\AppData\Local\Temp\catchme.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130307.033\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130307.033\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130307.001\IDSvix86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0604010.00E\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys (Symantec Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{5DAD095A-7592-4209-A115-4C33A10B6FEB}: "URL" = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{865958B6-E7DB-4888-A7F5-DC596EF617E8}: "URL" = hxxp://uk.shopping.com/?linkin_id=8056359
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{8EE97BFC-04D8-4BB9-A720-52D223677C11}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search"
FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1095.52
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.12.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/28 09:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/03/08 09:30:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/03 21:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions
[2011/06/03 21:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/03/08 09:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions
[2013/02/06 11:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 11:10:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013/03/08 09:30:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN
[2013/02/06 11:10:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/02 20:03:22 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/30 17:24:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/02 20:03:22 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/02 20:03:22 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/24 18:15:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/02 20:03:22 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2013/03/07 16:46:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58833387-8861-4805-8F58-51C3DBDB8960}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0B2680D-B882-4B00-A942-E2C3A5FBAB7D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/08 09:08:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/08 09:07:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/08 09:03:29 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Shelagh\Desktop\JRT.exe
[2013/03/07 16:54:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/07 16:46:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/07 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Local\temp
[2013/03/07 16:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/07 16:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/07 16:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/07 16:17:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/07 16:16:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/07 16:14:01 | 005,037,561 | R--- | C] (Swearware) -- C:\Users\Shelagh\Desktop\ComboFix.exe
[2013/03/07 15:28:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shelagh\Desktop\tdsskiller.exe
[2013/03/07 15:26:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Shelagh\Desktop\aswMBR.exe
[2013/03/07 14:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/07 13:42:17 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\Desktop\mbar
[2013/03/07 12:31:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shelagh\Desktop\OTL.exe
[2013/03/07 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/03/07 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/24 17:43:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/24 17:43:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/24 17:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/24 17:43:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/24 17:43:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/24 17:43:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/24 17:43:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/24 17:43:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/24 16:10:32 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/24 16:10:11 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/24 16:10:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/24 16:10:07 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/24 16:09:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/06 11:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/08 09:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 09:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 09:29:37 | 000,001,950 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk
[2013/03/08 09:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 09:28:18 | 796,655,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/08 09:21:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/08 09:05:26 | 000,597,667 | ---- | M] () -- C:\Users\Shelagh\Desktop\adwcleaner.exe
[2013/03/08 09:04:10 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Shelagh\Desktop\JRT.exe
[2013/03/08 09:01:10 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/03/07 16:46:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/07 16:14:18 | 005,037,561 | R--- | M] (Swearware) -- C:\Users\Shelagh\Desktop\ComboFix.exe
[2013/03/07 15:56:15 | 000,000,512 | ---- | M] () -- C:\Users\Shelagh\Desktop\MBR.dat
[2013/03/07 15:28:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shelagh\Desktop\tdsskiller.exe
[2013/03/07 15:27:47 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Shelagh\Desktop\aswMBR.exe
[2013/03/07 13:36:54 | 000,377,856 | ---- | M] () -- C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe
[2013/03/07 11:17:16 | 000,628,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/07 11:17:16 | 000,110,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/03 18:22:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/03 18:22:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/03 17:23:46 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/03 17:21:32 | 001,669,357 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\Cat.DB
[2013/02/10 10:37:33 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/02/10 10:36:05 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\VT20130115.021
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/08 09:05:22 | 000,597,667 | ---- | C] () -- C:\Users\Shelagh\Desktop\adwcleaner.exe
[2013/03/07 16:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/07 16:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/07 16:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/07 16:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/07 16:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/07 15:56:15 | 000,000,512 | ---- | C] () -- C:\Users\Shelagh\Desktop\MBR.dat
[2013/03/07 13:36:36 | 000,377,856 | ---- | C] () -- C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe
[2012/03/09 18:32:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/06/03 20:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 03:48:37 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL - Extras Log
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08/03/2013 09:34:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shelagh\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1013.00 Mb Total Physical Memory | 312.79 Mb Available Physical Memory | 30.88% Memory free
1.99 Gb Paging File | 1.27 Gb Available in Paging File | 63.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.77 Gb Total Space | 189.81 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FEE9D1-BCC1-484F-8F8F-000F84FBFA46}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0B6BD721-6F47-4EF3-A6D3-30C6A3A1EB4E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1C822CED-28E0-40B1-B1EA-6DD5B477EC0F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{36AEEED6-06B6-4A2E-9227-957625E7511F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4132BBC4-7002-452A-B572-22219F62CF39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5EC366AA-27E0-4AB1-BC86-B1A256C7CE73}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6B8348F2-15C0-404C-922F-5E5851E6AEA8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{747D73C1-8B6C-4851-ABE3-CDEA2C6A616D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7F6CA6BC-B53F-40E0-A4C1-DEA72F70EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81D71D02-84DD-432A-BC5F-1BA0413DB254}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8248FB61-C9F5-4286-93F8-D7214405C9AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8D4226BA-FBC7-495F-B3FA-B56E595EB88B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B067DE8D-1157-47DE-8076-B8DE3A23BBDD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C3C8D817-8DE8-45B0-B1DB-7AEB8E36B69C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FB450BA2-E5CB-4FC2-8127-9F9F744D548F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9BC34B-6A5C-4A7A-A69F-57284C9E5433}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{5E2696E5-8110-465A-9751-C01DFADB389C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60CBE6D8-A7B1-455E-9992-891EEA9CE70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{61589531-F7BE-48D9-972E-5C2B7600F838}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8E558D33-CAC6-489A-8CB1-18595E7CC09E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8EB7C58E-C073-48CE-9C74-B6D6C943926A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{A7C59FB6-1A5E-4266-8902-27E5DC25EB69}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B059C5B1-3458-4A1E-AAB0-05593ACEE4E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D8B0290F-B9B4-4D17-B352-0133F2A4CA49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8F4474D-ECAA-4CED-9C38-402F3EB0C8B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E27CC4A5-7FB4-4472-B53D-01915B237B18}" = protocol=17 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe | 
"{EE1FA221-88CB-496B-96DC-1BF6B2D86300}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe | 
"{FE6CA35C-0CAB-49BE-8F34-63979161260C}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"{FF048860-50FD-49CC-9514-11CC71026D78}" = protocol=6 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{03F4834E-C91A-4A02-BA50-5B93878B3D0B}" = VAIO Original Function Settings
"{04092C44-FD5D-46EC-BD12-B0D5BCB8E2BD}" = VAIO Content Monitoring Settings
"{045A8E80-A24B-4F16-88B7-20D86C024569}" = VAIO Entertainment Platform
"{05A57A3E-667D-420E-8128-3CC6BE40457D}" = Setup_msm_VCMS_x86
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{10D68787-463C-4133-B15A-F8DF0FC15EE9}" = Setup_VEP_x86_Contain_SSDB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{82092922-A8C9-4CE0-9284-7A20DB7A525D}" = VAIO Content Metadata XML Interface Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{988A2E30-C8BD-45F8-941C-91C70FD774A8}" = Setup_msm_VOFS_x86
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BEE5AFB8-DFC9-479B-A537-C19C6287C6B2}" = VAIO Content Metadata Intelligent Network Service Manager
"{C2F3460B-0C14-4A85-A330-5D1D5028C496}" = HP Photosmart 5510 series Product Improvement Study
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}" = HP Photosmart 5510 series Basic Device Software
"{D409F3A2-97A7-40D5-BCC0-4CCA1775D9A0}" = VAIO Content Metadata Manager Settings
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E716DBB1-DC04-4116-9C6A-5512A9BC2B30}" = VAIO Content Metadata Intelligent Analyzing Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"BFEE6FC237B51D7CD2E0A40D81E188A6ED95001F" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"MarketingTools" = VAIO Marketing Tools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 en-GB)" = Mozilla Firefox 18.0.2 (x86 en-GB)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 08/03/2013 05:28:45 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
 
< End of report >
         
--- --- ---

Alt 08.03.2013, 11:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 13:56   #13
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.08.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Shelagh :: ***** [administrator]

08/03/2013 10:42:44
mbam-log-2013-03-08 (10-42-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200682
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
ESET Log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5429b043ff3e704badbe9c046f285db8
# engine=13333
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-08 12:40:50
# local_time=2013-03-08 12:40:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 98 418750 113408946 0 0
# compatibility_mode=5893 16776574 66 85 45098875 115212841 0 0
# scanned=103179
# found=1
# cleaned=0
# scan_time=6355
sh=59BC6AA62550C0FD0C665EB5668B3FAAD1C651CD ft=1 fh=054e139dd247fdbf vn="a variant of Win32/Kryptik.AVUC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Shelagh\AppData\Roaming\midimapn.dll.vir"
         

Alt 08.03.2013, 15:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 15:09   #15
dabeast
 
Ihavenet Virus Entfernung - Standard

Ihavenet Virus Entfernung



Danke fuer deine Tips und deine Hilfe, zumindestens treten die staendigen Umleitungen nicht mehr auf - also ok.

zu
Zitat:
In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
die sollte ich dementsprechend auch nicht loeschen?

Antwort

Themen zu Ihavenet Virus Entfernung
autorun, bho, bingbar, browserprotect.dll, delta chrome toolbar, delta toolbar, desktop, down, entfernen, error, excel, failed, firefox, flash player, home, install.exe, logfile, msiinstaller, object, problem, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, taskhost.exe, virus, visual studio, windows



Ähnliche Themen: Ihavenet Virus Entfernung


  1. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  2. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  3. ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  4. Ihavenet.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (30)
  5. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (13)
  6. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (3)
  7. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (13)
  8. ihavenet virus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (3)
  9. ihavenet Virus
    Log-Analyse und Auswertung - 01.12.2012 (13)
  10. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  11. Ihavenet.com - Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  12. ihavenet - Virus
    Log-Analyse und Auswertung - 03.11.2012 (20)
  13. ihavenet.com virus auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  14. ihavenet virus
    Log-Analyse und Auswertung - 07.10.2012 (1)
  15. ihavenet- virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (13)
  16. Ihavenet.com Virus
    Log-Analyse und Auswertung - 13.09.2012 (12)
  17. ihavenet-virus.. help
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)

Zum Thema Ihavenet Virus Entfernung - Problem sicher wie bei vielen anderen auch staendige Umleitungen. Bin fuer jede Hilfe beim Entfernen dankbar. Hier die Reports aus OTL: OTL: OTL logfile created on: 07/03/2013 11:20:32 - Run - Ihavenet Virus Entfernung...
Archiv
Du betrachtest: Ihavenet Virus Entfernung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.