| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ihavenet Virus EntfernungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
07.03.2013, 13:40
| #1 |
| |  Ihavenet Virus Entfernung Problem sicher wie bei vielen anderen auch staendige Umleitungen. Bin fuer jede Hilfe beim Entfernen dankbar. Hier die Reports aus OTL: OTL: OTL logfile created on: 07/03/2013 11:20:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.00 Mb Total Physical Memory | 322.80 Mb Available Physical Memory | 31.87% Memory free 1.99 Gb Paging File | 0.92 Gb Available in Paging File | 46.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225.77 Gb Total Space | 190.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS Drive D: | 243.24 Mb Total Space | 241.59 Mb Free Space | 99.32% Space Free | Partition Type: FAT Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation) PRC - C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\Admload.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) PRC - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (HPSLPSVC) -- C:\Users\Shelagh\AppData\Local\Temp\7zS51AB\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys (Symantec Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0604010.00E\symnets.sys (Symantec Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys (Symantec Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=a0fe223f00000000000090fba6ffbc63 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{5DAD095A-7592-4209-A115-4C33A10B6FEB}: "URL" = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms} IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{865958B6-E7DB-4888-A7F5-DC596EF617E8}: "URL" = hxxp://uk.shopping.com/?linkin_id=8056359 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{8EE97BFC-04D8-4BB9-A720-52D223677C11}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63" FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.12.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..keyword.URL: "hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/28 09:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/03/07 09:17:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/03 21:03:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/07 11:10:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions [2011/06/03 21:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/03/07 11:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions [2013/03/07 11:09:36 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions\ffxtlbr@delta.com [2013/03/07 11:09:43 | 000,001,294 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\delta.xml [2011/06/03 21:00:35 | 000,002,471 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\safesearch.xml [2013/02/06 11:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/02/06 11:10:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/03/07 09:17:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN [2013/02/06 11:10:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/02 20:03:22 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2013/03/07 11:08:41 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/08/30 17:24:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/02 20:03:22 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/01/02 20:03:22 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/10/24 18:15:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2013/01/02 20:03:22 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [MJPZ] C:\Users\Shelagh\AppData\Roaming\midimapn.dll () O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [awde7zip23090] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58833387-8861-4805-8F58-51C3DBDB8960}: DhcpNameServer = 172.16.16.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0B2680D-B882-4B00-A942-E2C3A5FBAB7D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/07 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/03/07 11:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013/03/07 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/03/07 11:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013/03/07 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/03/07 11:09:06 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\BabSolution [2013/03/07 11:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/03/07 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Roaming\Babylon [2013/02/24 17:43:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/24 17:43:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/24 17:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/24 17:43:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/24 17:43:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/24 17:43:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/24 17:43:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/24 17:43:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/24 16:10:32 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/24 16:10:11 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/24 16:10:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/24 16:10:07 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/24 16:09:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/06 11:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/07 11:21:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/07 11:17:16 | 000,628,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/07 11:17:16 | 000,110,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/07 11:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/03/07 09:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/07 09:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/07 09:15:40 | 000,001,950 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk [2013/03/07 09:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/07 09:15:03 | 796,655,616 | -HS- | M] () -- C:\hiberfil.sys [2013/03/03 18:22:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/03/03 18:22:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/03/03 17:23:46 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/03 17:21:32 | 001,669,357 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\Cat.DB [2013/02/10 10:37:33 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/10 10:36:05 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\VT20130115.021 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/02 17:21:18 | 000,118,784 | RHS- | C] () -- C:\Users\Shelagh\AppData\Roaming\midimapn.dll [2012/03/09 18:32:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/06/03 20:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/29 03:48:37 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/03/07 11:09:10 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\BabSolution [2013/03/07 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\Babylon [2011/06/03 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\Thunderbird [2012/10/04 07:22:56 | 000,000,000 | ---D | M] -- C:\Users\Shelagh\AppData\Roaming\TomTom ========== Purity Check ========== < End of report > und Extras: OTL Extras logfile created on: 07/03/2013 11:20:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.00 Mb Total Physical Memory | 322.80 Mb Available Physical Memory | 31.87% Memory free 1.99 Gb Paging File | 0.92 Gb Available in Paging File | 46.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225.77 Gb Total Space | 190.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS Drive D: | 243.24 Mb Total Space | 241.59 Mb Free Space | 99.32% Space Free | Partition Type: FAT Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06FEE9D1-BCC1-484F-8F8F-000F84FBFA46}" = lport=2869 | protocol=6 | dir=in | app=system | "{0B6BD721-6F47-4EF3-A6D3-30C6A3A1EB4E}" = lport=137 | protocol=17 | dir=in | app=system | "{1C822CED-28E0-40B1-B1EA-6DD5B477EC0F}" = rport=139 | protocol=6 | dir=out | app=system | "{36AEEED6-06B6-4A2E-9227-957625E7511F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4132BBC4-7002-452A-B572-22219F62CF39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5EC366AA-27E0-4AB1-BC86-B1A256C7CE73}" = rport=137 | protocol=17 | dir=out | app=system | "{6B8348F2-15C0-404C-922F-5E5851E6AEA8}" = lport=139 | protocol=6 | dir=in | app=system | "{747D73C1-8B6C-4851-ABE3-CDEA2C6A616D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7F6CA6BC-B53F-40E0-A4C1-DEA72F70EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81D71D02-84DD-432A-BC5F-1BA0413DB254}" = rport=138 | protocol=17 | dir=out | app=system | "{8248FB61-C9F5-4286-93F8-D7214405C9AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{8D4226BA-FBC7-495F-B3FA-B56E595EB88B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B067DE8D-1157-47DE-8076-B8DE3A23BBDD}" = lport=445 | protocol=6 | dir=in | app=system | "{C3C8D817-8DE8-45B0-B1DB-7AEB8E36B69C}" = lport=138 | protocol=17 | dir=in | app=system | "{FB450BA2-E5CB-4FC2-8127-9F9F744D548F}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C9BC34B-6A5C-4A7A-A69F-57284C9E5433}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | "{5E2696E5-8110-465A-9751-C01DFADB389C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{60CBE6D8-A7B1-455E-9992-891EEA9CE70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{61589531-F7BE-48D9-972E-5C2B7600F838}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8E558D33-CAC6-489A-8CB1-18595E7CC09E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8EB7C58E-C073-48CE-9C74-B6D6C943926A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | "{A7C59FB6-1A5E-4266-8902-27E5DC25EB69}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B059C5B1-3458-4A1E-AAB0-05593ACEE4E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{D8B0290F-B9B4-4D17-B352-0133F2A4CA49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D8F4474D-ECAA-4CED-9C38-402F3EB0C8B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E27CC4A5-7FB4-4472-B53D-01915B237B18}" = protocol=17 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe | "{EE1FA221-88CB-496B-96DC-1BF6B2D86300}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe | "{FE6CA35C-0CAB-49BE-8F34-63979161260C}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | "{FF048860-50FD-49CC-9514-11CC71026D78}" = protocol=6 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{03F4834E-C91A-4A02-BA50-5B93878B3D0B}" = VAIO Original Function Settings "{04092C44-FD5D-46EC-BD12-B0D5BCB8E2BD}" = VAIO Content Monitoring Settings "{045A8E80-A24B-4F16-88B7-20D86C024569}" = VAIO Entertainment Platform "{05A57A3E-667D-420E-8128-3CC6BE40457D}" = Setup_msm_VCMS_x86 "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{10D68787-463C-4133-B15A-F8DF0FC15EE9}" = Setup_VEP_x86_Contain_SSDB "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management "{82092922-A8C9-4CE0-9284-7A20DB7A525D}" = VAIO Content Metadata XML Interface Library "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{988A2E30-C8BD-45F8-941C-91C70FD774A8}" = Setup_msm_VOFS_x86 "{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{BEE5AFB8-DFC9-479B-A537-C19C6287C6B2}" = VAIO Content Metadata Intelligent Network Service Manager "{C2F3460B-0C14-4A85-A330-5D1D5028C496}" = HP Photosmart 5510 series Product Improvement Study "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}" = HP Photosmart 5510 series Basic Device Software "{D409F3A2-97A7-40D5-BCC0-4CCA1775D9A0}" = VAIO Content Metadata Manager Settings "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E716DBB1-DC04-4116-9C6A-5512A9BC2B30}" = VAIO Content Metadata Intelligent Analyzing Manager "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "BFEE6FC237B51D7CD2E0A40D81E188A6ED95001F" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "EPSON Scanner" = EPSON Scan "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Photo Creations" = HP Photo Creations "MarketingTools" = VAIO Marketing Tools "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 18.0.2 (x86 en-GB)" = Mozilla Firefox 18.0.2 (x86 en-GB) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360" = Norton 360 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners "WinLiveSuite_Wave3" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09/03/2012 15:38:09 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 8d8 Start Time: 01ccfe2b0f44f615 Termination Time: 23 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 09/03/2012 15:38:31 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13b0 Start Time: 01ccfe28e260f99c Termination Time: 66 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 09/03/2012 15:55:46 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 710 Start Time: 01ccfe2d94ae2bbe Termination Time: 24 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 09/03/2012 16:27:31 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b30 Start Time: 01ccfe32792c72fa Termination Time: 16 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 09/03/2012 16:27:48 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1628 Start Time: 01ccfe3128d94507 Termination Time: 16 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 09/03/2012 16:34:34 | Computer Name = Shelagh-VAIO | Source = Application Hang | ID = 1002 Description = The program DeviceSetup.exe version 25.0.621.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1108 Start Time: 01ccfe33896d7763 Termination Time: 47 Application Path: C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe Report Id: Error - 13/05/2012 16:08:20 | Computer Name = Shelagh-VAIO | Source = MsiInstaller | ID = 11921 Description = Error - 13/05/2012 16:12:32 | Computer Name = Shelagh-VAIO | Source = MsiInstaller | ID = 1023 Description = Error - 18/11/2012 15:59:10 | Computer Name = Shelagh-VAIO | Source = VSS | ID = 8194 Description = Error - 30/12/2012 05:49:23 | Computer Name = Shelagh-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Application or service 'VUAgent' could not be restarted. [ System Events ] Error - 20/01/2013 13:18:27 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 20/01/2013 14:13:45 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7043 Description = The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. Error - 20/01/2013 14:16:50 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 22/01/2013 13:14:37 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 24/01/2013 14:43:55 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 26/01/2013 13:16:44 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 29/01/2013 12:52:13 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 29/01/2013 15:50:18 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 02/02/2013 11:35:37 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 02/02/2013 12:31:10 | Computer Name = Shelagh-VAIO | Source = DCOM | ID = 10010 Description = < End of report > |
|
07.03.2013, 13:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ihavenet Virus Entfernung Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.03.2013, 14:10
| #3 |
| | Ihavenet Virus Entfernung Sorry wegen meiner Unfaehigkeit - werd mich bessern. Weitere Logs hab ich erstmal keine, Norton 360 ist installiert, habe aber keine Log Datei gefunden
__________________ |
|
07.03.2013, 14:18
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus EntfernungZitat:
 Ich hab dir doch keine Unfähigkeit vorgeworfen  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.03.2013, 16:07
| #5 |
| | Ihavenet Virus Entfernung Danke fuer eure Hilfe, das war auch nicht boes gemeint hier die Logs aus GMER und MBAR, hoffentlich klappts jetzt: GMER Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-07 14:25:05
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232.89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Shelagh\AppData\Local\Temp\uwtiikob.sys
---- System - GMER 2.1 ----
SSDT 85069FD0 ZwAlertResumeThread
SSDT 84B05388 ZwAlertThread
SSDT 84916768 ZwAllocateVirtualMemory
SSDT 8489A318 ZwAlpcConnectPort
SSDT 85069798 ZwAssignProcessToJobObject
SSDT 85069D40 ZwCreateMutant
SSDT 850694B8 ZwCreateSymbolicLinkObject
SSDT 8493A418 ZwCreateThread
SSDT 850695A8 ZwCreateThreadEx
SSDT 85069878 ZwDebugActiveProcess
SSDT 847E5808 ZwDuplicateObject
SSDT 84916520 ZwFreeVirtualMemory
SSDT 85069E30 ZwImpersonateAnonymousToken
SSDT 85069F10 ZwImpersonateThread
SSDT 84895498 ZwLoadDriver
SSDT 84B05998 ZwMapViewOfSection
SSDT 85069C60 ZwOpenEvent
SSDT 8493A328 ZwOpenProcess
SSDT 847E5728 ZwOpenProcessToken
SSDT 85069AA0 ZwOpenSection
SSDT 8493AAA8 ZwOpenThread
SSDT 850696A8 ZwProtectVirtualMemory
SSDT 84B05468 ZwResumeThread
SSDT 84B05708 ZwSetContextThread
SSDT 84B057E8 ZwSetInformationProcess
SSDT 85069958 ZwSetSystemInformation
SSDT 85069B80 ZwSuspendProcess
SSDT 84B05548 ZwSuspendThread
SSDT 84A378A8 ZwTerminateProcess
SSDT 84B05628 ZwTerminateThread
SSDT 84B058D8 ZwUnmapViewOfSection
SSDT 84916610 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C529E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8C1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 81C931F0 8 Bytes [D0, 9F, 06, 85, 88, 53, B0, ...] {RCR BYTE [EDI+0x53888506], 0x1; MOV AL, 0x84}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81C93208 4 Bytes [68, 67, 91, 84]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 81C93214 4 Bytes [18, A3, 89, 84]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81C93268 4 Bytes [98, 97, 06, 85]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 81C932E4 4 Bytes [40, 9D, 06, 85]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[7488] USER32.dll!DialogBoxParamW 769C3B9B 5 Bytes JMP 5C8044C0 C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
.text C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe[8372] USER32.dll!DialogBoxParamW 769C3B9B 5 Bytes JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\schtasks.exe[8624] USER32.dll!DialogBoxParamW 769C3B9B 5 Bytes JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\conhost.exe[8916] USER32.dll!DialogBoxParamW 769C3B9B 5 Bytes JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\taskeng.exe[9148] USER32.dll!DialogBoxParamW 769C3B9B 5 Bytes JMP 5C8044C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ae4f5f5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313e06b06
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbbba882
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ae4f5f5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313e06b06 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbbba882 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Database version: v2013.03.07.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]
07/03/2013 14:56:28
mbar-log-2013-03-07 (14-56-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27932
Time elapsed: 18 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Gruss |
|
07.03.2013, 16:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Entfernung aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Ihavenet Virus Entfernung |
|
07.03.2013, 17:10
| #7 |
| | Ihavenet Virus Entfernung hier die Logs aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-07 15:34:26
-----------------------------
15:34:26.351 OS Version: Windows 6.1.7601 Service Pack 1
15:34:26.351 Number of processors: 2 586 0x1C0A
15:34:26.351 ComputerName: ***** UserName: *****
15:34:27.599 Initialize success
15:35:48.717 AVAST engine defs: 13030700
15:36:01.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:36:01.087 Disk 0 Vendor: WDC_WD2500BEVT-22A23T0 01.01A01 Size: 238475MB BusType: 3
15:36:01.119 Disk 0 MBR read successfully
15:36:01.119 Disk 0 MBR scan
15:36:01.150 Disk 0 Windows 7 default MBR code
15:36:01.165 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7184 MB offset 2048
15:36:01.197 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 14714880
15:36:01.228 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231189 MB offset 14919680
15:36:01.243 Disk 0 scanning sectors +488395120
15:36:01.384 Disk 0 scanning C:\Windows\system32\drivers
15:36:21.898 Service scanning
15:37:18.526 Modules scanning
15:37:40.850 Disk 0 trace - called modules:
15:37:40.896 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:37:40.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84517030]
15:37:40.912 3 CLASSPNP.SYS[86bb359e] -> nt!IofCallDriver -> [0x84431148]
15:37:40.928 5 ACPI.sys[864ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84434610]
15:37:42.004 AVAST engine scan C:\Windows
15:37:45.888 AVAST engine scan C:\Windows\system32
15:43:10.868 AVAST engine scan C:\Windows\system32\drivers
15:43:37.201 AVAST engine scan C:\Users\Shelagh
15:44:43.922 File: C:\Users\Shelagh\AppData\Roaming\midimapn.dll **INFECTED** Win32:Malware-gen
15:45:23.687 AVAST engine scan C:\ProgramData
15:47:45.085 Scan finished successfully
15:56:15.316 Disk 0 MBR has been saved successfully to "C:\Users\Shelagh\Desktop\MBR.dat"
15:56:15.331 The log file has been saved successfully to "C:\Users\Shelagh\Desktop\aswMBR.txt"
Code:
ATTFilter 15:57:03.0572 6740 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:57:03.0852 6740 ============================================================
15:57:03.0852 6740 Current date / time: 2013/03/07 15:57:03.0852
15:57:03.0852 6740 SystemInfo:
15:57:03.0852 6740
15:57:03.0852 6740 OS Version: 6.1.7601 ServicePack: 1.0
15:57:03.0852 6740 Product type: Workstation
15:57:03.0852 6740 ComputerName: *****
15:57:03.0852 6740 UserName: *****
15:57:03.0868 6740 Windows directory: C:\Windows
15:57:03.0868 6740 System windows directory: C:\Windows
15:57:03.0868 6740 Processor architecture: Intel x86
15:57:03.0868 6740 Number of processors: 2
15:57:03.0868 6740 Page size: 0x1000
15:57:03.0868 6740 Boot type: Normal boot
15:57:03.0868 6740 ============================================================
15:57:07.0331 6740 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:57:07.0331 6740 ============================================================
15:57:07.0331 6740 \Device\Harddisk0\DR0:
15:57:07.0331 6740 MBR partitions:
15:57:07.0331 6740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE08800, BlocksNum 0x32000
15:57:07.0331 6740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE3A800, BlocksNum 0x1C38A970
15:57:07.0331 6740 ============================================================
15:57:07.0378 6740 C: <-> \Device\Harddisk0\DR0\Partition2
15:57:07.0425 6740 ============================================================
15:57:07.0425 6740 Initialize success
15:57:07.0425 6740 ============================================================
15:57:29.0515 6920 ============================================================
15:57:29.0515 6920 Scan started
15:57:29.0515 6920 Mode: Manual; SigCheck; TDLFS;
15:57:29.0515 6920 ============================================================
15:57:30.0045 6920 ================ Scan system memory ========================
15:57:30.0045 6920 System memory - ok
15:57:30.0045 6920 ================ Scan services =============================
15:57:30.0295 6920 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:57:30.0591 6920 1394ohci - ok
15:57:30.0872 6920 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:57:30.0950 6920 ACDaemon - ok
15:57:31.0090 6920 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:57:31.0168 6920 ACPI - ok
15:57:31.0277 6920 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:57:31.0480 6920 AcpiPmi - ok
15:57:31.0683 6920 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:57:31.0761 6920 AdobeFlashPlayerUpdateSvc - ok
15:57:31.0901 6920 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:57:32.0011 6920 adp94xx - ok
15:57:32.0120 6920 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:57:32.0198 6920 adpahci - ok
15:57:32.0291 6920 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:57:32.0401 6920 adpu320 - ok
15:57:32.0447 6920 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:57:32.0681 6920 AeLookupSvc - ok
15:57:32.0791 6920 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:57:32.0978 6920 AFD - ok
15:57:33.0056 6920 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:57:33.0118 6920 agp440 - ok
15:57:33.0243 6920 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:57:33.0305 6920 aic78xx - ok
15:57:33.0461 6920 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:57:33.0680 6920 ALG - ok
15:57:33.0773 6920 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:57:33.0836 6920 aliide - ok
15:57:33.0898 6920 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:57:33.0976 6920 amdagp - ok
15:57:34.0023 6920 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:57:34.0117 6920 amdide - ok
15:57:34.0273 6920 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:57:34.0429 6920 AmdK8 - ok
15:57:34.0538 6920 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:57:34.0709 6920 AmdPPM - ok
15:57:34.0819 6920 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:57:34.0897 6920 amdsata - ok
15:57:34.0975 6920 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:57:35.0068 6920 amdsbs - ok
15:57:35.0131 6920 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:57:35.0224 6920 amdxata - ok
15:57:35.0365 6920 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:57:35.0739 6920 AppID - ok
15:57:35.0864 6920 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:57:36.0051 6920 AppIDSvc - ok
15:57:36.0191 6920 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:57:36.0347 6920 Appinfo - ok
15:57:36.0503 6920 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
15:57:36.0628 6920 arc - ok
15:57:36.0722 6920 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:57:36.0831 6920 arcsas - ok
15:57:36.0925 6920 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:37.0127 6920 AsyncMac - ok
15:57:37.0205 6920 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:57:37.0268 6920 atapi - ok
15:57:37.0439 6920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:57:37.0564 6920 AudioEndpointBuilder - ok
15:57:37.0595 6920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:57:37.0673 6920 Audiosrv - ok
15:57:37.0736 6920 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:57:37.0861 6920 AxInstSV - ok
15:57:37.0923 6920 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
15:57:38.0001 6920 b06bdrv - ok
15:57:38.0048 6920 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:57:38.0126 6920 b57nd60x - ok
15:57:38.0251 6920 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:57:38.0329 6920 BBSvc - ok
15:57:38.0391 6920 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:57:38.0438 6920 BBUpdate - ok
15:57:38.0531 6920 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:57:38.0641 6920 BDESVC - ok
15:57:38.0687 6920 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:57:38.0812 6920 Beep - ok
15:57:38.0890 6920 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:57:38.0999 6920 BFE - ok
15:57:39.0218 6920 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
15:57:39.0311 6920 BHDrvx86 - ok
15:57:39.0389 6920 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:57:39.0514 6920 BITS - ok
15:57:39.0577 6920 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:57:39.0670 6920 blbdrive - ok
15:57:39.0733 6920 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:57:39.0795 6920 bowser - ok
15:57:39.0811 6920 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:57:39.0920 6920 BrFiltLo - ok
15:57:39.0951 6920 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:57:40.0013 6920 BrFiltUp - ok
15:57:40.0060 6920 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:57:40.0154 6920 Browser - ok
15:57:40.0294 6920 [ FA127AC8BDF668903543D29C96B31632 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
15:57:40.0466 6920 BrowserProtect - ok
15:57:40.0528 6920 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:57:40.0622 6920 Brserid - ok
15:57:40.0653 6920 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:57:40.0747 6920 BrSerWdm - ok
15:57:40.0778 6920 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:57:40.0840 6920 BrUsbMdm - ok
15:57:40.0887 6920 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:57:40.0949 6920 BrUsbSer - ok
15:57:41.0012 6920 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:57:41.0230 6920 BthEnum - ok
15:57:41.0261 6920 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:57:41.0324 6920 BTHMODEM - ok
15:57:41.0371 6920 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:57:41.0433 6920 BthPan - ok
15:57:41.0495 6920 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:57:41.0605 6920 BTHPORT - ok
15:57:41.0667 6920 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:57:41.0807 6920 bthserv - ok
15:57:41.0870 6920 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:57:41.0932 6920 BTHUSB - ok
15:57:41.0995 6920 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
15:57:42.0041 6920 btusbflt - ok
15:57:42.0088 6920 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:57:42.0135 6920 btwaudio - ok
15:57:42.0182 6920 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:57:42.0213 6920 btwavdt - ok
15:57:42.0307 6920 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:57:42.0369 6920 btwdins - ok
15:57:42.0431 6920 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:57:42.0478 6920 btwl2cap - ok
15:57:42.0509 6920 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:57:42.0556 6920 btwrchid - ok
15:57:42.0634 6920 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys
15:57:42.0712 6920 ccSet_N360 - ok
15:57:42.0759 6920 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:57:42.0868 6920 cdfs - ok
15:57:42.0931 6920 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:57:42.0993 6920 cdrom - ok
15:57:43.0040 6920 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:57:43.0133 6920 CertPropSvc - ok
15:57:43.0165 6920 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
15:57:43.0258 6920 circlass - ok
15:57:43.0289 6920 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:57:43.0367 6920 CLFS - ok
15:57:43.0477 6920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:57:43.0523 6920 clr_optimization_v2.0.50727_32 - ok
15:57:43.0617 6920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:57:43.0695 6920 clr_optimization_v4.0.30319_32 - ok
15:57:43.0742 6920 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:57:43.0804 6920 CmBatt - ok
15:57:43.0835 6920 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:57:43.0898 6920 cmdide - ok
15:57:43.0929 6920 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
15:57:44.0007 6920 CNG - ok
15:57:44.0054 6920 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:57:44.0101 6920 Compbatt - ok
15:57:44.0132 6920 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:57:44.0225 6920 CompositeBus - ok
15:57:44.0272 6920 COMSysApp - ok
15:57:44.0303 6920 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:57:44.0350 6920 crcdisk - ok
15:57:44.0397 6920 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:57:44.0475 6920 CryptSvc - ok
15:57:44.0553 6920 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:57:44.0662 6920 DcomLaunch - ok
15:57:44.0725 6920 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:57:44.0818 6920 defragsvc - ok
15:57:44.0865 6920 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:57:44.0943 6920 DfsC - ok
15:57:45.0005 6920 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:57:45.0115 6920 Dhcp - ok
15:57:45.0177 6920 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:57:45.0286 6920 discache - ok
15:57:45.0317 6920 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
15:57:45.0364 6920 Disk - ok
15:57:45.0411 6920 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:57:45.0520 6920 Dnscache - ok
15:57:45.0583 6920 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:57:45.0676 6920 dot3svc - ok
15:57:45.0707 6920 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:57:45.0817 6920 DPS - ok
15:57:45.0848 6920 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:57:45.0910 6920 drmkaud - ok
15:57:45.0957 6920 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:57:46.0035 6920 DXGKrnl - ok
15:57:46.0066 6920 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:57:46.0191 6920 EapHost - ok
15:57:46.0347 6920 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
15:57:46.0534 6920 ebdrv - ok
15:57:46.0628 6920 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:57:46.0690 6920 eeCtrl - ok
15:57:46.0737 6920 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:57:46.0831 6920 EFS - ok
15:57:46.0893 6920 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:57:46.0971 6920 elxstor - ok
15:57:47.0002 6920 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:57:47.0033 6920 EraserUtilRebootDrv - ok
15:57:47.0080 6920 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:57:47.0143 6920 ErrDev - ok
15:57:47.0221 6920 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:57:47.0314 6920 EventSystem - ok
15:57:47.0361 6920 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:57:47.0455 6920 exfat - ok
15:57:47.0486 6920 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:57:47.0564 6920 fastfat - ok
15:57:47.0642 6920 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:57:47.0751 6920 Fax - ok
15:57:47.0798 6920 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
15:57:47.0860 6920 fdc - ok
15:57:47.0891 6920 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:57:48.0001 6920 fdPHost - ok
15:57:48.0047 6920 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:57:48.0157 6920 FDResPub - ok
15:57:48.0219 6920 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:57:48.0266 6920 FileInfo - ok
15:57:48.0297 6920 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:57:48.0375 6920 Filetrace - ok
15:57:48.0406 6920 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:57:48.0469 6920 flpydisk - ok
15:57:48.0515 6920 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:57:48.0562 6920 FltMgr - ok
15:57:48.0625 6920 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:57:48.0734 6920 FontCache - ok
15:57:48.0812 6920 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:57:48.0843 6920 FontCache3.0.0.0 - ok
15:57:48.0905 6920 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:57:48.0952 6920 FsDepends - ok
15:57:48.0999 6920 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:57:49.0046 6920 Fs_Rec - ok
15:57:49.0108 6920 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:57:49.0171 6920 fvevol - ok
15:57:49.0202 6920 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:57:49.0264 6920 gagp30kx - ok
15:57:49.0311 6920 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:57:49.0436 6920 gpsvc - ok
15:57:49.0483 6920 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:57:49.0545 6920 hcw85cir - ok
15:57:49.0607 6920 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:57:49.0670 6920 HdAudAddService - ok
15:57:49.0701 6920 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:57:49.0779 6920 HDAudBus - ok
15:57:49.0826 6920 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:57:49.0873 6920 HidBatt - ok
15:57:49.0919 6920 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:57:49.0982 6920 HidBth - ok
15:57:50.0029 6920 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:57:50.0107 6920 HidIr - ok
15:57:50.0153 6920 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:57:50.0278 6920 hidserv - ok
15:57:50.0325 6920 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:57:50.0403 6920 HidUsb - ok
15:57:50.0450 6920 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:57:50.0543 6920 hkmsvc - ok
15:57:50.0575 6920 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:57:50.0684 6920 HomeGroupListener - ok
15:57:50.0731 6920 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:57:50.0824 6920 HomeGroupProvider - ok
15:57:50.0887 6920 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:57:50.0933 6920 HpSAMD - ok
15:57:51.0089 6920 [ C3B71A7EE3ADA9E9D1A30133B9D2FC74 ] HPSLPSVC C:\Users\Shelagh\AppData\Local\Temp\7zS51AB\hpslpsvc32.dll
15:57:51.0167 6920 HPSLPSVC - ok
15:57:51.0245 6920 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:57:51.0339 6920 HTTP - ok
15:57:51.0386 6920 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:57:51.0433 6920 hwpolicy - ok
15:57:51.0479 6920 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:57:51.0573 6920 i8042prt - ok
15:57:51.0667 6920 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:57:51.0760 6920 iaStorV - ok
15:57:51.0838 6920 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:57:51.0994 6920 idsvc - ok
15:57:52.0103 6920 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys
15:57:52.0166 6920 IDSVix86 - ok
15:57:52.0400 6920 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:57:52.0665 6920 igfx - ok
15:57:52.0727 6920 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:57:52.0774 6920 iirsp - ok
15:57:52.0837 6920 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:57:52.0961 6920 IKEEXT - ok
15:57:53.0133 6920 [ 0B7E398549ACEC7A6F8BD755C2CE40B5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:57:53.0305 6920 IntcAzAudAddService - ok
15:57:53.0351 6920 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:57:53.0398 6920 intelide - ok
15:57:53.0461 6920 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:57:53.0539 6920 intelppm - ok
15:57:53.0585 6920 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:57:53.0726 6920 IPBusEnum - ok
15:57:53.0757 6920 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:53.0882 6920 IpFilterDriver - ok
15:57:53.0960 6920 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:57:54.0100 6920 iphlpsvc - ok
15:57:54.0131 6920 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:57:54.0209 6920 IPMIDRV - ok
15:57:54.0225 6920 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:57:54.0350 6920 IPNAT - ok
15:57:54.0412 6920 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:57:54.0521 6920 IRENUM - ok
15:57:54.0568 6920 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:57:54.0631 6920 isapnp - ok
15:57:54.0662 6920 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:57:54.0724 6920 iScsiPrt - ok
15:57:54.0787 6920 [ 0A1B5DD3AF49C91B852F23AD747973FB ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:57:54.0833 6920 JMCR - ok
15:57:54.0880 6920 [ 8A06C7A0E701BE6D618571095032DCB9 ] JME C:\Windows\system32\DRIVERS\JME.sys
15:57:54.0911 6920 JME - ok
15:57:54.0958 6920 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:57:55.0005 6920 kbdclass - ok
15:57:55.0067 6920 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:57:55.0130 6920 kbdhid - ok
15:57:55.0161 6920 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:57:55.0208 6920 KeyIso - ok
15:57:55.0255 6920 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:57:55.0301 6920 KSecDD - ok
15:57:55.0333 6920 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:57:55.0395 6920 KSecPkg - ok
15:57:55.0442 6920 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:57:55.0551 6920 KtmRm - ok
15:57:55.0582 6920 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:57:55.0723 6920 LanmanServer - ok
15:57:55.0769 6920 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:55.0863 6920 LanmanWorkstation - ok
15:57:55.0941 6920 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:57:56.0081 6920 lltdio - ok
15:57:56.0113 6920 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:57:56.0237 6920 lltdsvc - ok
15:57:56.0253 6920 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:57:56.0347 6920 lmhosts - ok
15:57:56.0409 6920 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:57:56.0456 6920 LSI_FC - ok
15:57:56.0487 6920 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:57:56.0549 6920 LSI_SAS - ok
15:57:56.0581 6920 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:57:56.0627 6920 LSI_SAS2 - ok
15:57:56.0659 6920 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:57:56.0705 6920 LSI_SCSI - ok
15:57:56.0768 6920 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:57:56.0861 6920 luafv - ok
15:57:56.0908 6920 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
15:57:56.0939 6920 megasas - ok
15:57:56.0986 6920 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:57:57.0033 6920 MegaSR - ok
15:57:57.0095 6920 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:57:57.0220 6920 MMCSS - ok
15:57:57.0267 6920 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:57:57.0376 6920 Modem - ok
15:57:57.0407 6920 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:57:57.0454 6920 monitor - ok
15:57:57.0501 6920 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:57:57.0548 6920 mouclass - ok
15:57:57.0595 6920 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:57:57.0657 6920 mouhid - ok
15:57:57.0704 6920 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:57:57.0751 6920 mountmgr - ok
15:57:57.0844 6920 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:57:57.0907 6920 MozillaMaintenance - ok
15:57:57.0953 6920 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:57:58.0000 6920 mpio - ok
15:57:58.0016 6920 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:57:58.0125 6920 mpsdrv - ok
15:57:58.0172 6920 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:57:58.0312 6920 MpsSvc - ok
15:57:58.0359 6920 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:57:58.0421 6920 MRxDAV - ok
15:57:58.0484 6920 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:58.0577 6920 mrxsmb - ok
15:57:58.0624 6920 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:58.0687 6920 mrxsmb10 - ok
15:57:58.0702 6920 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:58.0780 6920 mrxsmb20 - ok
15:57:58.0827 6920 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:57:58.0874 6920 msahci - ok
15:57:58.0905 6920 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:57:58.0952 6920 msdsm - ok
15:57:58.0999 6920 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:57:59.0061 6920 MSDTC - ok
15:57:59.0139 6920 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:57:59.0217 6920 Msfs - ok
15:57:59.0248 6920 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:57:59.0342 6920 mshidkmdf - ok
15:57:59.0389 6920 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:57:59.0451 6920 msisadrv - ok
15:57:59.0513 6920 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:57:59.0591 6920 MSiSCSI - ok
15:57:59.0607 6920 msiserver - ok
15:57:59.0638 6920 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:57:59.0732 6920 MSKSSRV - ok
15:57:59.0763 6920 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:59.0857 6920 MSPCLOCK - ok
15:57:59.0888 6920 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:57:59.0997 6920 MSPQM - ok
15:58:00.0059 6920 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:58:00.0137 6920 MsRPC - ok
15:58:00.0184 6920 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:58:00.0231 6920 mssmbios - ok
15:58:00.0262 6920 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:58:00.0356 6920 MSTEE - ok
15:58:00.0387 6920 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:58:00.0449 6920 MTConfig - ok
15:58:00.0481 6920 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:58:00.0543 6920 Mup - ok
15:58:00.0715 6920 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
15:58:00.0761 6920 N360 - ok
15:58:00.0808 6920 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:58:00.0917 6920 napagent - ok
15:58:00.0964 6920 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:58:01.0042 6920 NativeWifiP - ok
15:58:01.0136 6920 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVENG.SYS
15:58:01.0198 6920 NAVENG - ok
15:58:01.0261 6920 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130306.035\NAVEX15.SYS
15:58:01.0385 6920 NAVEX15 - ok
15:58:01.0448 6920 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:58:01.0557 6920 NDIS - ok
15:58:01.0619 6920 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:01.0729 6920 NdisCap - ok
15:58:01.0760 6920 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:01.0869 6920 NdisTapi - ok
15:58:01.0916 6920 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:02.0025 6920 Ndisuio - ok
15:58:02.0087 6920 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:02.0165 6920 NdisWan - ok
15:58:02.0197 6920 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:58:02.0290 6920 NDProxy - ok
15:58:02.0353 6920 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:58:02.0509 6920 NetBIOS - ok
15:58:02.0555 6920 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:58:02.0649 6920 NetBT - ok
15:58:02.0665 6920 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:58:02.0727 6920 Netlogon - ok
15:58:02.0789 6920 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:58:02.0883 6920 Netman - ok
15:58:02.0914 6920 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:58:03.0023 6920 netprofm - ok
15:58:03.0086 6920 [ C340A607BA9D7FB82D39B12F0E829BDB ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
15:58:03.0164 6920 netr28 - ok
15:58:03.0211 6920 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:58:03.0242 6920 NetTcpPortSharing - ok
15:58:03.0304 6920 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:58:03.0351 6920 nfrd960 - ok
15:58:03.0398 6920 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:58:03.0460 6920 NlaSvc - ok
15:58:03.0491 6920 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:58:03.0585 6920 Npfs - ok
15:58:03.0616 6920 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:58:03.0710 6920 nsi - ok
15:58:03.0725 6920 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:58:03.0850 6920 nsiproxy - ok
15:58:03.0928 6920 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:58:04.0037 6920 Ntfs - ok
15:58:04.0069 6920 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:58:04.0178 6920 Null - ok
15:58:04.0209 6920 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:58:04.0256 6920 nvraid - ok
15:58:04.0287 6920 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:58:04.0349 6920 nvstor - ok
15:58:04.0365 6920 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:58:04.0412 6920 nv_agp - ok
15:58:04.0459 6920 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:58:04.0521 6920 ohci1394 - ok
15:58:04.0599 6920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:04.0661 6920 ose - ok
15:58:04.0849 6920 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:58:05.0114 6920 osppsvc - ok
15:58:05.0192 6920 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:58:05.0285 6920 p2pimsvc - ok
15:58:05.0332 6920 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:58:05.0441 6920 p2psvc - ok
15:58:05.0488 6920 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
15:58:05.0535 6920 Parport - ok
15:58:05.0582 6920 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:58:05.0644 6920 partmgr - ok
15:58:05.0660 6920 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:58:05.0738 6920 Parvdm - ok
15:58:05.0816 6920 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:58:05.0894 6920 PcaSvc - ok
15:58:05.0956 6920 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:58:06.0034 6920 pci - ok
15:58:06.0081 6920 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:58:06.0159 6920 pciide - ok
15:58:06.0206 6920 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:58:06.0268 6920 pcmcia - ok
15:58:06.0299 6920 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:58:06.0362 6920 pcw - ok
15:58:06.0424 6920 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:58:06.0580 6920 PEAUTH - ok
15:58:06.0814 6920 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:58:07.0001 6920 pla - ok
15:58:07.0048 6920 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:58:07.0126 6920 PlugPlay - ok
15:58:07.0282 6920 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
15:58:07.0376 6920 PMBDeviceInfoProvider - ok
15:58:07.0407 6920 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:58:07.0469 6920 PNRPAutoReg - ok
15:58:07.0532 6920 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:58:07.0594 6920 PNRPsvc - ok
15:58:07.0641 6920 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:58:07.0750 6920 PolicyAgent - ok
15:58:07.0813 6920 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:58:07.0891 6920 Power - ok
15:58:07.0953 6920 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:58:08.0109 6920 PptpMiniport - ok
15:58:08.0125 6920 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
15:58:08.0265 6920 Processor - ok
15:58:08.0390 6920 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:58:08.0468 6920 ProfSvc - ok
15:58:08.0499 6920 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:58:08.0546 6920 ProtectedStorage - ok
15:58:08.0577 6920 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:58:08.0655 6920 Psched - ok
15:58:08.0733 6920 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:58:08.0842 6920 ql2300 - ok
15:58:08.0889 6920 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:58:08.0967 6920 ql40xx - ok
15:58:09.0014 6920 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:58:09.0076 6920 QWAVE - ok
15:58:09.0123 6920 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:58:09.0170 6920 QWAVEdrv - ok
15:58:09.0201 6920 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:58:09.0295 6920 RasAcd - ok
15:58:09.0341 6920 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:09.0451 6920 RasAgileVpn - ok
15:58:09.0513 6920 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:58:09.0607 6920 RasAuto - ok
15:58:09.0638 6920 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:09.0731 6920 Rasl2tp - ok
15:58:09.0794 6920 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:58:09.0887 6920 RasMan - ok
15:58:09.0934 6920 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:10.0028 6920 RasPppoe - ok
15:58:10.0075 6920 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:58:10.0153 6920 RasSstp - ok
15:58:10.0199 6920 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:58:10.0309 6920 rdbss - ok
15:58:10.0324 6920 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:58:10.0371 6920 rdpbus - ok
15:58:10.0402 6920 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:10.0496 6920 RDPCDD - ok
15:58:10.0558 6920 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:58:10.0683 6920 RDPENCDD - ok
15:58:10.0730 6920 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:58:10.0855 6920 RDPREFMP - ok
15:58:10.0933 6920 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:58:11.0042 6920 RdpVideoMiniport - ok
15:58:11.0104 6920 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:58:11.0213 6920 RDPWD - ok
15:58:11.0260 6920 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:58:11.0338 6920 rdyboost - ok
15:58:11.0369 6920 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:58:11.0525 6920 RemoteAccess - ok
15:58:11.0572 6920 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:58:11.0681 6920 RemoteRegistry - ok
15:58:11.0728 6920 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:58:11.0791 6920 RFCOMM - ok
15:58:11.0822 6920 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:58:11.0931 6920 RpcEptMapper - ok
15:58:11.0993 6920 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:58:12.0118 6920 RpcLocator - ok
15:58:12.0181 6920 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:58:12.0274 6920 RpcSs - ok
15:58:12.0305 6920 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:58:12.0430 6920 rspndr - ok
15:58:12.0508 6920 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:58:12.0571 6920 SamSs - ok
15:58:12.0633 6920 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:58:12.0680 6920 sbp2port - ok
15:58:12.0727 6920 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:58:12.0820 6920 SCardSvr - ok
15:58:12.0851 6920 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:58:12.0961 6920 scfilter - ok
15:58:13.0039 6920 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:58:13.0163 6920 Schedule - ok
15:58:13.0210 6920 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:58:13.0304 6920 SCPolicySvc - ok
15:58:13.0351 6920 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:58:13.0429 6920 sdbus - ok
15:58:13.0475 6920 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:58:13.0585 6920 SDRSVC - ok
15:58:13.0647 6920 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:58:13.0741 6920 secdrv - ok
15:58:13.0787 6920 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:58:13.0897 6920 seclogon - ok
15:58:13.0928 6920 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:58:14.0037 6920 SENS - ok
15:58:14.0084 6920 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:58:14.0146 6920 Serenum - ok
15:58:14.0193 6920 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
15:58:14.0302 6920 Serial - ok
15:58:14.0349 6920 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:58:14.0427 6920 sermouse - ok
15:58:14.0489 6920 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:58:14.0599 6920 SessionEnv - ok
15:58:14.0677 6920 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\drivers\SFEP.sys
15:58:14.0770 6920 SFEP - ok
15:58:14.0801 6920 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:58:14.0926 6920 sffdisk - ok
15:58:14.0942 6920 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:58:15.0020 6920 sffp_mmc - ok
15:58:15.0051 6920 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:58:15.0113 6920 sffp_sd - ok
15:58:15.0145 6920 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:58:15.0207 6920 sfloppy - ok
15:58:15.0269 6920 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:58:15.0379 6920 SharedAccess - ok
15:58:15.0425 6920 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:58:15.0519 6920 ShellHWDetection - ok
15:58:15.0550 6920 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:58:15.0597 6920 sisagp - ok
15:58:15.0644 6920 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:58:15.0691 6920 SiSRaid2 - ok
15:58:15.0737 6920 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:58:15.0784 6920 SiSRaid4 - ok
15:58:15.0847 6920 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:58:15.0893 6920 SkypeUpdate - ok
15:58:15.0940 6920 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:58:16.0018 6920 Smb - ok
15:58:16.0096 6920 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:58:16.0159 6920 SNMPTRAP - ok
15:58:16.0283 6920 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:58:16.0330 6920 SOHCImp - ok
15:58:16.0393 6920 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:58:16.0455 6920 SOHDms - ok
15:58:16.0471 6920 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:58:16.0517 6920 SOHDs - ok
15:58:16.0611 6920 [ B91C063FE1D572DFB3FD8C3898E0D0C1 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
15:58:16.0658 6920 SpfService - ok
15:58:16.0705 6920 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:58:16.0751 6920 spldr - ok
15:58:16.0814 6920 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:58:16.0939 6920 Spooler - ok
15:58:17.0063 6920 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:58:17.0282 6920 sppsvc - ok
15:58:17.0329 6920 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:58:17.0438 6920 sppuinotify - ok
15:58:17.0563 6920 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS
15:58:17.0641 6920 SRTSP - ok
15:58:17.0672 6920 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS
15:58:17.0719 6920 SRTSPX - ok
15:58:17.0765 6920 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:58:17.0890 6920 srv - ok
15:58:17.0921 6920 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:58:17.0999 6920 srv2 - ok
15:58:18.0046 6920 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:58:18.0109 6920 srvnet - ok
15:58:18.0171 6920 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:58:18.0265 6920 SSDPSRV - ok
15:58:18.0296 6920 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:58:18.0389 6920 SstpSvc - ok
15:58:18.0436 6920 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:58:18.0530 6920 stexstor - ok
15:58:18.0592 6920 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:58:18.0670 6920 StillCam - ok
15:58:18.0717 6920 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:58:18.0826 6920 StiSvc - ok
15:58:18.0857 6920 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:58:18.0904 6920 swenum - ok
15:58:18.0951 6920 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:58:19.0060 6920 swprv - ok
15:58:19.0123 6920 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0604010.00E\SYMDS.SYS
15:58:19.0185 6920 SymDS - ok
15:58:19.0232 6920 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0604010.00E\SYMEFA.SYS
15:58:19.0294 6920 SymEFA - ok
15:58:19.0341 6920 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
15:58:19.0388 6920 SymEvent - ok
15:58:19.0466 6920 [ 6E3AD51710CB4A27EA70ADF685FCA4CA ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
15:58:19.0497 6920 SymIM - ok
15:58:19.0528 6920 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS
15:58:19.0575 6920 SymIRON - ok
15:58:19.0622 6920 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS
15:58:19.0669 6920 SymNetS - ok
15:58:19.0731 6920 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\drivers\SynTP.sys
15:58:19.0778 6920 SynTP - ok
15:58:19.0856 6920 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:58:19.0981 6920 SysMain - ok
15:58:20.0012 6920 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:58:20.0090 6920 TabletInputService - ok
15:58:20.0137 6920 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:58:20.0246 6920 TapiSrv - ok
15:58:20.0308 6920 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:58:20.0417 6920 TBS - ok
15:58:20.0511 6920 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:58:20.0636 6920 Tcpip - ok
15:58:20.0714 6920 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:58:20.0792 6920 TCPIP6 - ok
15:58:20.0854 6920 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:58:20.0932 6920 tcpipreg - ok
15:58:20.0979 6920 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:58:21.0073 6920 TDPIPE - ok
15:58:21.0104 6920 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:58:21.0151 6920 TDTCP - ok
15:58:21.0197 6920 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:58:21.0291 6920 tdx - ok
15:58:21.0307 6920 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:58:21.0369 6920 TermDD - ok
15:58:21.0416 6920 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:58:21.0587 6920 TermService - ok
15:58:21.0650 6920 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:58:21.0743 6920 Themes - ok
15:58:21.0775 6920 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:58:21.0868 6920 THREADORDER - ok
15:58:21.0977 6920 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:58:22.0040 6920 TomTomHOMEService - ok
15:58:22.0087 6920 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:58:22.0211 6920 TrkWks - ok
15:58:22.0289 6920 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:58:22.0399 6920 TrustedInstaller - ok
15:58:22.0445 6920 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:22.0555 6920 tssecsrv - ok
15:58:22.0601 6920 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:58:22.0679 6920 TsUsbFlt - ok
15:58:22.0742 6920 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:58:22.0835 6920 tunnel - ok
15:58:22.0898 6920 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:58:22.0945 6920 uagp35 - ok
15:58:22.0991 6920 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:58:23.0101 6920 udfs - ok
15:58:23.0147 6920 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:58:23.0225 6920 UI0Detect - ok
15:58:23.0257 6920 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:58:23.0335 6920 uliagpkx - ok
15:58:23.0397 6920 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
15:58:23.0459 6920 umbus - ok
15:58:23.0491 6920 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
15:58:23.0553 6920 UmPass - ok
15:58:23.0600 6920 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:58:23.0740 6920 upnphost - ok
15:58:23.0787 6920 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:23.0849 6920 usbccgp - ok
15:58:23.0896 6920 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:58:23.0943 6920 usbcir - ok
15:58:23.0974 6920 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:58:24.0021 6920 usbehci - ok
15:58:24.0068 6920 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:58:24.0146 6920 usbhub - ok
15:58:24.0177 6920 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:58:24.0239 6920 usbohci - ok
15:58:24.0271 6920 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:58:24.0333 6920 usbprint - ok
15:58:24.0380 6920 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:58:24.0458 6920 usbscan - ok
15:58:24.0489 6920 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:24.0551 6920 USBSTOR - ok
15:58:24.0598 6920 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:24.0645 6920 usbuhci - ok
15:58:24.0692 6920 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:58:24.0754 6920 usbvideo - ok
15:58:24.0801 6920 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:58:24.0879 6920 UxSms - ok
15:58:24.0941 6920 [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:58:24.0988 6920 VAIO Entertainment TV Device Arbitration Service - ok
15:58:25.0035 6920 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
15:58:25.0066 6920 VAIO Event Service - ok
15:58:25.0160 6920 [ 49A7C107D51D5F481F702FE75548CE8F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:58:25.0222 6920 VAIO Power Management - ok
15:58:25.0253 6920 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:58:25.0300 6920 VaultSvc - ok
15:58:25.0378 6920 [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:58:25.0487 6920 VCFw - ok
15:58:25.0597 6920 [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:58:25.0659 6920 VcmIAlzMgr - ok
15:58:25.0753 6920 [ CBB9F0D1017E0BED4CB5BBC0EBF26DC1 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
15:58:25.0815 6920 VcmINSMgr - ok
15:58:25.0862 6920 [ A9AEAA21FC7B30E48A682F43DEB389FC ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
15:58:25.0909 6920 VcmXmlIfHelper - ok
15:58:25.0987 6920 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
15:58:26.0033 6920 VCService - ok
15:58:26.0080 6920 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:58:26.0143 6920 vdrvroot - ok
15:58:26.0205 6920 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:58:26.0314 6920 vds - ok
15:58:26.0361 6920 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:26.0423 6920 vga - ok
15:58:26.0455 6920 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:58:26.0548 6920 VgaSave - ok
15:58:26.0579 6920 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:58:26.0626 6920 vhdmp - ok
15:58:26.0642 6920 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:58:26.0704 6920 viaagp - ok
15:58:26.0735 6920 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:58:26.0798 6920 ViaC7 - ok
15:58:26.0829 6920 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:58:26.0876 6920 viaide - ok
15:58:26.0907 6920 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:58:26.0954 6920 volmgr - ok
15:58:27.0001 6920 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:58:27.0063 6920 volmgrx - ok
15:58:27.0094 6920 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:58:27.0157 6920 volsnap - ok
15:58:27.0235 6920 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:58:27.0281 6920 vsmraid - ok
15:58:27.0359 6920 [ 27C6DE0DC4171DDA8AA8C3A65D08BD3D ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
15:58:27.0406 6920 VSNService ( UnsignedFile.Multi.Generic ) - warning
15:58:27.0406 6920 VSNService - detected UnsignedFile.Multi.Generic (1)
15:58:27.0469 6920 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:58:27.0609 6920 VSS - ok
15:58:27.0796 6920 [ 416F115DC1003BB624D03E019C3D563D ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
15:58:27.0890 6920 VUAgent - ok
15:58:27.0937 6920 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:27.0999 6920 vwifibus - ok
15:58:28.0030 6920 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:28.0093 6920 vwififlt - ok
15:58:28.0155 6920 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:58:28.0249 6920 W32Time - ok
15:58:28.0295 6920 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:58:28.0358 6920 WacomPen - ok
15:58:28.0389 6920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:58:28.0498 6920 WANARP - ok
15:58:28.0514 6920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:58:28.0592 6920 Wanarpv6 - ok
15:58:28.0654 6920 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:58:28.0826 6920 wbengine - ok
15:58:28.0888 6920 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:58:28.0966 6920 WbioSrvc - ok
15:58:29.0013 6920 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:58:29.0075 6920 wcncsvc - ok
15:58:29.0107 6920 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:58:29.0200 6920 WcsPlugInService - ok
15:58:29.0231 6920 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
15:58:29.0278 6920 Wd - ok
15:58:29.0341 6920 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:58:29.0403 6920 Wdf01000 - ok
15:58:29.0450 6920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:58:29.0762 6920 WdiServiceHost - ok
15:58:29.0777 6920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:58:29.0855 6920 WdiSystemHost - ok
15:58:29.0902 6920 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:58:30.0027 6920 WebClient - ok
15:58:30.0074 6920 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:58:30.0230 6920 Wecsvc - ok
15:58:30.0277 6920 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:58:30.0401 6920 wercplsupport - ok
15:58:30.0448 6920 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:58:30.0604 6920 WerSvc - ok
15:58:30.0667 6920 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:30.0791 6920 WfpLwf - ok
15:58:30.0838 6920 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:58:30.0885 6920 WIMMount - ok
15:58:30.0963 6920 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:58:31.0072 6920 WinDefend - ok
15:58:31.0088 6920 WinHttpAutoProxySvc - ok
15:58:31.0166 6920 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:58:31.0259 6920 Winmgmt - ok
15:58:31.0337 6920 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:58:31.0478 6920 WinRM - ok
15:58:31.0571 6920 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:58:31.0665 6920 Wlansvc - ok
15:58:31.0774 6920 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:58:31.0899 6920 wlidsvc - ok
15:58:31.0946 6920 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:58:32.0024 6920 WmiAcpi - ok
15:58:32.0071 6920 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:58:32.0149 6920 wmiApSrv - ok
15:58:32.0227 6920 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:58:32.0336 6920 WMPNetworkSvc - ok
15:58:32.0383 6920 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:58:32.0476 6920 WPCSvc - ok
15:58:32.0523 6920 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:58:32.0648 6920 WPDBusEnum - ok
15:58:32.0695 6920 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:58:32.0773 6920 ws2ifsl - ok
15:58:32.0804 6920 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:58:32.0897 6920 wscsvc - ok
15:58:32.0897 6920 WSearch - ok
15:58:33.0007 6920 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:58:33.0178 6920 wuauserv - ok
15:58:33.0209 6920 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:58:33.0319 6920 WudfPf - ok
15:58:33.0365 6920 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:33.0443 6920 WUDFRd - ok
15:58:33.0506 6920 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:58:33.0568 6920 wudfsvc - ok
15:58:33.0615 6920 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:58:33.0677 6920 WwanSvc - ok
15:58:33.0740 6920 ================ Scan global ===============================
15:58:33.0771 6920 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:58:33.0818 6920 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:58:33.0849 6920 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:58:33.0880 6920 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:58:33.0943 6920 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:58:33.0958 6920 [Global] - ok
15:58:33.0958 6920 ================ Scan MBR ==================================
15:58:33.0974 6920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:58:34.0395 6920 \Device\Harddisk0\DR0 - ok
15:58:34.0395 6920 ================ Scan VBR ==================================
15:58:34.0411 6920 [ E02D280E5375D469BF85EE559BD1FCC8 ] \Device\Harddisk0\DR0\Partition1
15:58:34.0411 6920 \Device\Harddisk0\DR0\Partition1 - ok
15:58:34.0457 6920 [ 31D29B1ABAA92C8AA9EF601C427EAFEB ] \Device\Harddisk0\DR0\Partition2
15:58:34.0457 6920 \Device\Harddisk0\DR0\Partition2 - ok
15:58:34.0473 6920 ============================================================
15:58:34.0473 6920 Scan finished
15:58:34.0473 6920 ============================================================
15:58:34.0504 6912 Detected object count: 1
15:58:34.0504 6912 Actual detected object count: 1
16:06:15.0228 6912 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:15.0228 6912 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.03.2013, 17:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Entfernung Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2013, 18:06
| #9 |
| | Ihavenet Virus Entfernung Combofix hat nach deaktivieren des Norton 360 immernoch gemeckert, aber den Scan dann ohne zu mucken durchgezogen ComboFix Log: Code:
ATTFilter ComboFix 13-03-07.02 - Shelagh 07/03/2013 16:23:49.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.369 [GMT 0:00]
Running from: c:\users\Shelagh\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shelagh\AppData\Local\Temp\7zS51AB\HPSLPSVC32.DLL
c:\users\Shelagh\AppData\Roaming\midimapn.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
.
.
2013-03-07 14:36 . 2013-03-07 14:36 -------- d-----w- c:\programdata\Malwarebytes
2013-03-07 11:10 . 2013-03-07 11:10 -------- d-----w- c:\programdata\BrowserProtect
2013-03-07 11:09 . 2013-03-07 11:09 -------- d-----w- c:\program files\Delta
2013-03-07 11:09 . 2013-03-07 11:09 -------- d-----w- c:\program files\7-Zip
2013-03-07 11:09 . 2013-03-07 11:09 -------- d-----w- c:\users\Shelagh\AppData\Roaming\BabSolution
2013-03-07 11:08 . 2013-03-07 11:08 -------- d-----w- c:\programdata\Babylon
2013-03-07 11:08 . 2013-03-07 11:08 -------- d-----w- c:\users\Shelagh\AppData\Roaming\Babylon
2013-02-24 17:42 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 16:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-24 16:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-24 16:10 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-24 16:10 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-06 11:15 . 2013-02-10 10:36 -------- d-----w- c:\windows\system32\drivers\N360\0604010.00E
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-03 18:22 . 2012-12-01 07:59 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-03 18:22 . 2011-10-03 14:23 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 22:03 . 2013-02-24 17:43 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 21:58 . 2013-02-24 17:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-04 04:50 . 2013-02-24 16:09 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-24 16:10 2347008 ----a-w- c:\windows\system32\win32k.sys
2012-12-16 14:13 . 2012-12-30 10:08 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-30 10:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-02-06 11:10 . 2013-02-06 11:10 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-23 8120864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1578280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-07-29 26624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
.
c:\users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130306.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 18:23]
.
2013-03-07 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63
FF - prefs.js: keyword.URL - hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q=
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a0fe223f00000000000090fba6ffbc63
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15771
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MJPZ - c:\users\Shelagh\AppData\Roaming\midimapn.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5396)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Smart Network\VSNClient.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Update\VAIOUpdt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\windows\system32\sppsvc.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\program files\Sony\VAIO Care\VCAgent.exe
c:\windows\System32\vds.exe
c:\program files\HP\HP Photosmart 5510d series\bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Completion time: 2013-03-07 16:54:11 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-07 16:54
.
Pre-Run: 204,164,907,008 bytes free
Post-Run: 204,106,612,736 bytes free
.
- - End Of File - - F971898994E7B7E067DBB7C14D71FA32
|
|
08.03.2013, 09:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Entfernung JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 10:52
| #11 |
| | Ihavenet Virus Entfernung JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Starter x86
Ran by Shelagh on 08/03/2013 at 9:08:12.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] browserprotect
Successfully deleted: [Service] browserprotect
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2812557452-3284765411-2812134352-1000\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Failed to delete: [Folder] "C:\ProgramData\application data\browserprotect"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Users\Shelagh\AppData\Roaming\microsoft\windows\start menu\programs\browserprotect"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\user.js
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\extensions\ffxtlbr@delta.com
Successfully deleted the following from C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\prefs.js
user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "a0fe223f00000000000090fba6ffbc63");
user_pref("extensions.delta.instlDay", "15771");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.011:09:39");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("keyword.URL", "hxxp://uk.ask.com/web?&o=15527&l=dis&gct=kwd&qsrc=2869&q=");
Emptied folder: C:\Users\Shelagh\AppData\Roaming\mozilla\firefox\profiles\ok097rd8.default\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/03/2013 at 9:20:36.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Logfile created 03/08/2013 at 09:22:37
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *****
# Boot Mode : Normal
# Running from : C:\Users\Shelagh\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\searchplugins\safesearch.xml
Folder Deleted : C:\ProgramData\BrowserProtect
***** [Registry] *****
Key Deleted : HKCU\Software\a6888cb63eef17
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\a6888cb63eef17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-GB)
File : C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [3126 octets] - [08/03/2013 09:22:37]
########## EOF - C:\AdwCleaner[S1].txt - [3186 octets] ##########
OTL - OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08/03/2013 09:34:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shelagh\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.00 Mb Total Physical Memory | 312.79 Mb Available Physical Memory | 30.88% Memory free 1.99 Gb Paging File | 1.27 Gb Available in Paging File | 63.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225.77 Gb Total Space | 189.81 Gb Free Space | 84.07% Space Free | Partition Type: NTFS Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) PRC - C:\Users\Shelagh\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) PRC - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Shelagh\AppData\Local\Temp\catchme.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130307.033\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130307.033\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130307.001\IDSvix86.sys (Symantec Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0604010.00E\symnets.sys (Symantec Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys (Symantec Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{5DAD095A-7592-4209-A115-4C33A10B6FEB}: "URL" = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms} IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{865958B6-E7DB-4888-A7F5-DC596EF617E8}: "URL" = hxxp://uk.shopping.com/?linkin_id=8056359 IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\SearchScopes\{8EE97BFC-04D8-4BB9-A720-52D223677C11}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search" FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1095.52 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.12.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/28 09:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/03/08 09:30:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/03 21:03:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions [2011/06/03 21:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/04 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/03/08 09:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shelagh\AppData\Roaming\Mozilla\Firefox\Profiles\ok097rd8.default\extensions [2013/02/06 11:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/02/06 11:10:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2013/03/08 09:30:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN [2013/02/06 11:10:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/02 20:03:22 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/08/30 17:24:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/02 20:03:22 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/01/02 20:03:22 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/10/24 18:15:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2013/01/02 20:03:22 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2013/03/07 16:46:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58833387-8861-4805-8F58-51C3DBDB8960}: DhcpNameServer = 172.16.16.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0B2680D-B882-4B00-A942-E2C3A5FBAB7D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/08 09:08:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/08 09:07:49 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/08 09:03:29 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Shelagh\Desktop\JRT.exe [2013/03/07 16:54:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/07 16:46:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/07 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\AppData\Local\temp [2013/03/07 16:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/07 16:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/07 16:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/07 16:17:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/07 16:16:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/07 16:14:01 | 005,037,561 | R--- | C] (Swearware) -- C:\Users\Shelagh\Desktop\ComboFix.exe [2013/03/07 15:28:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shelagh\Desktop\tdsskiller.exe [2013/03/07 15:26:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Shelagh\Desktop\aswMBR.exe [2013/03/07 14:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/07 13:42:17 | 000,000,000 | ---D | C] -- C:\Users\Shelagh\Desktop\mbar [2013/03/07 12:31:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shelagh\Desktop\OTL.exe [2013/03/07 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/03/07 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/02/24 17:43:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/24 17:43:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/24 17:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/24 17:43:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/24 17:43:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/24 17:43:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/24 17:43:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/24 17:43:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/24 16:10:32 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/24 16:10:11 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/24 16:10:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/24 16:10:07 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/24 16:09:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/06 11:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/08 09:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 09:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 09:29:37 | 000,001,950 | ---- | M] () -- C:\Users\Shelagh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk [2013/03/08 09:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/08 09:28:18 | 796,655,616 | -HS- | M] () -- C:\hiberfil.sys [2013/03/08 09:21:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/08 09:05:26 | 000,597,667 | ---- | M] () -- C:\Users\Shelagh\Desktop\adwcleaner.exe [2013/03/08 09:04:10 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Shelagh\Desktop\JRT.exe [2013/03/08 09:01:10 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/03/07 16:46:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/03/07 16:14:18 | 005,037,561 | R--- | M] (Swearware) -- C:\Users\Shelagh\Desktop\ComboFix.exe [2013/03/07 15:56:15 | 000,000,512 | ---- | M] () -- C:\Users\Shelagh\Desktop\MBR.dat [2013/03/07 15:28:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shelagh\Desktop\tdsskiller.exe [2013/03/07 15:27:47 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Shelagh\Desktop\aswMBR.exe [2013/03/07 13:36:54 | 000,377,856 | ---- | M] () -- C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe [2013/03/07 11:17:16 | 000,628,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/07 11:17:16 | 000,110,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/03 18:22:50 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/03/03 18:22:50 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/03/03 17:23:46 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/03 17:21:32 | 001,669,357 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\Cat.DB [2013/02/10 10:37:33 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/10 10:36:05 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604010.00E\VT20130115.021 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/08 09:05:22 | 000,597,667 | ---- | C] () -- C:\Users\Shelagh\Desktop\adwcleaner.exe [2013/03/07 16:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/07 16:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/07 16:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/07 16:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/07 16:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/07 15:56:15 | 000,000,512 | ---- | C] () -- C:\Users\Shelagh\Desktop\MBR.dat [2013/03/07 13:36:36 | 000,377,856 | ---- | C] () -- C:\Users\Shelagh\Desktop\gmer_2.1.19155.exe [2012/03/09 18:32:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/06/03 20:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/29 03:48:37 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL - Extras Log OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08/03/2013 09:34:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shelagh\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.00 Mb Total Physical Memory | 312.79 Mb Available Physical Memory | 30.88% Memory free
1.99 Gb Paging File | 1.27 Gb Available in Paging File | 63.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.77 Gb Total Space | 189.81 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2812557452-3284765411-2812134352-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FEE9D1-BCC1-484F-8F8F-000F84FBFA46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B6BD721-6F47-4EF3-A6D3-30C6A3A1EB4E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C822CED-28E0-40B1-B1EA-6DD5B477EC0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{36AEEED6-06B6-4A2E-9227-957625E7511F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4132BBC4-7002-452A-B572-22219F62CF39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5EC366AA-27E0-4AB1-BC86-B1A256C7CE73}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B8348F2-15C0-404C-922F-5E5851E6AEA8}" = lport=139 | protocol=6 | dir=in | app=system |
"{747D73C1-8B6C-4851-ABE3-CDEA2C6A616D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7F6CA6BC-B53F-40E0-A4C1-DEA72F70EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81D71D02-84DD-432A-BC5F-1BA0413DB254}" = rport=138 | protocol=17 | dir=out | app=system |
"{8248FB61-C9F5-4286-93F8-D7214405C9AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8D4226BA-FBC7-495F-B3FA-B56E595EB88B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B067DE8D-1157-47DE-8076-B8DE3A23BBDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3C8D817-8DE8-45B0-B1DB-7AEB8E36B69C}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB450BA2-E5CB-4FC2-8127-9F9F744D548F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9BC34B-6A5C-4A7A-A69F-57284C9E5433}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{5E2696E5-8110-465A-9751-C01DFADB389C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60CBE6D8-A7B1-455E-9992-891EEA9CE70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{61589531-F7BE-48D9-972E-5C2B7600F838}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8E558D33-CAC6-489A-8CB1-18595E7CC09E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8EB7C58E-C073-48CE-9C74-B6D6C943926A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{A7C59FB6-1A5E-4266-8902-27E5DC25EB69}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B059C5B1-3458-4A1E-AAB0-05593ACEE4E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D8B0290F-B9B4-4D17-B352-0133F2A4CA49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8F4474D-ECAA-4CED-9C38-402F3EB0C8B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E27CC4A5-7FB4-4472-B53D-01915B237B18}" = protocol=17 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe |
"{EE1FA221-88CB-496B-96DC-1BF6B2D86300}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe |
"{FE6CA35C-0CAB-49BE-8F34-63979161260C}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe |
"{FF048860-50FD-49CC-9514-11CC71026D78}" = protocol=6 | dir=in | app=c:\users\shelagh\appdata\local\temp\7zs51ab\hppiw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{03F4834E-C91A-4A02-BA50-5B93878B3D0B}" = VAIO Original Function Settings
"{04092C44-FD5D-46EC-BD12-B0D5BCB8E2BD}" = VAIO Content Monitoring Settings
"{045A8E80-A24B-4F16-88B7-20D86C024569}" = VAIO Entertainment Platform
"{05A57A3E-667D-420E-8128-3CC6BE40457D}" = Setup_msm_VCMS_x86
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{10D68787-463C-4133-B15A-F8DF0FC15EE9}" = Setup_VEP_x86_Contain_SSDB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{82092922-A8C9-4CE0-9284-7A20DB7A525D}" = VAIO Content Metadata XML Interface Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{988A2E30-C8BD-45F8-941C-91C70FD774A8}" = Setup_msm_VOFS_x86
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BEE5AFB8-DFC9-479B-A537-C19C6287C6B2}" = VAIO Content Metadata Intelligent Network Service Manager
"{C2F3460B-0C14-4A85-A330-5D1D5028C496}" = HP Photosmart 5510 series Product Improvement Study
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}" = HP Photosmart 5510 series Basic Device Software
"{D409F3A2-97A7-40D5-BCC0-4CCA1775D9A0}" = VAIO Content Metadata Manager Settings
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E716DBB1-DC04-4116-9C6A-5512A9BC2B30}" = VAIO Content Metadata Intelligent Analyzing Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BFEE6FC237B51D7CD2E0A40D81E188A6ED95001F" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"MarketingTools" = VAIO Marketing Tools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 en-GB)" = Mozilla Firefox 18.0.2 (x86 en-GB)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 08/03/2013 05:28:45 | Computer Name = Shelagh-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
< End of report >
|
|
08.03.2013, 11:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Entfernung Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 13:56
| #13 |
| | Ihavenet Virus Entfernung Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.08.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Shelagh :: ***** [administrator] 08/03/2013 10:42:44 mbam-log-2013-03-08 (10-42-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200682 Time elapsed: 8 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5429b043ff3e704badbe9c046f285db8
# engine=13333
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-08 12:40:50
# local_time=2013-03-08 12:40:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 98 418750 113408946 0 0
# compatibility_mode=5893 16776574 66 85 45098875 115212841 0 0
# scanned=103179
# found=1
# cleaned=0
# scan_time=6355
sh=59BC6AA62550C0FD0C665EB5668B3FAAD1C651CD ft=1 fh=054e139dd247fdbf vn="a variant of Win32/Kryptik.AVUC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Shelagh\AppData\Roaming\midimapn.dll.vir"
|
|
08.03.2013, 15:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Entfernung Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben. Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 15:09
| #15 | |
| | Ihavenet Virus Entfernung Danke fuer deine Tips und deine Hilfe, zumindestens treten die staendigen Umleitungen nicht mehr auf - also ok. zu Zitat:
|
|
| Themen zu Ihavenet Virus Entfernung |
| autorun, bho, bingbar, browserprotect.dll, delta chrome toolbar, delta toolbar, desktop, down, entfernen, error, excel, failed, firefox, flash player, home, install.exe, logfile, msiinstaller, object, plug-in, problem, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, taskhost.exe, virus, visual studio, windows |
Hybrid-Darstellung
